act.ewg.org Open in urlscan Pro
45.60.33.183 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.everyaction.com/k/13969528/145849794/95807201?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-...
Effective URL:
https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-83...
Submission: On January 23 via manual (January 23rd 2020, 1:24:11 pm UTC) from US

Summary HTTP 80 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 27 IPs in 6 countries across 23 domains to perform 80 HTTP transactions. The main IP is 45.60.33.183, located in United States and belongs to INCAPSULA, US. The main domain is act.ewg.org.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on October 5th 2018. Valid for: 2 years.

This is the only time act.ewg.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	45.60.33.183 45.60.33.183	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:ebd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	52.239.157.138 52.239.157.138	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.222.158.236 52.222.158.236	16509 (AMAZON-02) (AMAZON-02)
7	2600:9000:204... 2600:9000:2047:8e00:12:303c:8700:21	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE)
2	216.58.208.34 216.58.208.34	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81b::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
2	147.75.102.231 147.75.102.231	54825 (PACKET) (PACKET)
2	52.222.149.228 52.222.149.228	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	40.114.13.25 40.114.13.25	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	147.75.84.39 147.75.84.39	54825 (PACKET) (PACKET)
6	2606:4700::68... 2606:4700::6810:4da5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.99.128.52 23.99.128.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6810:50a5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.140.6.23 51.140.6.23	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
80	27

12 45.60.33.183 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

click.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
act.ewg.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
advocator.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fastaction.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.everyaction.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ebd (United States)

ASN13335 (CLOUDFLARENET, US)

c.shpg.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.239.157.138 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

nvlupin.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.158.236 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-158-236.fra53.r.cloudfront.net

js.verygoodvault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:2047:8e00:12:303c:8700:21 (United States)

ASN16509 (AMAZON-02, US)

d3rse9xjbp8270.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.231 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress10

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.149.228 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-228.fra53.r.cloudfront.net

d1aqhv4sn5kxtx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.114.13.25 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

profile.ngpvan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.84.39 (Parsippany, United States)

ASN54825 (PACKET, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:4da5 (United States)

ASN13335 (CLOUDFLARENET, US)

www.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.99.128.52 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: waws-prod-dm1-001.cloudapp.net

lightboxapi1.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50a5 (United States)

ASN13335 (CLOUDFLARENET, US)

api1.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.140.6.23 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	google-analytics.com www.google-analytics.com	63 KB
9	cloudfront.net d3rse9xjbp8270.cloudfront.net d1aqhv4sn5kxtx.cloudfront.net	674 KB
7	lightboxcdn.com www.lightboxcdn.com api1.lightboxcdn.com	131 KB
6	ewg.org act.ewg.org	24 KB
5	ngpvan.com profile.ngpvan.com advocator.ngpvan.com fastaction.ngpvan.com secure.ngpvan.com	11 KB
5	windows.net nvlupin.blob.core.windows.net	705 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
4	facebook.net connect.facebook.net	203 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	72 KB
3	googletagmanager.com www.googletagmanager.com	81 KB
3	everyaction.com 1 redirects click.everyaction.com secure.everyaction.com	4 KB
2	visualstudio.com dc.services.visualstudio.com	832 B
2	facebook.com www.facebook.com	382 B
2	google.de www.google.de	220 B
2	google.com 1 redirects www.google.com	927 B
2	twitter.com platform.twitter.com	29 KB
2	bing.com bat.bing.com	7 KB
2	googleadservices.com www.googleadservices.com	11 KB
1	azurewebsites.net lightboxapi1.azurewebsites.net	572 B
1	msecnd.net az416426.vo.msecnd.net	22 KB
1	verygoodvault.com js.verygoodvault.com	24 KB
1	shpg.org c.shpg.org	8 KB
1	googleapis.com ajax.googleapis.com	30 KB
80	23

	Domain	Requested by
15	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com act.ewg.org
7	d3rse9xjbp8270.cloudfront.net	act.ewg.org d3rse9xjbp8270.cloudfront.net www.google-analytics.com
6	www.lightboxcdn.com	act.ewg.org www.lightboxcdn.com
6	act.ewg.org	act.ewg.org
5	nvlupin.blob.core.windows.net	act.ewg.org d3rse9xjbp8270.cloudfront.net
4	connect.facebook.net	act.ewg.org connect.facebook.net
3	www.googletagmanager.com	act.ewg.org d3rse9xjbp8270.cloudfront.net
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	secure.everyaction.com	act.ewg.org az416426.vo.msecnd.net
2	profile.ngpvan.com	d3rse9xjbp8270.cloudfront.net az416426.vo.msecnd.net
2	www.facebook.com	act.ewg.org
2	d1aqhv4sn5kxtx.cloudfront.net	www.googletagmanager.com
2	www.google.de	act.ewg.org
2	www.google.com	1 redirects act.ewg.org
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	stats.g.doubleclick.net	act.ewg.org
2	platform.twitter.com	act.ewg.org platform.twitter.com
2	bat.bing.com	www.googletagmanager.com act.ewg.org
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
1	api1.lightboxcdn.com	az416426.vo.msecnd.net
1	lightboxapi1.azurewebsites.net	www.lightboxcdn.com
1	secure.ngpvan.com	az416426.vo.msecnd.net
1	fastaction.ngpvan.com	d3rse9xjbp8270.cloudfront.net
1	vars.hotjar.com	static.hotjar.com
1	advocator.ngpvan.com	az416426.vo.msecnd.net
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	act.ewg.org
1	az416426.vo.msecnd.net	act.ewg.org
1	js.verygoodvault.com	act.ewg.org
1	c.shpg.org	act.ewg.org
1	ajax.googleapis.com	act.ewg.org
1	click.everyaction.com	1 redirects
80	32

This site contains links to these domains. Also see Links.

Domain
fastaction.ngpvan.com

Subject Issuer	Validity	Valid
act.ewg.org COMODO RSA Domain Validation Secure Server CA	`2018-10-05` - `2020-10-04`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-20` - `2020-03-13`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
*.blob.core.windows.net Microsoft IT TLS CA 5	`2019-05-22` - `2021-05-22`	2 years	crt.sh
*.verygoodvault.com Amazon	`2019-05-15` - `2020-06-15`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-20` - `2020-03-13`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-12-20` - `2020-03-13`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2018-03-30` - `2020-03-30`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-12-06` - `2020-03-05`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-12-20` - `2020-03-13`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-07` - `2020-03-31`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-12-20` - `2020-03-13`	3 months	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
*.ngpvan.com RapidSSL RSA CA 2018	`2018-02-08` - `2021-02-07`	3 years	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
ssl516460.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-24` - `2020-03-01`	6 months	crt.sh
*.everyaction.com Sectigo RSA Domain Validation Secure Server CA	`2019-02-19` - `2021-02-18`	2 years	crt.sh
*.azurewebsites.net Microsoft IT TLS CA 5	`2019-09-24` - `2021-09-24`	2 years	crt.sh
dc.services.visualstudio.com Microsoft IT TLS CA 5	`2019-11-18` - `2021-11-18`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Frame ID: E134FFC971188E25DC81B753D9724AAB
Requests: 77 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Fact.ewg.org
Frame ID: 9D4C9FD86F58EC024E7E7B14B27DAF7B
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: F143F84DD020F68E3126C0C64E49FD15
Requests: 1 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/lightbox.js?mb=1579785833791&lv=1
Frame ID: F086240068FFD89A619A702BFD1F682F
Requests: 2 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/lclst/a3241e66-5c6a-4d48-8161-225ef2c02084/ls.html?purl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&vid=a3241e66-5c6a-4d48-8161-225ef2c02084&se=0&prev=0&cb=637153339892721806
Frame ID: D9BF516F21277D86032BAFD5B3BA1A19
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://click.everyaction.com/k/13969528/145849794/95807201?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi... HTTP 302
https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d0... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Lightbox (JavaScript Libraries) Expand

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

80
Requests

100 %
HTTPS

58 %
IPv6

23
Domains

32
Subdomains

27
IPs

6
Countries

2101 kB
Transfer

5929 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://fastaction.ngpvan.com/##whats-this
Title: ?

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid_signup
Title: Sign up with your email address

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/facebook
Title: Facebook

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/twitter
Title: Twitter

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/terms
Title: terms of service

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/privacy
Title: privacy policy.

Search URL Search Domain Scan URL

URL: https://fastaction.ngpvan.com/auth/actionid
Title: Log in with your email address

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.everyaction.com/k/13969528/145849794/95807201?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2Ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2F2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2FpTgkUjhTJuS5u7crnO7C3XHEpDP%2F5g%2B2NYXKnk6fhsy&sourceid=1018599&nvep=ew0KICAiVGVuYW50VXJpIjogIm5ncHZhbjovL3Zhbi9FV0cvRVdHLzEvNzEzODEiLA0KICAiRGlzdHJpYnV0aW9uVW5pcXVlSWQiOiAiMTNkNDUxYjgtODMzOC1lYTExLWExY2MtMjgxODc4NGQwODRmIiwNCiAgIkVtYWlsQWRkcmVzcyI6ICJZSUpEQFBBTUYuT1JHIg0KfQ%3D%3D&hmac=xndL7k63qqt7mvZOvgQiDdlY7v4U5yvErnU6i1biuQY= HTTP 302
https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=aZ4pXs2lCIT-3gPrloyQDw&sscte=1&crd=&gtd=&eitems=ChAIgKWl8QUQrrmG9oCFztggEh0AC7IeZIq9sXrUj4a6LaUQz2ZUgCdKMrRMg14kbg HTTP 302
https://www.google.com/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=aZ4pXs2lCIT-3gPrloyQDw&eitems=ChAIgKWl8QUQrrmG9oCFztggEh0AC7IeZK-dGZpFeuT9SUaeeeAOZoOwmuEH0C4b6w&random=2429756320&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=aZ4pXs2lCIT-3gPrloyQDw&eitems=ChAIgKWl8QUQrrmG9oCFztggEh0AC7IeZK-dGZpFeuT9SUaeeeAOZoOwmuEH0C4b6w&random=2429756320&resp=GooglemKTybQhCsO&ipr=y

80 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set hRkjuUGk6EeGjKkagf9feg2 Show response
act.ewg.org/onlineactions/
Redirect Chain

https://click.everyaction.com/k/13969528/145849794/95807201?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2Ff4X...
https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF...

13 KB
5 KB

517ms
393ms

Document
text/html

45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b4c1752df09525cc41d8de1762ee4312d63e1fdff2b1fa1bd0797164f7fb0909

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: act.ewg.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: TiPMix=37.7374273900583; path=/; HttpOnly; Domain=act.ewg.org; Max-Age=3600 x-ms-routing-name=self; path=/; HttpOnly; Domain=act.ewg.org; Max-Age=3600 visid_incap_1852917=o/m7zNW9SV6z5o1uks0aOGaeKV4AAAAAQUIPAAAAAABIpXvP8mxjqfRAnDu7U6B0; expires=Thu, 21 Jan 2021 14:55:27 GMT; path=/; Domain=.ewg.org nlbi_1852917=BjHBRyFFlwTvS6qFAbumDAAAAAD/7RuAoMrV+s9ynx7xhPcv; path=/; Domain=.ewg.org incap_ses_456_1852917=U8GFGpz/BBH/hUo6UgtUBmeeKV4AAAAARvwE5YaunfMYULMmfCq8kQ==; path=/; Domain=.ewg.org
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Access-Control-Expose-Headers: Request-Context
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Date: Thu, 23 Jan 2020 13:23:50 GMT
X-CDN: Incapsula
Transfer-Encoding: chunked
X-Iinfo: 9-58515860-58515874 NNNN CT(75 154 0) RT(1579785830632 23) q(0 0 2 0) r(4 4) U12

Redirect headers

Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Location: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
Date: Thu, 23 Jan 2020 13:23:50 GMT
Content-Length: 0
Set-Cookie: visid_incap_1392949=cqnBV3mIRnmNY/LPzS98I2aeKV4AAAAAQUIPAAAAAABjjKsRzNe7sS/T+4Eb/9Xq; expires=Thu, 21 Jan 2021 14:55:27 GMT; path=/; Domain=.everyaction.com nlbi_1392949=Roq2KUPOE1ChyalhuiPdvwAAAACDsXxiiYjE4z9dtTUAV/7w; path=/; Domain=.everyaction.com incap_ses_456_1392949=T6gvQ/OklmJ7hUo6UgtUBmaeKV4AAAAAsmgZWjtr+uwQPvBEfkMIzQ==; path=/; Domain=.everyaction.com
X-CDN: Incapsula
X-Iinfo: 0-17716552-17716553 NNNN CT(75 154 0) RT(1579785830138 25) q(0 0 2 2) r(3 3) U11

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 00:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 824790
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Thu, 25 Jan 2018 15:33:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Jan 2021 00:17:22 GMT

GET
H2 200 sp.js Show response
c.shpg.org/278/ 35 KB
8 KB 879ms
833ms Script
text/javascript 2606:4700:20::681a:ebd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.shpg.org/278/sp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ebd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad64e9f436f476fb988197ae48418be1fd5e29d33239ea3d8ed8a21f8f67d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: EXPIRED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
content-encoding: br
cache-control: max-age=1800
cf-ray: 559a15ab2e56650f-FRA

GET
H/1.1 200
OK ga.js Show response
nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ 45 KB
46 KB 487ms
103ms Script
application/x-javascript 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ga.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 23 Jan 2020 13:23:52 GMT
Last-Modified: Mon, 05 Aug 2019 21:46:13 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D719EE5622AE57
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: b7981990-401e-007f-3bf0-d18fca000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 46274

GET
H/1.1 200
OK jquery.mailcheck.min.js Show response
nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ 2 KB
3 KB 484ms
99ms Script
application/x-javascript 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/jquery.mailcheck.min.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b3b360dc7d412894d4772b986c10a6cfdf06ad89a522135fadf757aa7434ed02

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 23 Jan 2020 13:23:51 GMT
Last-Modified: Mon, 05 Aug 2019 21:46:36 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D719EE63CA579A
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: 60109d12-401e-00b8-31f0-d1f30b000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 2041

GET
H/1.1 200
OK script-error Show response
act.ewg.org/js/ 228 B
527 B 18ms
18ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://act.ewg.org/js/script-error?v=GeYv9wZQnND5uIxL5ZRwfSHLeWRBgivVndhzehZsiRA1
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8e56bfbe35470230925fd927d16342b3f18d1bc0751b1405c2c26999440426b0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:51 GMT
Content-Encoding: gzip
Last-Modified: Mon, 01 Jul 2019 15:01:10 GMT
X-CDN: Incapsula
Content-Type: text/javascript; charset=utf-8
X-Iinfo: 9-58515860-0 0CNN RT(1579785830632 590) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=13743439, public
Content-Length: 163
Expires: Tue, 30 Jun 2020 15:01:10 GMT

GET
H/1.1 200
OK EWG_Logo_green.png
nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ 123 KB
123 KB 544ms
158ms Image
image/png 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/EWG_Logo_green.png
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 85112008f74106bf7dc8348c58a5585b6349daa95b0508f818c9482623389958

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 23 Jan 2020 13:23:52 GMT
Last-Modified: Thu, 21 Mar 2019 13:17:40 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D6ADFF984217C0
Content-Type: image/png
Access-Control-Allow-Origin: *
x-ms-request-id: 705594f1-201e-0002-43f0-d11302000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 125671

GET
H/1.1 200
OK email-checker-embed.js Show response
nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ 1 KB
2 KB 482ms
98ms Script
application/x-javascript 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/email-checker-embed.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 09c09240791dd7620b5353be9461a38903e62d4f3a9c877480eb286f312ac87b

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 23 Jan 2020 13:23:52 GMT
Last-Modified: Wed, 07 Aug 2019 21:09:04 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D71B7B7A97FEB6
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: 9bafa8f6-b01e-00e9-4df0-d1edfe000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 1172

GET
H/1.1 200
OK AC2nt8erbFu3svSWxmyTZr1b.js Show response
js.verygoodvault.com/vgs-collect/1/ 76 KB
24 KB 612ms
463ms Script
application/javascript 52.222.158.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.verygoodvault.com/vgs-collect/1/AC2nt8erbFu3svSWxmyTZr1b.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.158.236 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-158-236.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org

Response headers

Date: Fri, 13 Dec 2019 23:21:12 GMT
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA53
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Access-Control-Max-Age: 3000
Connection: keep-alive
Via: 1.1 2f43d3215923fbce97b22ee733b0401f.cloudfront.net (CloudFront)
Last-Modified: Fri, 13 Dec 2019 10:03:51 GMT
Server: AmazonS3
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: GET
x-amz-version-id: MIiZqsZIbmUuLBPCQnATi6p_MgrmaU_3
Access-Control-Allow-Origin: *
Content-Type: application/javascript
X-Amz-Cf-Id: lQ7-pw-DWN5naPVaDrN2PjXy_Quz0oAwV56RvCGMMR2-gszzcs2ZMw==

GET
H2 200 at.js Show response
d3rse9xjbp8270.cloudfront.net/ 799 KB
227 KB 65ms
8ms Script
application/javascript 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: edf32f018df1478fe9e902ec0c5a98c9142373422aafdc7f91d5fbfa3d5d5a3e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org

Response headers

date: Wed, 22 Jan 2020 20:45:11 GMT
content-encoding: gzip
age: 59922
x-cache: Hit from cloudfront
status: 200
content-length: 231322
via: 1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
last-modified: Wed, 08 Jan 2020 18:06:48 GMT
server: AmazonS3
etag: "610208b858bdb3099fbe3ee2596d7966"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: 28XsSwqpCM5jEl-5C6A9h4ZlJyGeipzNpA4SSGHewzVTzAyLKOA5qg==

GET
H/1.1 200
OK base-js.gif
act.ewg.org/Content/images/ 35 B
376 B 17ms
17ms Image
image/gif 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://act.ewg.org/Content/images/base-js.gif
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:52 GMT
Last-Modified: Thu, 16 Jan 2020 00:18:58 GMT
X-CDN: Incapsula
Etag: "045848b2ccd51:0"
Content-Type: image/gif
X-Iinfo: 9-58515860-0 0CNN RT(1579785830632 1395) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=12314, public
Content-Length: 35
Expires: Thu, 23 Jan 2020 16:49:06 GMT

GET
H/1.1 200
OK _Incapsula_Resource Show response
act.ewg.org/ 120 KB
17 KB 22ms
22ms Script
application/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://act.ewg.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=56571061
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 6ed9795e9f6c7d1acff8a03da5d2e13cc411440e1eeb2b8e4f371e8aa1d5963e

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Encoding: gzip
Cache-Control: no-cache
X-Robots-Tag: noindex
Content-Length: 17413
Content-Type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 109 KB
31 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PPNMZJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

56d48644f486f03d18fcc8d9b2467388f89d57d3ffbb5fa85fc9e5b6421d00b7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:52 GMT
content-encoding: br
last-modified: Thu, 23 Jan 2020 12:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 31963
x-xss-protection: 0
expires: Thu, 23 Jan 2020 13:23:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PPNMZJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3020
date: Thu, 23 Jan 2020 12:33:33 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Thu, 23 Jan 2020 14:33:33 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
10 KB 73ms
73ms Script
text/javascript 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PPNMZJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e70adb67bcdec61516ea9e7174456c50effa918e43b3c8663baf1aa762f705de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9920
x-xss-protection: 0
server: cafe
etag: 4870430129932666244
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 29ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PPNMZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:52 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: 63E8E90D4A2B4A36AF8EAE36979D10E8 Ref B: FRAEDGE0317 Ref C: 2020-01-23T13:23:53Z
access-control-allow-origin: *
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 95 KB
22 KB 71ms
17ms Script
application/x-javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (lha/8D4C) /
Resource Hash: 013819105effb1832cbcbcfcc6317b0045170a7f671bd953a21f0847fa1a2e6e

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: gzip
content-md5: 7JhCKwvLjoUoS5N/nN9LRA==
age: 37422
x-cache: HIT
status: 200
content-length: 21636
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2019 21:34:18 GMT
server: ECAcc (lha/8D4C)
etag: 0x8D6EEB48F61B4AC
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f69be224-e01e-0118-2699-d18f24000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400, immutable
x-ms-version: 2009-09-19

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 81 KB
26 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM473M

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a3dea1d3b592fb49de61a61a098e7362552940f5933fb24347349f0471cb0ce

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
last-modified: Thu, 23 Jan 2020 12:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 26401
x-xss-protection: 0
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1243720e85f9f4b01403fb75452182b2924caca75ab794a3f7a6e4967ae78593

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: OCAPI3CSenWwotDPHC84QA==
status: 200
date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
expires: Thu, 23 Jan 2020 13:26:21 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 1779
x-fb-debug: QxygdTQyl05hof7S3Nc52+Olycz+zt5nrymWCIu+bSUasZaZXFtYiGA7Gmo+N1b5DjHhSCjtaArd8Wq37OidWQ==
x-fb-trip-id: 1850256238
x-fb-content-md5: 912ff57a653915d1e06b512746e9c33b
etag: "f40c78399780ce719145e0fb9576b919"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 25ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/418B) /
Resource Hash: 4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:53 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jan 2020 22:50:12 GMT
Server: ECS (fcn/418B)
Age: 385
Etag: "09356930f7674f04e767f5b1203faeb7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28838

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 73 KB
25 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-PMD7D89&t=gtm2&cid=1187302411.1579785833

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

536aed9ab404aa6cb3cc681f51d47179ec9720b32f76969a2cafafe27a8e4311

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25543
x-xss-protection: 0
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
109 B 6ms
6ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=pageview&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEADQ~&jid=679566720&gjid=202884446&cid=1187302411.1579785833&tid=UA-296149-25&_gid=1801368275.1579785833&gtm=2wg181PPNMZJ&cg2=onlineactions&cg3=act.ewg.org&z=1489432360

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390642
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
102 B 19ms
19ms Image
image/gif 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-296149-25&cid=1187302411.1579785833&jid=679566720&gjid=202884446&_gid=1801368275.1579785833&_u=YGBAgEADQ~&z=1390301420

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Thu, 23 Jan 2020 13:23:53 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 197 KB
59 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=9897e3dc727ab4ffd8dac400c3f1c0c7&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bee62654bc85c23818d4d3ca74505c26d8cde5733b8614261f3f772390b9539b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 65QSYJwD0akr0Gkwn9h3pA==
status: 200
date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
expires: Fri, 22 Jan 2021 11:30:02 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 60378
x-fb-debug: Gf/UPz4WNabTYsa7F1YVNJVpqhWX7yMmpeCnDj7zKpB/3NfKyI6YKJlHkrBZmx4wncxCpPsiJgtoP8iYejdaVg==
x-fb-trip-id: 1850256238
x-fb-content-md5: 720cf0a65e8f5ce244fb809805d4f8a8
etag: "899372abe3d2fb0995032552eb656e5f"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 204 0
bat.bing.com/action/ 0
93 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17156808&Ver=2&mid=0ef04d11-8d7d-4ed5-e0c9-84c655ab4687&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Take%20Action&p=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&r=&evt=pageLoad&msclkid=N&rn=668188
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 23 Jan 2020 13:23:52 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 3E9B204871A54A82ADA9A5DE60483EE3 Ref B: FRAEDGE0317 Ref C: 2020-01-23T13:23:53Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698108002/ 3 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698108002/?random=1579785833110&cv=9&fst=1579785833110&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65a1c9a93eaf74bed4493b668085ea42db27aa34e02908c2d0ebb9090f9775b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1276
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1071783566/ 2 KB
1 KB 79ms
79ms Script
text/javascript 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1071783566/?random=1579785833112&cv=9&fst=1579785833112&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f2.1e100.net

Software

cafe /

Resource Hash

4bae86b31ba469ffce08cc9c64443c10fbae28189697a3e4fde416a105609bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1433
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/698108002/ 42 B
116 B 20ms
20ms Image
image/gif 2a00:1450:4001:81b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698108002/?random=1579785833110&cv=9&fst=1579784400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&frm=0&url=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&async=1&fmt=3&is_vtc=1&random=1882095581&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/698108002/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/698108002/?random=1579785833110&cv=9&fst=1579784400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&frm=0&url=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&async=1&fmt=3&is_vtc=1&random=1882095581&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/1071783566/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_...
https://www.google.com/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_c...
https://www.google.de/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd...

42 B
110 B

22ms
22ms

Image
image/gif

2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=aZ4pXs2lCIT-3gPrloyQDw&eitems=ChAIgKWl8QUQrrmG9oCFztggEh0AC7IeZK-dGZpFeuT9SUaeeeAOZoOwmuEH0C4b6w&random=2429756320&resp=GooglemKTybQhCsO&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1071783566/?random=1399031878&cv=9&fst=*&num=1&value=0&label=Pg0mCKq7vZYBEI69iP8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg181&sendb=1&ig=1&frm=0&url=https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&tiba=Take%20Action&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=aZ4pXs2lCIT-3gPrloyQDw&eitems=ChAIgKWl8QUQrrmG9oCFztggEh0AC7IeZK-dGZpFeuT9SUaeeeAOZoOwmuEH0C4b6w&random=2429756320&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-1161534.js Show response
static.hotjar.com/c/ 4 KB
2 KB 22ms
22ms Script
application/javascript 147.75.102.231
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1161534.js?sv=6

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.102.231 Central, Hong Kong, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress10

Software

Resource Hash

9abb0a5be7fb2ae1b127ce8705803b0c3ef27b6b824216acf6bd742351d22954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 10
status: 200
access-control-max-age: 600
section-io-cache: Hit
content-length: 1731
x-cache-hit: 1
x-frame-options: SAMEORIGIN
etag: W/1861da78f02f6ae364a852288d6b3bfb
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.074
accept-ranges: bytes
section-io-id: 010642ebf297b5711cfcd34322c65e15

GET
H/1.1 200
OK at.js Show response
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 799 KB
227 KB 198ms
31ms Script
application/javascript 52.222.149.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/at.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PPNMZJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-228.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e82aec97826bbb1be158061e290b0255287e48f6e9096942aed99fa35861ccab

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 22 Jan 2020 19:42:40 GMT
Content-Encoding: gzip
Age: 63674
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 231329
Via: 1.1 a9e1c5fff6a2739d3f7026c216819292.cloudfront.net (CloudFront)
Last-Modified: Wed, 08 Jan 2020 18:06:48 GMT
Server: AmazonS3
ETag: "aab1a955724b1c0ae5536bf9e62b46fa"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=900, s-maxage=86400, public
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: zv6juvXPgCiUESC2gqVk6sTniOAvyP1QQ434l4-46XeeOXszfTB5_A==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: pM3ORnHQRv8oH8O4hAd3vgro5ljrztyWKzytxpCYr6sMTPiTtiZXmJNM4/b45yzZDlBRssQR40bJspkUqWNNMg==
x-fb-trip-id: 1850256238
date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 431673573640385 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/431673573640385?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6d6c0bacd9c267d6e1e9d0aa4adaf2d54299a9453a8b25f83d8f817d1fc77085

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 114947
x-xss-protection: 0
pragma: public
x-fb-debug: NJc14sSrD5G04uwLN9FT2Ek3zxCvD5vrZvDfb60VFjNUAvw6W3++8KLnItDhM/OnBHwJN/WI5I3/hiHMOA317w==
x-fb-trip-id: 1850256238
date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK with-js.gif
act.ewg.org/Content/images/ 35 B
376 B 17ms
17ms Image
image/gif 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://act.ewg.org/Content/images/with-js.gif
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:52 GMT
Last-Modified: Thu, 16 Jan 2020 00:18:58 GMT
X-CDN: Incapsula
Etag: "045848b2ccd51:0"
Content-Type: image/gif
X-Iinfo: 9-58515860-0 0CNN RT(1579785830632 1713) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=12316, public
Content-Length: 35
Expires: Thu, 23 Jan 2020 16:49:08 GMT

GET
H/1.1 200
OK widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html
platform.twitter.com/widgets/ Frame 9D4C 0
0 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.4f8aea4342a4ada72cba2bdffcff6b4d.html?origin=https%3A%2F%2Fact.ewg.org
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4192) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1175487
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Jan 2020 13:23:53 GMT
Etag: "4b563298f37eb3ef2a2f8897be83c714+gzip"
Last-Modified: Thu, 09 Jan 2020 22:38:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4192)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H/1.1 200
OK _Incapsula_Resource
act.ewg.org/ 1 B
113 B 17ms
16ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://act.ewg.org/_Incapsula_Resource?SWKMTFSR=1&e=0.2931670425763244
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Cache-Control: no-cache
X-Robots-Tag: noindex
Content-Length: 1
Content-Type: text/plain

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 12:37:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2755
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1306
x-xss-protection: 0
expires: Thu, 23 Jan 2020 13:37:58 GMT

GET
H2 200 modules.4fbc6fa978838a77e880.js Show response
script.hotjar.com/ 400 KB
70 KB 23ms
23ms Script
application/javascript 147.75.102.231
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.4fbc6fa978838a77e880.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1161534.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.231 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress10
Software: /
Resource Hash: 755ae062fc4da1ccb582f2d2e153deaea69a05c1e5dd2b63b0e797b855608d86

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
content-type: application/javascript
age: 693540
status: 200
section-io-cache: Hit
content-length: 71279
last-modified: Wed, 15 Jan 2020 12:41:59 GMT
etag: "5992c1cb7b334dbab6fc9ed168473e45"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.030
accept-ranges: bytes
section-io-id: 42bdbe3612752eef4b2c5de86b60f6aa

GET
H2 200 /
www.facebook.com/tr/ 44 B
271 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=431673573640385&ev=PageView&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&rl=&if=false&ts=1579785833316&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1579785833315.1235584160&it=1579785833240&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H/1.1 200
OK identity Show response
profile.ngpvan.com/ 72 B
958 B 555ms
101ms Script
text/javascript 40.114.13.25
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://profile.ngpvan.com/identity?callback=_jqjsp

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.114.13.25 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / Express, ASP.NET

Resource Hash

1c1c9e9ada6d3e50beef30e86f87a1611ce2ee7c1fae9fe9c7945355729bc81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Microsoft-IIS/10.0
X-Powered-By: Express, ASP.NET
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi OUR OTRo STP IND COM NAV DEM"
Content-Type: text/javascript; charset=utf-8
Content-Length: 191
ETag: W/"48-r/ABGgtGmxldUVcRWkudJbY551Q"
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3,roleName=databag

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 73 KB
24 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d80c7b1a4fd85d3a9d86b55db7ec5ab2f7eae4266338819c6dc19d58063e5b8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
last-modified: Thu, 23 Jan 2020 12:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 24125
x-xss-protection: 0
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H2 200 at.min.css
d3rse9xjbp8270.cloudfront.net/ 110 KB
20 KB 23ms
8ms Stylesheet
text/css 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/at.min.css
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ba2ba86a5085a0f87e6828f2948519eaea7df70e9ca5bd46dbc44dc92ea9dee

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 22 Jan 2020 20:45:00 GMT
content-encoding: gzip
age: 59934
x-cache: Hit from cloudfront
status: 200
content-length: 20501
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
last-modified: Wed, 08 Jan 2020 18:06:48 GMT
server: AmazonS3
etag: "0706989818ad638d684d4f72d8f8112c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: zXsu5oCuYiAuZ1Z3BhkH-3jVl-7SJt0hps2FQWopgJJz8tgzQlsZAw==

GET
H2 200 extra.min.css
d3rse9xjbp8270.cloudfront.net/ 92 KB
16 KB 27ms
13ms Stylesheet
text/css 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 573f9f1e5511f5952b85433a0789666e1649ef75b1f6122335523d83d09e6334

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 22 Jan 2020 20:45:00 GMT
content-encoding: gzip
age: 59934
x-cache: Hit from cloudfront
status: 200
content-length: 15885
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
last-modified: Wed, 08 Jan 2020 18:06:48 GMT
server: AmazonS3
etag: "fb1f895ec49c4062e959c011c58f6187"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900, s-maxage=86400, public
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: NRBa4EcAfvQebsH-LswtA_J5KMNKufHlYEGqIO5djfyJr4UP1l8GWQ==

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
14ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=193508428&t=event&ni=1&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth%20Tracking&ea=0%25&el=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&_u=aGDACEALR~&jid=802187140&gjid=1668093449&cid=1187302411.1579785833&tid=UA-296149-25&_gid=1801368275.1579785833&_r=1&gtm=2wg181PPNMZJ&z=1243519317

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ngpForm Show response
advocator.ngpvan.com/https%3a%2f%2fsecure.everyaction.com%2fv1%2fForms%2fhRkjuUGk6EeGjKkagf9feg2/ 19 KB
6 KB 595ms
531ms XHR
application/json 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://advocator.ngpvan.com/https%3a%2f%2fsecure.everyaction.com%2fv1%2fForms%2fhRkjuUGk6EeGjKkagf9feg2/ngpForm
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.33.183 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: Cowboy / Express
Resource Hash: a9a610565bdaa1e821ede7ae2c2da17e401dc1d0340ff8326251cf4f7aed5811

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:53 GMT
Via: 1.1 vegur
Server: Cowboy
X-Powered-By: Express
Etag: W/"4b2c-Sno+EiUQeTpaTCJfdcYkJxatPYI"
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://act.ewg.org
X-Iinfo: 3-44901268-44901272 NNYN CT(74 164 0) RT(1579785832490 19) q(0 0 2 0) r(4 5) U4
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Encoding: gzip
Transfer-Encoding: chunked
X-CDN: Incapsula
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame F143 0
0 22ms
22ms Document
text/html 147.75.84.39
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1161534.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.84.39 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-b736908ce6b0e933fad3a2e45df61b38.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599

Response headers

status: 200
date: Thu, 23 Jan 2020 13:23:53 GMT
content-type: text/html
content-length: 808
last-modified: Tue, 07 Jan 2020 11:16:39 GMT
etag: "ed7551919779fd07dbfe6d776c643379"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.125
age: 1352085
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 742f280b81fcb3f00dffde9828f99338

GET
H/1.1 200
OK sweetspot.js Show response
d1aqhv4sn5kxtx.cloudfront.net/actiontag/ 8 KB
9 KB 92ms
32ms Script
application/x-javascript 52.222.149.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1aqhv4sn5kxtx.cloudfront.net/actiontag/sweetspot.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.149.228 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-228.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d32edd2deab9a90a989acdfb16d6fcf57bbe15acb7716c3d851e10f1fcfc1163

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 08:57:59 GMT
Via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
Age: 15955
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 8149
Last-Modified: Tue, 06 Aug 2019 21:06:41 GMT
Server: AmazonS3
ETag: "37a7034ed35eb1d861eba8fca5dbdea6"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=900, s-maxage=86400, public
X-Amz-Cf-Pop: FRA53
Accept-Ranges: bytes
X-Amz-Cf-Id: pisp6QD6aLZhYXc11-sYJS3o0bbLQconLPIUV8rBUsqQLfCIYLQ7mQ==

GET
H2 200 lightbox_inline.js Show response
www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/ 2 KB
1 KB 62ms
13ms Script
application/javascript 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/lightbox_inline.js?mb=1579785833724
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f793d0ef8e7b2b0a2f5271e63c4be9cfaefcf746af1b849d353bf75e420d20d

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: o+td2hMqqGlNUrKlAG8B3A==
age: 143
cf-polished: origSize=2379
status: 200
x-ms-lease-status: unlocked
last-modified: Wed, 22 Jan 2020 23:53:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 26081249-401e-0107-1a7f-d1e511000000
x-ms-version: 2009-09-19
cf-ray: 559a15b51ee2bef1-FRA
cf-bgj: minify

GET
H2 200 lightbox.js Show response
www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/ Frame F086 326 B
279 B 12ms
12ms Script
application/javascript 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/lightbox.js?mb=1579785833791&lv=1
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2967a43c995156ed25a2e026df2ac4faea708c0cf848622c7919da5cd6039d1a

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 48554
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 559a15b54f1dbef1-FRA

GET
H2 200 user.js Show response
www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/ Frame F086 862 KB
127 KB 16ms
16ms Script
application/javascript 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/user.js?cb=637153339901190215
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/lightbox.js?mb=1579785833791&lv=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 632c7a8ade8d1ed90063ae8e945706df73eebde68e8f79b98e04a43eea913a53

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: JkVmBHgVugbiFy+lDHgotg==
age: 48565
cf-polished: origSize=1375325
status: 200
x-ms-lease-status: unlocked
last-modified: Wed, 22 Jan 2020 23:53:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: b6e76fb7-601e-0014-2c7f-d196a5000000
expires: Fri, 22 Jan 2021 13:23:53 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 559a15b55f3dbef1-FRA
cf-bgj: minify

GET
H2 200 /
www.facebook.com/tr/ 44 B
111 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=431673573640385&ev=Microdata&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&rl=&if=false&ts=1579785833821&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Take%20Action%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Get%20Asbestos%20Out%20of%20Children%E2%80%99s%20Toys!%22%2C%22og%3Adescription%22%3A%22We%20need%20the%20government%20to%20step%20up%20and%20protect%20our%20kids%20from%20asbestos!%20Tell%20your%20representative%20to%20co-sponsor%20H.R.%201816%20to%20protect%20kids%20from%20this%20deadly%20carcinogen.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fnvlupin.blob.core.windows.net%2Fimages%2Fvan%2FEWG%2FEWG%2F1%2F71381%2Fimages%2FCosmetics_Social_Share.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1579785833315.1235584160&it=1579785833240&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:53 GMT, Thu, 23 Jan 2020 13:23:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 23 Jan 2020 13:23:53 GMT

GET
H2 200 fb_lightbox.2.1.5.css
www.lightboxcdn.com/static/ 4 KB
1 KB 18ms
18ms Stylesheet
text/css 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/static/fb_lightbox.2.1.5.css?cb=637153339892721806
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/user.js?cb=637153339901190215
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Jan 2020 13:23:53 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: q4B4xYJoZwx9ikt94o1nCA==
age: 48563
cf-polished: origSize=6016
x-ms-meta-cbmodifiedtime: Wed, 10 Apr 2019 18:50:43 GMT
status: 200
x-ms-lease-status: unlocked
last-modified: Wed, 10 Apr 2019 19:06:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 93e1850d-701e-0066-247f-d1e79b000000
expires: Fri, 22 Jan 2021 13:23:53 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 559a15b5dfe0bef1-FRA
cf-bgj: minify

GET
H2 200 ls.html
www.lightboxcdn.com/lclst/a3241e66-5c6a-4d48-8161-225ef2c02084/ Frame D9BF 0
0 690ms
690ms Document
text/html 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/lclst/a3241e66-5c6a-4d48-8161-225ef2c02084/ls.html?purl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&vid=a3241e66-5c6a-4d48-8161-225ef2c02084&se=0&prev=0&cb=637153339892721806
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/user.js?cb=637153339901190215
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: www.lightboxcdn.com
:scheme: https
:path: /lclst/a3241e66-5c6a-4d48-8161-225ef2c02084/ls.html?purl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&vid=a3241e66-5c6a-4d48-8161-225ef2c02084&se=0&prev=0&cb=637153339892721806
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599

Response headers

status: 200
date: Thu, 23 Jan 2020 13:23:54 GMT
content-type: text/html
set-cookie: __cfduid=db63f7f40edce746f9f2fdebc1c9df2241579785833; expires=Sat, 22-Feb-20 13:23:53 GMT; path=/; domain=.lightboxcdn.com; HttpOnly; SameSite=Lax
content-md5: xa1/rdPe0J6SwxlD7atkzw==
last-modified: Wed, 22 Jan 2020 23:53:09 GMT
x-ms-request-id: 64946b52-f01e-0011-60f0-d162da000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
cf-cache-status: MISS
expires: Fri, 22 Jan 2021 13:23:54 GMT
cache-control: public, max-age=31536000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 559a15b5f808bef1-FRA
content-encoding: br

GET
H2 200 t.gif
www.lightboxcdn.com/z9g/ 35 B
256 B 14ms
14ms Image
image/gif 2606:4700::6810:4da5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/t.gif?c=1579785833892&h=act.ewg.org&e=p&u=42018
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4da5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Jan 2020 13:23:53 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 1268789
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Tue, 26 Feb 2019 00:59:40 GMT
status: 200
content-length: 35
x-ms-lease-status: unlocked
last-modified: Tue, 26 Feb 2019 01:15:02 GMT
server: cloudflare
etag: 0x8D69B87D5A1B25F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: ac5326e6-701e-00aa-4564-84832e000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 559a15b5f806bef1-FRA
cf-bgj: imgq:85

GET
H/1.1 200
OK nvtag Show response
profile.ngpvan.com/v2/data/6NGvwCf8870vZtMOGLzk9W4s/ 2 B
782 B 378ms
103ms XHR
application/json 40.114.13.25
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://profile.ngpvan.com/v2/data/6NGvwCf8870vZtMOGLzk9W4s/nvtag
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.114.13.25 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / Express, ASP.NET
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:53 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-Powered-By: Express, ASP.NET
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Origin,Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://act.ewg.org
Access-Control-Allow-Credentials: true
Content-Length: 123
request-context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3,roleName=databag

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L2FSL&l=atLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3020
date: Thu, 23 Jan 2020 12:33:33 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Thu, 23 Jan 2020 14:33:33 GMT

GET
H/1.1 200
OK identity Show response
fastaction.ngpvan.com/api/v1/ 186 B
1 KB 426ms
367ms Script
text/javascript 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://fastaction.ngpvan.com/api/v1/identity?callback=_jqjsp&_1579785833961=

Requested by

Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Cowboy / Express

Resource Hash

b0dc00c25f3afe9bbc8c133cebde024d9b7c79747f4511b47a303dd98eaa61f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-CDN: Incapsula
X-Powered-By: Express
Transfer-Encoding: chunked
P3p: CP="NOI ADM DEV COM NAV OUR STP"
X-Iinfo: 10-75459862-75459878 NNYN CT(73 161 0) RT(1579785833090 18) q(0 0 2 6) r(3 3) U4
Connection: keep-alive
Content-Encoding: gzip
Etag: W/"ba-869385159"
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3,roleName=FastAction
Server: Cowboy
Date: Thu, 23 Jan 2020 13:23:54 GMT
Vary: X-HTTP-Method-Override, Accept-Encoding
Content-Type: text/javascript; charset=utf-8

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 glyphicons-regular.woff2
d3rse9xjbp8270.cloudfront.net/assets/fonts/ 94 KB
95 KB 8ms
8ms Font
application/font-woff2 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/fonts/glyphicons-regular.woff2
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://d3rse9xjbp8270.cloudfront.net/at.min.css
Origin: https://act.ewg.org

Response headers

date: Wed, 22 Jan 2020 18:22:34 GMT
via: 1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
age: 68480
x-cache: Hit from cloudfront
status: 200
content-length: 96388
last-modified: Thu, 03 Oct 2019 17:12:45 GMT
server: AmazonS3
etag: "aca35251952e72d9e32d41217f0f97ab"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: _Q0nqAbq63C_YQHfHCWI6Ri8_gCJce7WyJsZ3t46urgyaVuX02_oKQ==

GET
H/1.1 200
OK cosmetics-bg-1500px.jpg
nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/ 531 KB
532 KB 121ms
121ms Image
image/jpeg 52.239.157.138
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nvlupin.blob.core.windows.net/images/van/EWG/EWG/1/71381/images/cosmetics-bg-1500px.jpg
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.157.138 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 70c138aa7e3b6e13d86aed82e5e248f19e0cc6bca4b5ed01fda323b3e516f357

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 23 Jan 2020 13:23:53 GMT
Last-Modified: Tue, 28 May 2019 19:37:23 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D6E3A3E85DE367
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-ms-request-id: 70559774-201e-0002-12f0-d11302000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 544052

GET
H2 200 intl-tel.input.utils.js Show response
d3rse9xjbp8270.cloudfront.net/assets/js/ 229 KB
52 KB 10ms
10ms Script
application/javascript 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/js/intl-tel.input.utils.js
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47eaed42f703bb0f06ba33a785d63b4fcb7e88eac47cc217a70dc2c7ccefea72

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 26 Dec 2019 00:18:44 GMT
content-encoding: gzip
age: 2466311
x-cache: Hit from cloudfront
status: 200
content-length: 52457
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
last-modified: Thu, 03 Oct 2019 17:12:46 GMT
server: AmazonS3
etag: "0e171f16b707862d9a5a9168f0edc967"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: czw9LGh_7WcAweYlGPdoUFglUsQThGWKi7SQTnJZ2pCwUHE1Nt5VFA==

GET
DATA 200
OK truncated
/ 784 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 flags.png
d3rse9xjbp8270.cloudfront.net/assets/images/ 20 KB
20 KB 11ms
10ms Image
image/png 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/images/flags.png
Requested by: Host: d3rse9xjbp8270.cloudfront.net
URL: https://d3rse9xjbp8270.cloudfront.net/at.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca

Request headers

Referer: https://d3rse9xjbp8270.cloudfront.net/extra.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Mon, 20 Jan 2020 15:29:32 GMT
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
age: 251663
x-cache: Hit from cloudfront
status: 200
content-length: 20389
last-modified: Thu, 03 Oct 2019 17:12:45 GMT
server: AmazonS3
etag: "4e54a2ee652e9cddbd4ef6f8c46e5390"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: K_mi5xQkM1-YQ9SjWr8HTHKrf3Q6xYsMQ0xoisQMhZQvDrHLHXWzUg==

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
13ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Downloading&utl=Forms&utt=599&_u=aGDACEALR~&jid=869624954&gjid=1418727416&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&_r=1&gtm=2wg1815L2FSL&z=1570116597

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 22ms
21ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=193508428&t=event&ni=1&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=AdvocacyForm&ea=Form%20Load&el=Minimal&ev=10&_u=aGDACEALR~&jid=1833843170&gjid=1254884062&cid=1187302411.1579785833&tid=UA-28243511-24&_gid=1801368275.1579785833&_r=1&gtm=2wg1815L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FEWG%2FEWG%2F1%2F71381&cd3=4645022%2C4507037&cd4=202001%20-%20HR%201816%20Asbestos%20-%20Email&cd5=hRkjuUGk6EeGjKkagf9feg2&z=367791316

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jan 2020 13:23:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 9ms
8ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=pageview&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAiEALR~&jid=2117485234&gjid=2704234&cid=1187302411.1579785833&tid=UA-28243511-24&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&cd2=ngpvan%3A%2F%2Fvan%2FEWG%2FEWG%2F1%2F71381&cd3=4645022%2C4507037&cd4=202001%20-%20HR%201816%20Asbestos%20-%20Email&cd5=hRkjuUGk6EeGjKkagf9feg2&z=1580150332

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
102 B 16ms
15ms Image
image/gif 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-28243511-24&cid=1187302411.1579785833&jid=2117485234&gjid=2704234&_gid=1801368275.1579785833&_u=aGDAiEALR~&z=342077653

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Thu, 23 Jan 2020 13:23:54 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 8ms
7ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=event&ni=1&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=AdvocacyForm&ea=Form%20Load&el=Minimal&ev=10&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-296149-25&_gid=1801368275.1579785833&gtm=2wg181PPNMZJ&z=520336724

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 8ms
7ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Processing&utl=Forms&utt=26&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&z=779588926

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK hRkjuUGk6EeGjKkagf9feg2
secure.everyaction.com/v1/Track/ 0
1 KB 413ms
352ms Image
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.everyaction.com/v1/Track/hRkjuUGk6EeGjKkagf9feg2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Expires: -1
X-CDN: Incapsula
Date: Thu, 23 Jan 2020 13:23:54 GMT
X-Frame-Options: SAMEORIGIN
X-Iinfo: 10-75459914-75459931 NNNN CT(75 156 0) RT(1579785833179 19) q(0 1 3 10) r(4 4) U2
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Content-Length: 0
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H2 200 fast-action.svg
d3rse9xjbp8270.cloudfront.net/assets/images/ 9 KB
9 KB 13ms
13ms Image
image/svg+xml 2600:9000:2047:8e00:12:303c:8700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3rse9xjbp8270.cloudfront.net/assets/images/fast-action.svg
Requested by: Host: act.ewg.org
URL: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:8e00:12:303c:8700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 22 Jan 2020 17:20:38 GMT
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
age: 72197
x-cache: Hit from cloudfront
status: 200
content-length: 9203
last-modified: Wed, 08 Jan 2020 18:06:45 GMT
server: AmazonS3
etag: "babd47dc25531a9faeadc04f1afa1910"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: sPDGn2yMY74gf5jVTkxtyWRhmlYgVrGAr40LEe2dChQmcCc04bA6Ig==

GET
H2 200 collect
www.google-analytics.com/ 35 B
110 B 7ms
7ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Render&utl=Forms&utt=29&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&z=280871199

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
6ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Fill&utl=Forms&utt=3&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&z=2116281105

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
6ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Form&utl=Forms&utt=686&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&z=380908573

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
6ms Image
image/gif 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=193508428&t=timing&_s=1&dl=https%3A%2F%2Fact.ewg.org%2Fonlineactions%2FhRkjuUGk6EeGjKkagf9feg2%3Femci%3D12d451b8-8338-ea11-a1cc-2818784d084f%26emdi%3D13d451b8-8338-ea11-a1cc-2818784d084f%26ceid%3D1497666%26contactdata%3DL2rXV7EQGDLnmYDjY59EYB%252ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%252f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%252fpTgkUjhTJuS5u7crnO7C3XHEpDP%252f5g%252b2NYXKnk6fhsy%26sourceid%3D1018599&ul=en-us&de=UTF-8&dt=Take%20Action&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=ActionTag&utv=Total&utt=712&_u=aGDACEALR~&jid=&gjid=&cid=1187302411.1579785833&tid=UA-28243511-22&_gid=1801368275.1579785833&gtm=2wg1815L2FSL&z=1534727763

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:59:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5390643
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content 6NGvwCf8870vZtMOGLzk9W4s Show response
secure.everyaction.com/Databag/Profile/ 0
1 KB 385ms
351ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.everyaction.com/Databag/Profile/6NGvwCf8870vZtMOGLzk9W4s

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Incapsula
Date: Thu, 23 Jan 2020 13:23:54 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: https://act.ewg.org
X-Iinfo: 8-42359020-42359027 NNNN CT(76 155 0) RT(1579785833405 18) q(0 0 2 15) r(3 3) U11
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H/1.1 204
No Content 6NGvwCf8870vZtMOGLzk9W4s Show response
secure.ngpvan.com/Databag/Profile/ 0
1 KB 402ms
342ms XHR
text/plain 45.60.33.183
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.ngpvan.com/Databag/Profile/6NGvwCf8870vZtMOGLzk9W4s

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.183 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-CDN: Incapsula
Date: Thu, 23 Jan 2020 13:23:54 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: https://act.ewg.org
X-Iinfo: 10-75460032-75460052 NNNN CT(75 154 0) RT(1579785833429 22) q(0 0 2 9) r(3 3) U11
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:ccd92c0b-19c7-485c-b607-cbfe2344efa3

GET
H/1.1 200
OK z Show response
lightboxapi1.azurewebsites.net/z9l/42018/act.ewg.org/jsonp/ 330 B
572 B 494ms
120ms Script
application/javascript 23.99.128.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lightboxapi1.azurewebsites.net/z9l/42018/act.ewg.org/jsonp/z?cb=1579785834699&callback=jQuery171024561762870433346_1579785833886&_=1579785834700
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a3241e66-5c6a-4d48-8161-225ef2c02084/user.js?cb=637153339901190215
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.99.128.52 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: waws-prod-dm1-001.cloudapp.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 73bf4e3fb13b00a056d23c9e94067dc4ecf059cd8a7c62140b80e0f4dbc838d8

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 23 Jan 2020 13:23:54 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Content-Length: 359
Vary: Accept-Encoding
Content-Type: application/javascript

GET
H2 200 z.gif Show response
api1.lightboxcdn.com/z9u/LIewXglgNlCGD0BWAdABgAQApiwMYQDsAXEAZwAsBudASWIFMp0dd0B5AZXQA10BGVAH0-AFkEA2AJToAggAc5UegHV6AIwDSEIkgDMAdmS7xWDQAkAKsAAyAGnRQIAa3roA4vVxOQ0gMLkAJxAAW3p4fQBONCMIkRQADnj0DlgA... 182 B
586 B 30ms
14ms XHR
application/javascript 2606:4700::6810:50a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api1.lightboxcdn.com/z9u/LIewXglgNlCGD0BWAdABgAQApiwMYQDsAXEAZwAsBudASWIFMp0dd0B5AZXQA10BGVAH0-AFkEA2AJToAggAc5UegHV6AIwDSEIkgDMAdmS7xWDQAkAKsAAyAGnRQIAa3roA4vVxOQ0gMLkAJxAAW3p4fQBONCMIkRQADnj0DlgAM1gAiD1DYyA_XZX/z.gif
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 32b3de198458c5582db9b32bd4174811efad72838bfc101d9660726472629ce9

Request headers

Accept: */*
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 13:23:54 GMT
content-encoding: br
cf-cache-status: HIT
age: 84897
x-powered-by: ASP.NET
status: 200
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
access-control-allow-credentials: true
cf-ray: 559a15bb0b7764f7-FRA
expires: Fri, 24 Jan 2020 13:23:54 GMT

OPTIONS
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 0
311 B 86ms
18ms XHR
text/plain 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Access-Control-Request-Method: POST
Origin: https://act.ewg.org
Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Access-Control-Request-Headers: content-type,sdk-context

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 23 Jan 2020 13:23:54 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 0
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST

POST
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 98 B
521 B 194ms
194ms XHR
application/json 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8deef07a5609f678e89f2354c5617c22165f03ead7e0bd3428b8e800b5667f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.ewg.org/onlineactions/hRkjuUGk6EeGjKkagf9feg2?emci=12d451b8-8338-ea11-a1cc-2818784d084f&emdi=13d451b8-8338-ea11-a1cc-2818784d084f&ceid=1497666&contactdata=L2rXV7EQGDLnmYDjY59EYB%2ff4XUF2NpiMMzRz8c0IRpIECaDHK5PhHRFn8diqsyf09hVYf3Px5A2wZzmmV5gJDl1TMmLiuVHhZVH5yV%2f2c5CY10U8Xwaqb1rwGVLyDQgz7Rr511oi6HSxUFFxFn6%2fpTgkUjhTJuS5u7crnO7C3XHEpDP%2f5g%2b2NYXKnk6fhsy&sourceid=1018599
Origin: https://act.ewg.org
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: AE38BFBA-4B65-469F-825D-9DD1C8358D9C
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 23 Jan 2020 13:23:54 GMT
Access-Control-Max-Age: 3600
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 98

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js(Line 1) Message: AI: CannotSerializeObjectNonSerializable message:"Attempting to serialize an object which does not implement ISerializable" props:"{name:baseData}"
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Downloading (Forms): 599.47509765625ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Processing (Forms): 26.322265625ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Render (Forms): 27.99609375ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Fill (Forms): 3.31201171875ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Form (Forms): 686.2421875ms
console-api	debug	URL: https://d3rse9xjbp8270.cloudfront.net/at.js(Line 7) Message: Total: 711.89208984375ms

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-eval' 'unsafe-inline' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

act.ewg.org
advocator.ngpvan.com
ajax.googleapis.com
api1.lightboxcdn.com
az416426.vo.msecnd.net
bat.bing.com
c.shpg.org
click.everyaction.com
connect.facebook.net
d1aqhv4sn5kxtx.cloudfront.net
d3rse9xjbp8270.cloudfront.net
dc.services.visualstudio.com
fastaction.ngpvan.com
googleads.g.doubleclick.net
js.verygoodvault.com
lightboxapi1.azurewebsites.net
nvlupin.blob.core.windows.net
platform.twitter.com
profile.ngpvan.com
script.hotjar.com
secure.everyaction.com
secure.ngpvan.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.lightboxcdn.com
147.75.102.231
147.75.84.39
152.199.19.160
216.58.208.34
23.99.128.52
2600:9000:2047:8e00:12:303c:8700:21
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:ebd
2606:4700::6810:4da5
2606:4700::6810:50a5
2620:1ec:c11::200
2a00:1450:4001:814::200e
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2004
2a00:1450:4001:824::2003
2a00:1450:4001:825::200a
2a00:1450:400c:c0c::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
40.114.13.25
45.60.33.183
51.140.6.23
52.222.149.228
52.222.158.236
52.239.157.138
013819105effb1832cbcbcfcc6317b0045170a7f671bd953a21f0847fa1a2e6e
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
09c09240791dd7620b5353be9461a38903e62d4f3a9c877480eb286f312ac87b
0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b
0ba2ba86a5085a0f87e6828f2948519eaea7df70e9ca5bd46dbc44dc92ea9dee
0e536a139bbeaa0fb9d847a1a53a4704dc91fa6cb7faf4524984993d7dad9eca
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1243720e85f9f4b01403fb75452182b2924caca75ab794a3f7a6e4967ae78593
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1c1c9e9ada6d3e50beef30e86f87a1611ce2ee7c1fae9fe9c7945355729bc81d
1e14deb2749e1521aac0ebcb8f99739494f4918fc07649ac6f51a2985085d756
2967a43c995156ed25a2e026df2ac4faea708c0cf848622c7919da5cd6039d1a
32b3de198458c5582db9b32bd4174811efad72838bfc101d9660726472629ce9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47eaed42f703bb0f06ba33a785d63b4fcb7e88eac47cc217a70dc2c7ccefea72
4bae86b31ba469ffce08cc9c64443c10fbae28189697a3e4fde416a105609bce
4dced00354b099d831f860145bbd0149f99889d4c45632e4d9e849f008123866
536aed9ab404aa6cb3cc681f51d47179ec9720b32f76969a2cafafe27a8e4311
56d48644f486f03d18fcc8d9b2467388f89d57d3ffbb5fa85fc9e5b6421d00b7
573f9f1e5511f5952b85433a0789666e1649ef75b1f6122335523d83d09e6334
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5f793d0ef8e7b2b0a2f5271e63c4be9cfaefcf746af1b849d353bf75e420d20d
632c7a8ade8d1ed90063ae8e945706df73eebde68e8f79b98e04a43eea913a53
65a1c9a93eaf74bed4493b668085ea42db27aa34e02908c2d0ebb9090f9775b6
6a3dea1d3b592fb49de61a61a098e7362552940f5933fb24347349f0471cb0ce
6d6c0bacd9c267d6e1e9d0aa4adaf2d54299a9453a8b25f83d8f817d1fc77085
6ed9795e9f6c7d1acff8a03da5d2e13cc411440e1eeb2b8e4f371e8aa1d5963e
70c138aa7e3b6e13d86aed82e5e248f19e0cc6bca4b5ed01fda323b3e516f357
73bf4e3fb13b00a056d23c9e94067dc4ecf059cd8a7c62140b80e0f4dbc838d8
755ae062fc4da1ccb582f2d2e153deaea69a05c1e5dd2b63b0e797b855608d86
7d80c7b1a4fd85d3a9d86b55db7ec5ab2f7eae4266338819c6dc19d58063e5b8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85112008f74106bf7dc8348c58a5585b6349daa95b0508f818c9482623389958
8deef07a5609f678e89f2354c5617c22165f03ead7e0bd3428b8e800b5667f6e
8e56bfbe35470230925fd927d16342b3f18d1bc0751b1405c2c26999440426b0
9abb0a5be7fb2ae1b127ce8705803b0c3ef27b6b824216acf6bd742351d22954
a9a610565bdaa1e821ede7ae2c2da17e401dc1d0340ff8326251cf4f7aed5811
b0dc00c25f3afe9bbc8c133cebde024d9b7c79747f4511b47a303dd98eaa61f0
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b3b360dc7d412894d4772b986c10a6cfdf06ad89a522135fadf757aa7434ed02
b4c1752df09525cc41d8de1762ee4312d63e1fdff2b1fa1bd0797164f7fb0909
b60497a77afdcb315e270ec5f6fe3d53797c486032fc6752523aa8c65be7b985
bad64e9f436f476fb988197ae48418be1fd5e29d33239ea3d8ed8a21f8f67d81
bee62654bc85c23818d4d3ca74505c26d8cde5733b8614261f3f772390b9539b
d2219782bf808672e486c65601b5bd41e52041c592ba9bfde1030a820f257baf
d32edd2deab9a90a989acdfb16d6fcf57bbe15acb7716c3d851e10f1fcfc1163
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd16b17e257a3a57a00efd5f2d1dc5ac0de934728ec3d44981eab67aa95bc591
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70adb67bcdec61516ea9e7174456c50effa918e43b3c8663baf1aa762f705de
e82aec97826bbb1be158061e290b0255287e48f6e9096942aed99fa35861ccab
edf32f018df1478fe9e902ec0c5a98c9142373422aafdc7f91d5fbfa3d5d5a3e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fe62bab84590322ae4bfcde20dfb50a72c1b68b330c2a7f1b0aefb65999f16bc

act.ewg.org Open in urlscan Pro 45.60.33.183 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

100 %HTTPS

58 %IPv6

23 Domains

32 Subdomains

27 IPs

6 Countries

2101 kBTransfer

5929 kBSize

0 Cookies

7 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

act.ewg.org Open in urlscan Pro
45.60.33.183 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

100 %
HTTPS

58 %
IPv6

23
Domains

32
Subdomains

27
IPs

6
Countries

2101 kB
Transfer

5929 kB
Size

0
Cookies

80 HTTP transactions
2 data transactions