www.payetteforward.com Open in urlscan Pro
2606:4700:20::ac43:460d Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.payetteforward.com/
Effective URL:
https://www.payetteforward.com/
Submission: On January 22 via api (January 22nd 2024, 10:08:27 pm UTC) from US — Scanned from DE

Summary HTTP 136 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 46 IPs in 8 countries across 34 domains to perform 136 HTTP transactions. The main IP is 2606:4700:20::ac43:460d, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.payetteforward.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2023. Valid for: a year.

This is the only time www.payetteforward.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:b95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2606:4700:20:... 2606:4700:20::ac43:460d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
13	2606:4700::68... 2606:4700::6812:1fea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c1d::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	68.71.249.118 68.71.249.118	46562 (PERFORMIVE) (PERFORMIVE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
3	52.152.143.207 52.152.143.207	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::ac40:90a6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:25a... 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
2 3	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	2607:f350:3:2... 2607:f350:3:2569:0:10:0:d	27630 (AS-XFERNET) (AS-XFERNET)
1	8.39.36.142 8.39.36.142	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	8.2.110.161 8.2.110.161	46636 (NATCOWEB) (NATCOWEB)
2	2600:9000:25a... 2600:9000:25a2:d400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	145.40.97.66 145.40.97.66	54825 (PACKET) (PACKET)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2602:803:c003... 2602:803:c003:200::31	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2602:803:c003... 2602:803:c003:200::67	26667 (RUBICONPR...) (RUBICONPROJECT)
1	63.32.16.169 63.32.16.169	16509 (AMAZON-02) (AMAZON-02)
1 2	46.137.143.235 46.137.143.235	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2	184.30.22.30 184.30.22.30	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2600:9000:223... 2600:9000:223f:6c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:1f18:1ac... 2600:1f18:1aca:4280:799:3bcd:c321:efff	14618 (AMAZON-AES) (AMAZON-AES)
1	35.244.193.51 35.244.193.51	15169 (GOOGLE) (GOOGLE)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
136	46

1 2606:4700:20::681a:b95 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.payetteforward.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:20::ac43:460d (United States)

ASN13335 (CLOUDFLARENET, US)

www.payetteforward.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700::6812:1fea (United States)

ASN13335 (CLOUDFLARENET, US)

app.termly.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 68.71.249.118 (Toronto, Canada)

ASN46562 (PERFORMIVE, US)

udmserve.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.152.143.207 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

o.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:90a6 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

bid.underdog.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.85 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f350:3:2569:0:10:0:d (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-west.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.110.161 (United States) 1 redirects

ASN46636 (NATCOWEB, US)

cm-x.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:25a2:d400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.97.66 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

underdogmedia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::67 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.16.169 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-16-169.eu-west-1.compute.amazonaws.com

protected-by.clarium.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.137.143.235 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-143-235.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.22.30 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-22-30.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:6c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:1aca:4280:799:3bcd:c321:efff (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.193.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.193.244.35.bc.googleusercontent.com

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	payetteforward.com 1 redirects www.payetteforward.com	406 KB
14	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	174 KB
13	termly.io app.termly.io — Cisco Umbrella Rank: 18291	334 KB
12	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	89 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1004 static.adsafeprotected.com — Cisco Umbrella Rank: 721 dt.adsafeprotected.com — Cisco Umbrella Rank: 719	104 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 747 o.clarity.ms — Cisco Umbrella Rank: 7121 c.clarity.ms — Cisco Umbrella Rank: 1351	28 KB
6	rubiconproject.com pixel-us-west.rubiconproject.com — Cisco Umbrella Rank: 4763 fastlane.rubiconproject.com — Cisco Umbrella Rank: 520 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 10108 eus.rubiconproject.com — Cisco Umbrella Rank: 579 token.rubiconproject.com — Cisco Umbrella Rank: 477	18 KB
6	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 79 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594	44 KB
5	udmserve.net udmserve.net — Cisco Umbrella Rank: 3747	7 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	22 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 490 ib.adnxs.com — Cisco Umbrella Rank: 253	9 KB
3	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1364 pixel.quantserve.com — Cisco Umbrella Rank: 1007	10 KB
3	underdog.media bid.underdog.media — Cisco Umbrella Rank: 27827	178 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	35 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6518 ampcid.google.de — Cisco Umbrella Rank: 80806	888 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2616 ampcid.google.com — Cisco Umbrella Rank: 2967 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1345	1 KB
2	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 358	255 B
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 497	1 KB
2	pubmatic.com image8.pubmatic.com — Cisco Umbrella Rank: 664 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 459	160 B
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1463	86 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	189 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	427 B
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1517	255 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	65 KB
1	clarium.io protected-by.clarium.io — Cisco Umbrella Rank: 1486	244 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 247	762 B
1	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 679	201 B
1	openx.net underdogmedia-d.openx.net — Cisco Umbrella Rank: 33973	374 B
1	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 740	175 B
1	mgid.com 1 redirects cm-x.mgid.com — Cisco Umbrella Rank: 4115	561 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 976	401 B
1	gstatic.com fonts.gstatic.com	15 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	967 B
136	34

	Domain	Requested by
27	www.payetteforward.com	1 redirects www.payetteforward.com
14	s0.2mdn.net	www.payetteforward.com s0.2mdn.net
13	app.termly.io	www.payetteforward.com app.termly.io
10	pagead2.googlesyndication.com	www.payetteforward.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
5	dt.adsafeprotected.com
5	udmserve.net	www.payetteforward.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.payetteforward.com
3	bid.underdog.media	udmserve.net bid.underdog.media
3	o.clarity.ms	www.clarity.ms
3	cdnjs.cloudflare.com	www.payetteforward.com s0.2mdn.net
2	static.adsafeprotected.com	www.payetteforward.com
2	googleads4.g.doubleclick.net	www.payetteforward.com
2	eus.rubiconproject.com	www.payetteforward.com eus.rubiconproject.com
2	tpc.googlesyndication.com	www.payetteforward.com
2	fw.adsafeprotected.com	1 redirects www.payetteforward.com
2	googleads.g.doubleclick.net	www.payetteforward.com
2	c.clarity.ms	1 redirects
2	pixel.quantserve.com	www.payetteforward.com
2	rules.quantcount.com	secure.quantserve.com
2	ups.analytics.yahoo.com	www.payetteforward.com bid.underdog.media
2	ssum-sec.casalemedia.com	2 redirects
2	secure.adnxs.com	2 redirects
2	cdn.confiant-integrations.net	udmserve.net cdn.confiant-integrations.net
2	www.google.de	www.payetteforward.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.clarity.ms	www.payetteforward.com www.clarity.ms
2	www.googletagmanager.com	www.payetteforward.com www.googletagmanager.com
1	match.adsrvr.org	bid.underdog.media
1	lexicon.33across.com	bid.underdog.media
1	token.rubiconproject.com	eus.rubiconproject.com
1	www.googletagservices.com	www.payetteforward.com
1	protected-by.clarium.io	www.payetteforward.com
1	beacon-ams3.rubiconproject.com	www.payetteforward.com
1	c.bing.com	1 redirects
1	fastlane.rubiconproject.com	bid.underdog.media
1	bidder.criteo.com	bid.underdog.media
1	underdogmedia-d.openx.net	bid.underdog.media
1	ib.adnxs.com	bid.underdog.media
1	hbopenbid.pubmatic.com	bid.underdog.media
1	prebid.a-mo.net	bid.underdog.media
1	cm-x.mgid.com	1 redirects
1	pixel-us-west.rubiconproject.com	www.payetteforward.com
1	sync.go.sonobi.com	www.payetteforward.com
1	image8.pubmatic.com	www.payetteforward.com
1	secure.quantserve.com	udmserve.net
1	www.google.com	www.payetteforward.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	region1.analytics.google.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	client
136	51

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.pinterest.com
www.youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-10` - `2024-05-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
app.termly.io Sectigo RSA Domain Validation Secure Server CA	`2023-05-03` - `2024-06-02`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
udmserve.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-29` - `2024-04-28`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
confiant-integrations.net GTS CA 1P5	`2024-01-17` - `2024-04-16`	3 months	crt.sh
underdog.media DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-29` - `2024-04-28`	a year	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-26` - `2024-06-19`	6 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2023-12-07` - `2025-01-07`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.a-mo.net R3	`2024-01-06` - `2024-04-05`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
protected-by.clarium.io Amazon RSA 2048 M02	`2023-11-16` - `2024-12-15`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
lexicon.33across.com GTS CA 1D4	`2023-11-27` - `2024-02-25`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.payetteforward.com/
Frame ID: 9157A6D4C1C05E7E6DED173C4CF2B1D4
Requests: 98 HTTP requests in this frame

Frame: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=7;p=1;rri=1705961300682_604545_178.162.209.135;mid=47782;zzz=%5B47782%2C1705961300%2C%22UAk%2BwU7yfLGC1psVe%2FIP%2Bg%22%5D;version=v2.23.3-confiant;cb=0.7026113079418872;qqq=2.2426553038797934;session=1;style=slider;vis=visible;traffic_info=%7B%7D;gdprApplies=true;consentGiven=false;consentData=cmpMissing
Frame ID: 5C3F637B16485EAD0D625E8E8C1CC088
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGKS61YACMAE&v=APEucNVUKEFzI6t3vJWJgUSlksF8PEmAunDmyDUmgjmg6WnQDnvHAnf1_5duKjyPYQTDL_k6awg6Y0RopXv91JAiL9WhpLOllApQNnx_SUzvBZM_3XlRkEDRy94CEeKaBLYisT5lw9wDNHXJsk2Ra5m4BRI050hXxFI-8on9k7VaXDt_vKZGaaQ
Frame ID: 3F2C4A21344E96CDF49302F665CDB042
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 2174B4221F98DD5E83EADD4A58C5CE67
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7A5A68703951D3DF19D9B5C394CBC89E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
Frame ID: 50D4BE3CDFCA6CA6D4E8D35516C41F58
Requests: 15 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 46F67D96C2C9BB9B74FA6E06F7ED4CBC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Payette Forward

Page URL History Show full URLs

http://www.payetteforward.com/ HTTP 301
https://www.payetteforward.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Termly (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

app\.termly\.io/embed\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

136
Requests

96 %
HTTPS

61 %
IPv6

34
Domains

51
Subdomains

46
IPs

8
Countries

1818 kB
Transfer

4922 kB
Size

45
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/payetteforwardinc

Search URL Search Domain Scan URL

URL: https://twitter.com/payetteforward

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/payetteforward/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Payetteforward

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.payetteforward.com/ HTTP 301
https://www.payetteforward.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.7378308 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.7378308 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;apnid=6245561651582914746;cb=0.7378308

Request Chain 44

https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.7378308%3Bindx%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.7378308%3Bindx%3D&s=199174&C=1 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.7378308;indx=Za7nVE6SDrw-KYAGO2r0ggAADJ4AAAAB

Request Chain 48

https://cm-x.mgid.com/4c7eda2d9428691cd8f54d15244a36a7.gif?ccpa=0&gdpr=0&redir=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bmgid%3D%5BUID%5D HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;mgid=a45f7ca2-a627-4da1-be37-ff44306ea1aa

Request Chain 63

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&RedC=c.clarity.ms&MXFR=00BF71088E4562D3283565068A456CF5 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&MUID=181BE12DB3CE6CAC2B34F523B2A56D67

Request Chain 123

https://fw.adsafeprotected.com/rfw/st/1874223/77019492/4.js?ias_dspID=3&ias_campId=1015060172&ias_pubId=24042&ias_chanId=8&ias_placementId=20833643169&bidurl=https://www.payetteforward.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hhMCQmPNSt5LD-_JoPmbrK&adContainerId=brand_safety_VueuZYORCfK1juwP-KWTkAg&cbFunctionName=goog_wrapCb_VueuZYORCfK1juwP-KWTkAg&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.payetteforward.com%2F&adsafe_type=abedfq&adsafe_jsinfo=,id:41eb07b3-22d1-a13f-6463-d6c70a371867,c:24qz5I,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-7b546d5668-4z974,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:u28fLLG+11%7C12*.1874223-77019492%7C121%7C122%7C1231%7C124,idMap:12*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:14,oid:c1c1605a-b972-11ee-a939-f2108028efc1,v:19.8.473,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?ias_xappb=&adContainerId=brand_safety_VueuZYORCfK1juwP-KWTkAg&cbFunctionName=goog_wrapCb_VueuZYORCfK1juwP-KWTkAg&true_pb=

136 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.payetteforward.com/
Redirect Chain

http://www.payetteforward.com/
https://www.payetteforward.com/

352 KB
58 KB

568ms
548ms

Document
text/html

2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

5feb1522f34adb55228a792331bb1ed51effbb4c7244dfdaf755178cfd27ddf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-ray: 849b1d68bcadbb53-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 22 Jan 2024 22:08:19 GMT
link: <https://www.payetteforward.com/wp-json/>; rel="https://api.w.org/", <https://www.payetteforward.com/wp-json/wp/v2/pages/14>; rel="alternate"; type="application/json", <https://www.payetteforward.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer, strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pGhsZof4mSb2%2B0%2FjbIdn9P7sgsxiSeFVfbnB6WMXXPuNgn%2B8G8rPupHP8k7XWB5c%2BgVaOzj%2BEmPGONp00rxUjrKt8DXsoEU2d4D7AG1JPXwBSJCVb0nOfg2dad15zvy9EYZfb4LtIzP0BWNgsDSeZehN4A%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-html-edge-cache: cache,bypass-cookies=wp-|wordpress|comment_|woocommerce_
x-html-edge-cache-status: Bypass for Reload, Cached
x-pingback: https://www.payetteforward.com/xmlrpc.php
x-powered-by: WordOps
x-srcache-fetch-status: HIT
x-srcache-store-status: BYPASS
x-xss-protection: 1; mode=block

Redirect headers

CF-Cache-Status: BYPASS
CF-Ray: 849b1d6669df1cad-FRA
Connection: keep-alive
Content-Type: text/html
Date: Mon, 22 Jan 2024 22:08:19 GMT
Location: https://www.payetteforward.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgMH2GeIZ739mwicg73p3URnStff7TimF1mb570HuPhP40drLoOJkewL2wFn81H9FDvRik4RLeZlqGrPnkXsxjSuWldt6viswhLozP5m%2FGDHAmNV2nk3iy%2FSPt3rJcvh3bgtk6RKVlSuEZy8Roij8IB818E%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Powered-By: WordOps
X-Xss-Protection: 1; mode=block
alt-svc: h3=":443"; ma=86400
cf-apo-via: origin,no-cache

GET
H2 200 proximanova-regular-webfont.woff2
www.payetteforward.com/fonts/proxima-nova-web/ 21 KB
22 KB 30ms
29ms Font
font/woff2 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/fonts/proxima-nova-web/proximanova-regular-webfont.woff2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

501ed6d7c49a3526af1f804fff30cc8b7b8608525b100f4140b7504cc5afd4bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payetteforward.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1357492
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
content-length: 21824
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Tue, 15 May 2018 21:36:16 GMT
server: cloudflare
etag: "5afb52d0-5540"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZRbvjVet%2B25e%2FPhR3jo%2BNCNCa%2FSki2nk2ox6%2FgyCwsVl5NJl3ZDg5x%2Fg9YcTvbjN3L9E%2Fa1HAsD1NpY16jd1p36AHqJ8mE6TPaWovfh7xtQlin6y1I8Rc4Rz%2FBsQAlmznpKoVhvL9YHsiPj%2BDVMk7sqUjc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d6c2f8bbb53-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 proximanova-bold-webfont.woff2
www.payetteforward.com/fonts/proxima-nova-web/ 22 KB
22 KB 40ms
40ms Font
font/woff2 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/fonts/proxima-nova-web/proximanova-bold-webfont.woff2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

6a4dac260dffc284594d633859fb508b2fcfade38b61c8af9cd55eb23adf9e89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payetteforward.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 263054
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
content-length: 22500
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Tue, 15 May 2018 21:36:16 GMT
server: cloudflare
etag: "5afb52d0-57e4"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rWMTN0DD%2BESDFSfwWer9yUjUhTVY2HY6bJb2rQiXJ2ZqggcfFQJDwItjUXwtEzvruqo809xQbSFVgr8JFRLvPvomiNK%2Fhbd7kspHCwM5LTQBvg0aXYfcD8QKwvguDT5o0SRZz%2FxiqEKd%2BnZIUEY5uMOuRA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d6c2f8cbb53-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fontawesome-webfont.woff2
www.payetteforward.com/wp-content/themes/smart-mag/css/fontawesome/fonts/ 55 KB
56 KB 34ms
34ms Font
font/woff2 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/themes/smart-mag/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payetteforward.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 473031
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
content-length: 56780
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 29 Dec 2016 19:10:32 GMT
server: cloudflare
etag: "58655fa8-ddcc"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTl4G5vYNUJZcKosKpOVC7ArYM4IeY4ez2WsLJ2SBqGvM9saOEBrNxbVqKVBmK%2FG0nuKYZz36uT5lIjj6qZmdCG89cxF%2B7k5YSVMtiAusKARy4EIuBeX3oMJNkHXGWJWMjfXnGMYO0IXFV%2FmXYj7ptKoeLY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d6c2f8fbb53-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
www.payetteforward.com/wp-content/themes/smart-mag/ 61 KB
15 KB 43ms
42ms Stylesheet
text/css 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/themes/smart-mag/style.css?ver=2.5.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

2c9c000242ec31f3d772ddcf4ae871f8a8484a931ae01de7256fcd7227980799

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197223
cf-polished: origSize=83758
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Mon, 08 Jun 2020 21:11:07 GMT
cf-bgj: minify
server: cloudflare
etag: W/"5edea96b-1472e"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Su2IlrcwKbQwkqGsgc%2F0dwcC2ZeC6MKvr2nRJooL%2FLrD4cszu%2BKilNDfjhxPNz7siQq2liSoORba2ghuXEYLV40GuL7kVHOGzA3o4I6IutVkebwgetQLrhZgPJ1a3ETt3akhZN%2FljghDxelK6pE2BfBNvWM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6c4b796969-FRA
expires: Mon, 19 Feb 2024 15:21:16 GMT

GET
H3 200 responsive.css
www.payetteforward.com/wp-content/themes/smart-mag/css/ 16 KB
5 KB 50ms
50ms Stylesheet
text/css 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/themes/smart-mag/css/responsive.css?ver=2.5.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

646f54e64d230bf10e2d2c14236c4f59b18257b96938951d346613671ee450b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277658
cf-polished: origSize=22152
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 29 Dec 2016 19:10:32 GMT
cf-bgj: minify
server: cloudflare
etag: W/"58655fa8-5688"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kf1as0qbc9%2BVZRhniVr71EHugZcViZO9Z52EP4dRd9I4h2vsQPRQK2Ym6DshvJr%2B56t2KgjiM4gcPiJcqYQ9YurUl4UihWcTl%2FFbA98QsTipzwbfp3nLFEJ9L8BBN6LDSG38ztUX08KShWL8tHnTpMBxQGs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6c4b7d6969-FRA
expires: Sun, 18 Feb 2024 17:00:41 GMT

GET
H3 200 font-awesome.min.css
www.payetteforward.com/wp-content/themes/smart-mag/css/fontawesome/css/ 23 KB
6 KB 44ms
43ms Stylesheet
text/css 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/themes/smart-mag/css/fontawesome/css/font-awesome.min.css?ver=2.5.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

1c3c5400087c7a0933a14001c67987c69be79772724a3c6c1dcaac4119d976e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197223
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 11 Jun 2020 16:08:40 GMT
server: cloudflare
etag: W/"5ee25708-5cce"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9Ce92ifUWpimkcDffeHebAMfEKHfywh4YHQoNvq2GBvMkw9ijMSV1KyniT6JLDwCQRjartIP9cOdER9T52vtbWCry6sBkFO8Hozei8UiDE0jcjXgdg2NDUx2mKnIIH707vT7uYv8o9yPlhYSAGXWb1mdrQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6c4b7e6969-FRA
expires: Mon, 19 Feb 2024 15:21:16 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
967 B 40ms
18ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A700&subset=

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

16bd001aec7b26aced2962f85ef9c85e52e111ab64fe003172e7c45c5a3572d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 22:08:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 22:08:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 22:08:19 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 284 KB
98 KB 49ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KD2DGX

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

809bd3ecc7f9c76dc13174b525a68e8f721eac9c31d5218582d17461163f74b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99550
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 21:27:16 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Jan 2024 22:08:19 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 15 KB
15 KB 63ms
19ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A700&subset=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a60b1ba9daa11468bf1b846e8515e51b97023f341f2962a9623b9d8aaa7904ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:27:31 GMT
x-content-type-options: nosniff
age: 502849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15240
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:45:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 02:27:31 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dc665f3ade51319cb3df1ed00c2af977e87837208c8a1906c0d05359e5cce4b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
68 B Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5268a8afa9325a8e0ea0c0039216ccc1c87cc59303ca5d0e7cef64469d9221aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
68 B Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d44da8cb8d1fad9bc5999ce7e69b725b791d0abeab3b9ef837624ebf33b099ef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
67 B Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e64be9c7535deda51f0f11fa8210cdf025dbb3ebd12ee4dfa090965957069026

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
91 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6NYF58WW9Q&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KD2DGX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3bb4d10a4ee5fae874bb60f4f47be5ace65c68fd1e0adb82a0e17759beafaae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Jan 2024 22:08:20 GMT

GET
H2 200 embed.min.js Show response
app.termly.io/ 1008 KB
301 KB 93ms
35ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/embed.min.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80ca13009072ed3a0a1139b4905853ed8b104d5875e0d698fb0e4d3a3d61a6b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6125
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-fbf5e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d6dadb4696a-FRA
expires: Tue, 23 Jan 2024 02:08:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 54ms
17ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KD2DGX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 21:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1211
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 22 Jan 2024 23:48:09 GMT

GET
H2 200 7v1p9iihwu Show response
www.clarity.ms/tag/ 1 KB
2 KB 159ms
104ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/7v1p9iihwu?ref=gtm2
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: eb12067abcd623ed3eef6aa27f52996536e3bda6104f95ccaba60df16e3e5305

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: -1
date: Mon, 22 Jan 2024 22:08:20 GMT
x-azure-ref: 20240122T220820Z-21pbgus95h4km3v9mbghvp0zfw00000005cg00000000v6tv
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1231
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 39ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6NYF58WW9Q&gtm=45je41h0v888287351z871454992&_p=1705961299937&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1712327010.1705961300&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705961300&sct=1&seg=0&dl=https%3A%2F%2Fwww.payetteforward.com%2F&dt=Payette%20Forward&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagePostType=frontpage&ep.pagePostType2=single-page&ep.pagePostAuthor=David%20Payette&tfd=1196
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6NYF58WW9Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 50ms
17ms Ping
text/plain 2a00:1450:400c:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6NYF58WW9Q&cid=1712327010.1705961300&gtm=45je41h0v888287351z871454992&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6NYF58WW9Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 41ms
18ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6NYF58WW9Q&cid=1712327010.1705961300&gtm=45je41h0v888287351z871454992&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=642768480

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 19 KB
5 KB 643ms
172ms Script
application/x-javascript 68.71.249.118
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=6;
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 Toronto, Canada, ASN46562 (PERFORMIVE, US),
Reverse DNS
Software: /
Resource Hash: c6711bfcb5b38b1adb4bd7965767ab87227965bd106a253592b53b889fb484a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Jan 2024 22:08:20 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Expires: 0

GET
H3 200 rocket-loader.min.js Show response
www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 9ms
9ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Jan 2024 17:29:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65983c8b-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bHgTRepmg3qFCa%2F9ejX1xM2HRrXJ7UazbOcspaj6kO4MtaRGnoygKRTPTK01gfIn5%2BfkLL6IgaBZFWdMzdoyQUPODEG6LGkIAZ1yDLmmjRuqd2%2F7MFhVPZkmMLqf%2FAV9YbXcbcisBt1L6FksGDZuvxOZlI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 849b1d6dccb56969-FRA
expires: Wed, 24 Jan 2024 22:08:20 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:57:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 22 Jan 2024 22:57:46 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
444 B 76ms
14ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.payetteforward.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H3 200 lazyload.min.js Show response
www.payetteforward.com/wp-content/plugins/rocket-lazy-load/assets/js/16.1/ 8 KB
3 KB 31ms
31ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/plugins/rocket-lazy-load/assets/js/16.1/lazyload.min.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277658
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Tue, 24 May 2022 14:40:50 GMT
server: cloudflare
etag: W/"628cee72-1ed2"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ubD7Phqv%2B4CMOThrJk8AldnWyeNaiLHbgXJnnTJxoL5PBYHG7GuNxyDZfXABaGE7TK3sZhmozYa9tPmCNwmHC50Q42f4Z8ZnUFuGNIOM7hlG3QSS5h3wuUg%2BT9R6n%2BaTOOTCSOL6%2Fdd2NIc8bZ4j2Qu3Emo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6ddcc56969-FRA
expires: Sun, 18 Feb 2024 17:00:42 GMT

GET
H3 200 bunyad-theme.js Show response
www.payetteforward.com/wp-content/themes/smart-mag/js/ 33 KB
12 KB 47ms
46ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/themes/smart-mag/js/bunyad-theme.js?ver=2.5.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

57f7117e895cffdd63c9588a8975b3842c00083c4cef4ccebadbfb55f4810607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277658
cf-polished: origSize=44001
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Mon, 08 Jun 2020 23:53:03 GMT
cf-bgj: minify
server: cloudflare
etag: W/"5edecf5f-abe1"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHDfllV8GOU9jIneaozg%2B9o%2BmWbQc45UnllP6ahsaQjLQE410UmuxW0gEyTA0xI3RuA6EXhEKBIgwdet5unvjspJV17KCKaffXTCs422%2Bk66NwZXMGUBwqZ%2FSCrv8%2BoqnQMcg3vla6VnHOR8r4dioK5yA74%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6ddcc66969-FRA
expires: Sun, 18 Feb 2024 17:00:41 GMT

GET
H2 200 jquery.flexslider-min.js Show response
cdnjs.cloudflare.com/ajax/libs/flexslider/2.7.2/ 23 KB
6 KB 29ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flexslider/2.7.2/jquery.flexslider-min.js?ver=2.7.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e1a3fc0ee5a71ce8585a3464a579461e0dc853ce9073beb88297babe8d2b701

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3895917
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5869
last-modified: Mon, 04 May 2020 16:10:06 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5e-5a31"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QehFYT1a717sDQBpiMqZDTazhwOPv%2Bt%2BJucevGA%2BC6wbOrIbAk%2FrI8JzsyBpzuD0T0J7GUOr%2F2e9X%2F%2BpHD4tbrR%2FlsRat%2FG%2FqtroQc4kBgJFyxAfknT0aweeB3U3Pg1ajphXvWNsEeCPIYBbia8ImRpW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 849b1d6dfe539a0f-FRA
expires: Sat, 11 Jan 2025 22:08:20 GMT

GET
H3 200 script.js Show response
www.payetteforward.com/wp-content/plugins/sendy-widget/js/ 390 B
877 B 39ms
39ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-content/plugins/sendy-widget/js/script.js?ver=5.9.1

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

49f928b3256c4ccca5095edbb0073ec9ae139256df0378dcc3d684786f11e201

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277658
cf-polished: origSize=492
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 09 Dec 2021 17:31:31 GMT
cf-bgj: minify
server: cloudflare
etag: W/"61b23d73-1ec"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpEv8BZzKcJ6YAlikWOxc3Ay84H3PzWqDgfc2HrNwV8uqEcxX4n3VjCij%2F3bEQEkMIpYFlQAcrg2tl%2Fnvl9SIYLoG%2FScC5MzT%2FOmbav%2Bd8uQcmwqpeq81MN2hIvo7%2B7afc4xusCpKUVVhexZkMEzQrPEVgM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6ddcc76969-FRA
expires: Sun, 18 Feb 2024 17:00:42 GMT

GET
H3 200 jquery-migrate.min.js Show response
www.payetteforward.com/wp-includes/js/jquery/ 11 KB
5 KB 40ms
40ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 255305
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 06 Jan 2021 23:05:44 GMT
server: cloudflare
etag: W/"5ff64248-2bd8"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysxB6s7dmzpQsboNu0BK2XEx%2FndXOD9iouqvtJa9KrJGoJOZFaGX0BVUcKFrfNFaTfQCC%2F2o1vRP4NMVLn1qGJ1Uxnf%2FGaUS0q3EexPWqysVOVwQ0EOAmSCMELLhTBfMu2fmHN1vdJf8K13r9h%2F8cWeksY4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6ddcc86969-FRA
expires: Sun, 18 Feb 2024 23:13:15 GMT

GET
H3 200 jquery.min.js Show response
www.payetteforward.com/wp-includes/js/jquery/ 87 KB
32 KB 33ms
33ms Script
application/javascript 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payetteforward.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277658
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 21 Jul 2021 23:36:39 GMT
server: cloudflare
etag: W/"60f8af87-15db1"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYqGvWnIhlyZnjEziHEUXD6XffAlMlu%2F1IaOwNr3RUO1Jjmvf6jUlqDA%2BbaRlST1L77Doxybd72D3nscChWkoAkFjjOV4bAyhQeJzdQqCOnzmGpOjI0GSo4%2BCn1qNwY3wn90RWPfPyO0qfA43Ms8QkELWLg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 849b1d6ddcc96969-FRA
expires: Sun, 18 Feb 2024 17:00:42 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
373 B 100ms
17ms XHR
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.payetteforward.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
25 KB 15ms
15ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/7v1p9iihwu?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
last-modified: Thu, 18 Jan 2024 15:10:56 GMT
etag: W/"0x8DC1837ABBF2420"
vary: Accept-Encoding
x-azure-ref: 20240122T220820Z-21pbgus95h4km3v9mbghvp0zfw00000005cg00000000v6u3
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 0cdf34bf-301e-002f-59bc-4a2310000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=69450024&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payetteforward.com%2F&ul=en-us&de=UTF-8&dt=Payette%20Forward&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAAAjAAQCAC~&jid=515898834&gjid=410524422&cid=1712327010.1705961300&tid=UA-41913908-1&_gid=2000628359.1705961300&_r=1&_slc=1&gtm=45He41h0n71KD2DGXv71454992&cd1=David%20Payette&cd3=frontpage&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1584976905

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=69450024&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.payetteforward.com%2F&ul=en-us&de=UTF-8&dt=Payette%20Forward&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=731ehj&_u=aDDAAAAjAAQCAC~&jid=&gjid=&cid=1712327010.1705961300&tid=UA-41913908-1&_gid=2000628359.1705961300&gtm=45He41h0n71KD2DGXv71454992&cd1=David%20Payette&cd3=frontpage&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd5=https%3A%2F%2Fclarity.microsoft.com%2Fga%2F7v1p9iihwu%2F1q6uhc8%2F731ehj&z=1103720033

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 21 Jan 2024 23:00:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 83261
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 17ms
17ms XHR
text/plain 2a00:1450:400c:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-41913908-1&cid=1712327010.1705961300&jid=515898834&gjid=410524422&_gid=2000628359.1705961300&_u=aCDAAAAiAAQCAC~&z=890174311

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 22 Jan 2024 22:08:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
302 B 490ms
194ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.payetteforward.com
Date: Mon, 22 Jan 2024 22:08:20 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 40ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-41913908-1&cid=1712327010.1705961300&jid=515898834&_u=aCDAAAAiAAQCAC~&z=1285353667

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-41913908-1&cid=1712327010.1705961300&jid=515898834&_u=aCDAAAAiAAQCAC~&z=1285353667

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/ 132 KB
27 KB 53ms
17ms Script
text/javascript 2606:4700:4400::ac40:90a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/config.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=6;
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 740136e6df0830c6b5c38978f3d055af13fb56f9b5653202468cb0223e7cdd67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Jan 2024 21:00:56 GMT
server: cloudflare
x-amz-request-id: DKYH4R9TH9M6VZSQ
age: 173
etag: W/"2af2c62ac1088dff472ccc6a03bc192f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 849b1d720ea93633-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: LDQAYZog9ACRdWQh14I0XrSquhdMr6KlUvYaXrdxr/Zx7Sv22Tx5EgUzYdWGRmnbPVRuo8CBT9A=

GET
H2 200 udm-r3_v2.23.3.js Show response
bid.underdog.media/ 490 KB
161 KB 96ms
20ms Script
application/javascript 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=6;
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0b59c84236e1aa480f6e46307bc58e447153f649c3e78390495b1ae6ef08730b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 24 Dec 2023 03:05:49 GMT
content-encoding: gzip
via: 1.1 49039a44484a184312d8f608c205b640.cloudfront.net (CloudFront)
last-modified: Tue, 05 Dec 2023 19:41:45 GMT
server: AmazonS3
x-amz-cf-pop: ZRH55-P1
age: 2574152
etag: "0550b0566d3b7839b95eb11004434e2f"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 163970
x-amz-cf-id: XkkJGA0XrOO2Bbzeyb7eCyUbeZyrC_NRainQk4Aob6BXQ150JXnbgg==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 55ms
8ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=6;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 45a4c240a17a4d5f925ef0e125b86d882c6ad7549028d9cbf6f4f06fd1dd897d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: gzip
etag: "bvEECQq4Zy6gU9J/qv1O6Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 29 Jan 2024 22:08:20 GMT

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.7378308
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.7378308
https://udmserve.net/udm/fetch.pix?dt=1;apnid=6245561651582914746;cb=0.7378308

43 B
612 B

219ms
153ms

Image
image/gif

68.71.249.118
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;apnid=6245561651582914746;cb=0.7378308
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Toronto, Canada, ASN46562 (PERFORMIVE, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 22:08:21 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
an-x-request-uuid: e6d30769-e41e-4e23-95a6-0d2f55ebb5d0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://udmserve.net/udm/fetch.pix?dt=1;apnid=6245561651582914746;cb=0.7378308
x-proxy-origin: 178.162.209.135; 178.162.209.135; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ 0
42 B 80ms
19ms Image
text/plain 185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.7378308
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-length: 0

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.7378308%3Bindx%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.7378308%3Bindx%3D&s=199174&C=1
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.7378308;indx=Za7nVE6SDrw-KYAGO2r0ggAADJ4AAAAB

43 B
624 B

153ms
153ms

Image
image/gif

68.71.249.118
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.7378308;indx=Za7nVE6SDrw-KYAGO2r0ggAADJ4AAAAB
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Toronto, Canada, ASN46562 (PERFORMIVE, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 22:08:20 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hsw1eC3VB3FMwdo0YzSDpA0GvRU%2FPoht7%2FXqR6OaH9p42TzTHJQ5woXlgbhLhBZUe%2Bo2GvG2jJxFFY%2BId01m7%2F6tXnRFJA0AshnAe9zx9Ij6GhDPHH9SWcghVlzcq8eDLzt%2B5M97BeX%2FKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.7378308;indx=Za7nVE6SDrw-KYAGO2r0ggAADJ4AAAAB
cache-control: no-cache
cf-ray: 849b1d721c782bea-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58806/ 0
125 B 47ms
9ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58806/sync?redir=true&cb=0.7378308

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 us
sync.go.sonobi.com/ 0
401 B 784ms
567ms Image
text/plain 2607:f350:3:2569:0:10:0:d
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.7378308%3Bsonobi%3D%5BUID%5D

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-179
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-west.rubiconproject.com/exchange/ 0
239 B 666ms
159ms Image
image/gif 8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=24042&cb=0.7378308
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 6683ee3a8662a9679fcacb9fe223a3f8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://cm-x.mgid.com/4c7eda2d9428691cd8f54d15244a36a7.gif?ccpa=0&gdpr=0&redir=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bmgid%3D%5BUID%5D
https://udmserve.net/udm/fetch.pix?dt=1;mgid=a45f7ca2-a627-4da1-be37-ff44306ea1aa

43 B
628 B

255ms
153ms

Image
image/gif

68.71.249.118
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;mgid=a45f7ca2-a627-4da1-be37-ff44306ea1aa
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Toronto, Canada, ASN46562 (PERFORMIVE, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 22:08:21 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 22 Jan 2024 22:08:20 GMT
Transfer-Encoding: chunked
Location: https://udmserve.net/udm/fetch.pix?dt=1;mgid=a45f7ca2-a627-4da1-be37-ff44306ea1aa
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=5
Expires: 0

GET
H2 200 rules-p-effSsmMYCbAck.js Show response
rules.quantcount.com/ 160 B
634 B 84ms
18ms Script
application/javascript 2600:9000:25a2:d400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-effSsmMYCbAck.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:d400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4110d145ad25681a3ef677782ec9a807407fe09b028c2ea15648833ed9cac60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:35:18 GMT
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
age: 1983
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 22:21:01 GMT
server: AmazonS3
etag: "435cbd9bc4b3440e866ad1f4f7d1ef02"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: PAOACOz2UZQu3BBsPkfoqDlaLBlyJvWUpUKCN4jwWNCDgw3mxaGLTA==

GET
H2 200 rules-p-Pz67dCqdsHfxh.js Show response
rules.quantcount.com/ 160 B
633 B 83ms
18ms Script
application/javascript 2600:9000:25a2:d400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-Pz67dCqdsHfxh.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:d400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11b2088deff6ac044087d2ef9e23453bc600e5e505f5cca9bd62a4cfe6d11a74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:27:10 GMT
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
age: 2471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:00:33 GMT
server: AmazonS3
etag: "eee1bd1fc55b604b66cd9e63c4f811b8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: MTiGbNqz-3-03HQTAt-LlcCmYuVZ8lhKABX1uG1Q3xwap3B1o8GBtw==

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/prebid/202401101304/ 190 KB
59 KB 23ms
22ms Script
application/javascript 2606:4700:4400::ac40:90a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/prebid/202401101304/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/UZYxC75kqDLRiEd9GoEYOmovVVM/prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75a1e951e3218a586ec9aaf42a8e1b079064b9901bbc38c9044d9b39cf8f7af4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 10 Jan 2024 18:05:15 GMT
server: cloudflare
x-amz-request-id: 6PVKNFXZ141P0GTZ
age: 966119
etag: W/"cbc709846a1142e21204a72b0eceba69"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 849b1d723ece3633-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uQoWyXeGhBpzpv4clzdOh1HuhMTn5WilG+oDTSEeiLDYDyCgypMhreXvVQ0AzBgYY7X56rEOxzM=

GET
H2 200 pixel;r=1676357746;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.payetteforward.com%2F;uht=2;fpan=1;fpa=P0-526169853-1705961300822;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=p...
pixel.quantserve.com/ 35 B
371 B 18ms
9ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1676357746;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fwww.payetteforward.com%2F;uht=2;fpan=1;fpa=P0-526169853-1705961300822;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=payetteforward.com;dst=1;et=1705961300908;tzo=-60;ogl=locale.en_US%2Ctype.website%2Ctitle.Payette%20Forward%2Curl.https%3A%2F%2Fwww%252Epayetteforward%252Ecom%2F%2Csite_name.Payette%20Forward%2Cimage.https%3A%2F%2Fwww%252Epayetteforward%252Ecom%2Fwp-content%2Fuploads%2F2020%2F05%2FFacebook-Cover%252Ejpg%2Cimage%3Awidth.851%2Cimage%3Aheight.315%2Cimage%3Atype.image%2Fjpeg;ses=1f44065e-a73d-4cd0-8beb-8e784f51e9c0;mdl=

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=1265173399;labels=edge.1%2Csid.15839;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.payetteforward.com%2F;uht=2;fpan=1;fpa=P0-526169853-1705961300822;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208...
pixel.quantserve.com/ 35 B
371 B 19ms
10ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1265173399;labels=edge.1%2Csid.15839;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fwww.payetteforward.com%2F;uht=2;fpan=1;fpa=P0-526169853-1705961300822;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=payetteforward.com;dst=1;et=1705961300909;tzo=-60;ogl=locale.en_US%2Ctype.website%2Ctitle.Payette%20Forward%2Curl.https%3A%2F%2Fwww%252Epayetteforward%252Ecom%2F%2Csite_name.Payette%20Forward%2Cimage.https%3A%2F%2Fwww%252Epayetteforward%252Ecom%2Fwp-content%2Fuploads%2F2020%2F05%2FFacebook-Cover%252Ejpg%2Cimage%3Awidth.851%2Cimage%3Aheight.315%2Cimage%3Atype.image%2Fjpeg;ses=1f44065e-a73d-4cd0-8beb-8e784f51e9c0;mdl=

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 rrv7.js Show response
bid.underdog.media/ 2 KB
1 KB 19ms
19ms Script
application/x-javascript 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/rrv7.js
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2648538218810c38d1a9976c5d28a55e9b1dea3e503932e00419f7c82b136a0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 20:27:53 GMT
content-encoding: gzip
via: 1.1 49039a44484a184312d8f608c205b640.cloudfront.net (CloudFront)
last-modified: Mon, 22 Jan 2024 20:00:03 GMT
server: AmazonS3
x-amz-cf-pop: ZRH55-P1
age: 6029
etag: "a1ebf5fd003753c1eb196f80983070c5"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=7200
accept-ranges: bytes
content-length: 795
x-amz-cf-id: jA_rd9fX3qnilyTtizEIT-4nw1PVpz38p-4loDxp1cAIcnEQB5zjKQ==

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
175 B 71ms
14ms XHR
text/plain 145.40.97.66
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Mon, 22 Jan 2024 22:08:20 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://www.payetteforward.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
118 B 69ms
17ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.payetteforward.com
date: Mon, 22 Jan 2024 22:08:21 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 13 KB
7 KB 190ms
190ms XHR
application/json 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

b9fb40a5b3a55be44cabff815a499a7d90d34da8343767f7edebf8e0cf657e84

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
content-encoding: gzip
an-x-request-uuid: d8b4e4b0-c1d5-47bb-9a3a-f318b0c45dbc
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 178.162.209.135; 178.162.209.135; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
underdogmedia-d.openx.net/w/1.0/ 73 B
374 B 69ms
24ms XHR
application/json 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://underdogmedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.payetteforward.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=&nocache=1705961301621&sua=%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D&pubcid=5fcf920c-c961-4142-9332-e9d8d9323964&schain=1.0%2C1!udmserve.net%2C3187%2C1%2C%2C%2C&aus=728x90&divids=slider-middle-728x90&aucs=slider-middle-728x90&auid=558951699&aumfs=170
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 0be985080be85a1d48544f083b39ded06c758c489bcfa04b7860058e805c6fc0

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.payetteforward.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
201 B 120ms
73ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.8.0&cb=18174437073&lsavail=1

Requested by

Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.payetteforward.com
date: Mon, 22 Jan 2024 22:08:21 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 294ms
206ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=24042&site_id=403056&zone_id=2257012&size_id=2&p_pos=atf&rp_schain=1.0,1!udmserve.net,3187,1,,,&eid_pubcid.org=5fcf920c-c961-4142-9332-e9d8d9323964%5E1&rf=https%3A%2F%2Fwww.payetteforward.com%2F&tg_i.domain=payetteforward.com&tg_i.page=https%3A%2F%2Fwww.payetteforward.com%2F&tg_i.pbadslot=slider-middle-728x90&tk_flint=pbjs_lite_v8.8.0&l_pb_bid_id=15f1f44367e738c&p_screen_res=1600x1200&rp_floor=0.1758241758241758&rp_secure=1&rp_hard_floor=0.18&rp_maxbids=1&p_gpid=slider-middle-728x90&slots=1&rand=0.7633003568427641
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ef0cc9b10c0a3f86a08535f0e58da53e4d68da2bff4172a7ccba30b9489c4574

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.payetteforward.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 a180398f-793b-4288-ac64-758e7b38d67c Show response
app.termly.io/api/v1/snippets/websites/ 7 KB
2 KB 245ms
227ms XHR
application/json 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aeb6d1f48af3487adeefeb452a2df688e0a3406bfc37a7d75b892a7175dde1e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rack-cors: hit
date: Mon, 22 Jan 2024 22:08:21 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: REVALIDATED
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d4b78b22-431c-4c10-ac30-7f8163f0973c
x-runtime: 0.009470
server: cloudflare
etag: W/"aeb6d1f48af3487adeefeb452a2df688"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=14400
vary: Origin, Accept-Encoding
cf-ray: 849b1d774dac6ade-FRA
expires: Tue, 23 Jan 2024 02:08:21 GMT

GET
H3 200 ip Show response
app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/ 147 B
679 B 703ms
685ms XHR
application/json 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/ip?random-uuid=7cbe56a8-ed77-700c-12fb-ea3f09e16d04

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6969a0eb16dcd4a1f69dad06aa7238b0ced59b55caaeaf8a88cf2f13c85d90a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rack-cors: hit
date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: c7802503-51a3-4197-a9c2-7252305243b9
x-runtime: 0.005913
server: cloudflare
etag: W/"6969a0eb16dcd4a1f69dad06aa7238b0"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=14400
vary: Origin, Accept-Encoding
cf-ray: 849b1d774dae6ade-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&RedC=c.clarity.ms&MXFR=00BF71088E4562D3283565068A456CF5
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&MUID=181BE12DB3CE6CAC2B34F523B2A56D67

42 B
464 B

29ms
29ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&MUID=181BE12DB3CE6CAC2B34F523B2A56D67
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
last-modified: Wed, 10 Jan 2024 21:11:32 GMT
server: Microsoft-IIS/10.0
etag: "d765ee95944da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A07B2BE18184BAB8C4E82BB65FA78B9 Ref B: FRAEDGE1411 Ref C: 2024-01-22T22:08:21Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=17849EF7E5E24CA0A9796B97D4743AC0&MUID=181BE12DB3CE6CAC2B34F523B2A56D67
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 Payette-Forward_Logo.svg
www.payetteforward.com/wp-content/uploads/2020/06/ 11 KB
4 KB 38ms
37ms Image
image/svg+xml 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2020/06/Payette-Forward_Logo.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

766a2e1984e6104f641176065f6806f1119a74a8703473c69658048146129997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88567
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Tue, 09 Jun 2020 14:33:57 GMT
server: cloudflare
etag: W/"5edf9dd5-2b36"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3CZTTl60AEsTTsCcRhoq4qW8vHgiIDlgHkDhi0Wkhl4TotUaBadSs47AMBuzmmkYqPC%2BqRzWV3BKummxHNYBZTiM2GIEjvH638lHdC4%2FXpLKSMKJ9Q3PbgjGsMXSXx7Fird7kOGoGHiO8wvOOPj1kX8K0w%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 849b1d776cc36969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slack-not-working-on-iphone-fix-351x185.jpg
www.payetteforward.com/wp-content/uploads/2022/03/ 8 KB
9 KB 32ms
31ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2022/03/slack-not-working-on-iphone-fix-351x185.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

3830a7d5c4337d74371e2001d727220eed470a3b266ce77f2cede611d67c15b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85484
cf-polished: qual=85, origFmt=jpeg, origSize=11750
x-powered-by: WordOps
content-disposition: inline; filename="slack-not-working-on-iphone-fix-351x185.webp"
alt-svc: h3=":443"; ma=86400
content-length: 8694
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 24 Mar 2023 20:38:36 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "641e0a4c-2de6"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rI5XR6Xwg77awtWyQ8XPy12iSuH6VT5NmDQt6jbo18RHJLKFU7eQQd0zrANGYLc8JLiPu1HI2GsDFzsNtWx%2BWRiA%2FDyv9%2F6nO433mhwFCCGrZEuIMTWcbmrjwlu4hG2neMYTZlzqdzIzdCSZLgZ5yVsZUs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776cc46969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 TikTok-Not-Working-On-iPhone-Heres-The-Fix-168x137.jpg
www.payetteforward.com/wp-content/uploads/2018/12/ 2 KB
3 KB 33ms
32ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2018/12/TikTok-Not-Working-On-iPhone-Heres-The-Fix-168x137.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

1d1a47905ad72cec0ada3490ecaa76e42dd89db8838c3254b8bcf46a81564865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85484
cf-polished: qual=85, origFmt=jpeg, origSize=3730
x-powered-by: WordOps
content-disposition: inline; filename="TikTok-Not-Working-On-iPhone-Heres-The-Fix-168x137.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2210
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 07 Dec 2018 18:45:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "5c0abfcb-e92"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CnpmzkaVK8rCED9DJ6j7e5BrnlA6iQnP%2BsEH%2F3TV3eHjCVcycgVzBcJIUpBDc4aafLT9PsWwGWIBujDQrh7HDp5%2FpWnM5K8LlFDs3lAtANzehA%2B3DzHhXU64Phb%2FhhNf1DhKeU3%2FRx3igupRF5RgawUHmE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776cc56969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 How-Do-I-Block-Spam-Calls-On-iPhone-Heres-The-Fix-168x137.jpg
www.payetteforward.com/wp-content/uploads/2023/01/ 3 KB
4 KB 50ms
50ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2023/01/How-Do-I-Block-Spam-Calls-On-iPhone-Heres-The-Fix-168x137.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9b32b017ebeafd57cbe164d1b28a8d62e4193aca8dcc8dabfbceffa04fee55b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85484
cf-polished: qual=85, origFmt=jpeg, origSize=5386
x-powered-by: WordOps
content-disposition: inline; filename="How-Do-I-Block-Spam-Calls-On-iPhone-Heres-The-Fix-168x137.webp"
alt-svc: h3=":443"; ma=86400
content-length: 3342
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 24 Mar 2023 18:27:15 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "641deb83-150a"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=heDwRsA6laXKBZIf5CW%2FDnhmF4prifhAGO9UvFgWOS6kLGFVVPm8w%2BJNm%2FGv7fJwhEPuofCE8GSESQb7Iqg4eXY71GeeoznJvSLS9Rq4AoRs0ini7ffg%2BrDdJ9Hst1sxxNEyBDqktWuzavQje%2BPSjpiMZWU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776cc66969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 iphone-shortcut-for-battery-cycle-count-702x439.jpg
www.payetteforward.com/wp-content/uploads/2023/01/ 22 KB
23 KB 44ms
43ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2023/01/iphone-shortcut-for-battery-cycle-count-702x439.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

f7f21bbe8b2d099eee3797fa0d65b1c45e4dd06f805fc8418986b8ca4aac37c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85484
cf-polished: qual=85, origFmt=jpeg, origSize=46107
x-powered-by: WordOps
content-disposition: inline; filename="iphone-shortcut-for-battery-cycle-count-702x439.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22716
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 04 Jan 2023 22:33:39 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "63b5fec3-b41b"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kTFzI1KEIDaS7khSMU3XRU0KpzB6gHwH40oWENovVHDu0nRb0KZxb4SW1vxf0lPfbFPFJ06lmi3Hh6o0yhJV04UB5GT%2FNcUdF4j7vzAuMuDFzTjWjRVm%2B3No2C1LiCQqiIfh7xbRoJ3dQxEdTANN16Ph3Y%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776cca6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 iphone-cant-find-fitbit-fix-702x439.jpg
www.payetteforward.com/wp-content/uploads/2020/07/ 13 KB
14 KB 36ms
35ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2020/07/iphone-cant-find-fitbit-fix-702x439.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

58ecbb5b37c594cc57227155ad3391f84eabba836559b7f2ff4f801b3e1930f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85484
cf-polished: qual=85, origFmt=jpeg, origSize=27471
x-powered-by: WordOps
content-disposition: inline; filename="iphone-cant-find-fitbit-fix-702x439.webp"
alt-svc: h3=":443"; ma=86400
content-length: 13804
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Mon, 20 Jul 2020 13:27:21 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "5f159bb9-6b4f"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9K9Ag8mp9mJECVppKEu3uUfHsoQtwkFYZsjsua30h1%2BCAcf99wIPmAIZig%2Fu8pqzVv0EtiCB6wqiqfhaPr9nbyxTcZeJ1cj8lnFTVPYUIctsvKdi%2FnR2SQ%2Bqy39PGAnzMQ2BxvOHzFN3Py1ApRokZUxTHM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776ccb6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 apple-airtags-not-working-fix-110x96.jpg
www.payetteforward.com/wp-content/uploads/2020/09/ 4 KB
5 KB 510ms
510ms Image
image/jpeg 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2020/09/apple-airtags-not-working-fix-110x96.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

922d55b2aad07c7199f4f4dc75e47928b0f08395b94d89675b5f6d18402249c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
content-length: 4079
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Tue, 08 Sep 2020 19:05:43 GMT
server: cloudflare
etag: "5f57d607-fef"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjE1Zgwft0yCSoRs2BLg9VW2gTBAstlRfRMK3W9T1p9od4%2FbI%2FBLBC%2FbMEoDF7tpfehtnyHIPQ3SI%2F3NeypODBhpQj%2F8Sp4SG%2BsUQL%2B87KVJPel1DDYf646KHt164UtDmLKRMaZXGkhFLarjL00EpfUElKE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d776ccc6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 68 B
68 B Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1dd07d410cf12478e9fedd90262cc824b7e8143b578bea4fd47b4cd3f608bc47

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Why-Does-My-iPhone-Battery-Die-So-Fast-Heres-The-Real-Fix-702x336.jpg
www.payetteforward.com/wp-content/uploads/2017/10/ 10 KB
11 KB 35ms
34ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2017/10/Why-Does-My-iPhone-Battery-Die-So-Fast-Heres-The-Real-Fix-702x336.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

f5a50538e93b491d1027591b0b6f06731e07fb29b284c71eb260219bdfc50b37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85459
cf-polished: qual=85, origFmt=jpeg, origSize=16705
x-powered-by: WordOps
content-disposition: inline; filename="Why-Does-My-iPhone-Battery-Die-So-Fast-Heres-The-Real-Fix-702x336.webp"
alt-svc: h3=":443"; ma=86400
content-length: 10012
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 14 Sep 2018 14:35:20 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "5b9bc728-4141"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsjaRQrgZNm1crCVivWJq4VymeoR4DQMJRmp%2FGwqtVLt81ay1h2UWReKePYBmPnf8ZV5PdS5YIEEvJZt2Ik1GHViQS2Y0LTsKzJRivrBiCJvgzM1Ujl5wsmJg8aevtNX0Wk5msvwkFdMSf3OvZb6uEFaOfU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d777cd76969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 My-iPhone-Wont-Charge-Heres-The-Real-Fix.-702x336.jpg
www.payetteforward.com/wp-content/uploads/2018/01/ 6 KB
7 KB 37ms
37ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2018/01/My-iPhone-Wont-Charge-Heres-The-Real-Fix.-702x336.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

54e1c3b691fad00b895d6ea8be4188c7d1253d56f4d1ae564e30e0de40cb5c1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85459
cf-polished: qual=85, origFmt=jpeg, origSize=15115
x-powered-by: WordOps
content-disposition: inline; filename="My-iPhone-Wont-Charge-Heres-The-Real-Fix.webp"
alt-svc: h3=":443"; ma=86400
content-length: 6588
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 14 Sep 2018 14:40:17 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "5b9bc851-3b0b"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUVNSfbMpi9qWQF0ppUc2ILmZDcdYxF6N14pl%2BxsEsj2IqaP%2BC0l%2FvVySP2jzaPQBMf%2FrgFkYUS0EVys09%2B67bcruXfKYKeRGLTtzFQ5K4Ym7wf6SxZUHoueuXCTNcSe36q70qkxGCZOWR8fkymOUA%2BpG7s%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d777cd86969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Why-Is-My-Phone-So-Slow-702x336.jpg
www.payetteforward.com/wp-content/uploads/2021/08/ 13 KB
13 KB 43ms
42ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2021/08/Why-Is-My-Phone-So-Slow-702x336.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

21ed3fbbab468b6be3fc966ae6abfadb34aac3cfcee091b2e3cc8323cbaa36d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85459
cf-polished: qual=85, origFmt=jpeg, origSize=25411
x-powered-by: WordOps
content-disposition: inline; filename="Why-Is-My-Phone-So-Slow-702x336.webp"
alt-svc: h3=":443"; ma=86400
content-length: 13080
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Nov 2021 16:39:07 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "6195302b-6343"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRjiyONUtP7uuJlN2M0BdE%2FBuPq7ydN40lNaWMZf2InyNN2efbhVjf7Hut9%2B219EC4JNw738Rl09rY0EtGk%2BZ6XbmuD2EsCToZtocPWlMBv0AwfsA6fafT35y4AHae%2Fwdo4wCJQB6efWcV6u%2FmvadLspHzE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d777cda6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Why-Does-My-iPhone-Get-Hot-My-Battery-Drains-Too-The-Fix.-702x336.jpg
www.payetteforward.com/wp-content/uploads/2017/08/ 15 KB
16 KB 689ms
689ms Image
image/jpeg 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2017/08/Why-Does-My-iPhone-Get-Hot-My-Battery-Drains-Too-The-Fix.-702x336.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

d14ae5d5a8ff7ae8308abf35e47e40f4e14aa0e6853f5a7b40aa552589a5b68b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
content-length: 15355
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 14 Sep 2018 14:45:24 GMT
server: cloudflare
etag: "5b9bc984-3bfb"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6UIS8aLDmNohYJmU%2Byo0WwLnQL7Gr%2BWhtPGxvksyaWhFzbOsTkcHfW3Kl0agrv5QpeVYcvbsv1azWKE476c%2F7sqMJ6jMMh5muE0I15j8S%2FKsX%2FG2OVDplr7mkJbUig0Gdz3F%2F%2BYJIi3pnteQdUEtOk1p%2Fns%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d777cdc6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 What-Uses-Data-On-iPhone-Using-Too-Much-The-Fix-702x336.jpg
www.payetteforward.com/wp-content/uploads/2017/10/ 7 KB
8 KB 43ms
43ms Image
image/webp 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payetteforward.com/wp-content/uploads/2017/10/What-Uses-Data-On-iPhone-Using-Too-Much-The-Fix-702x336.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

cdf861d17ccfb5484653c6faa83194e3cdd22d77f8c184563350aef2fe6b24c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85459
cf-polished: qual=85, origFmt=jpeg, origSize=16810
x-powered-by: WordOps
content-disposition: inline; filename="What-Uses-Data-On-iPhone-Using-Too-Much-The-Fix-702x336.webp"
alt-svc: h3=":443"; ma=86400
content-length: 7594
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 14 Sep 2018 14:37:20 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "5b9bc7a0-41aa"
x-download-options: noopen
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRVSC1v3fXPB9A8M5WYtFqTFnaM9IuSePMiQLoHA1RHMb%2B5uBaA4%2FrJQbQ9F9sX70acphh0h5qmdXb16aBoXd65GK4aNsD%2BDgUc7qgZYLvIeo2kD3TEKgX5BkLDNxpKnhBNAQN9lv9gus3eaZwoDNVuqwN4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 849b1d777cde6969-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
302 B 95ms
94ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.payetteforward.com
Date: Mon, 22 Jan 2024 22:08:21 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
www.payetteforward.com/fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 33ms
33ms Font
font/woff2 2606:4700:20::ac43:460d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payetteforward.com/fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:460d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Request headers

Referer: https://www.payetteforward.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56404
alt-svc: h3=":443"; ma=86400
content-length: 48236
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apFeuUV%2BPLKl%2FwHYO5jGFaUHQg7QC5%2F3edYmiXm1QoBJavriJcmIZ92kvVY4%2BgH7FVmVOtg1XOeiwK3BTbNYZwIYyRjobjsITRxSBvjMOsj2JuwmuLN5V74Q%2FFLxtrPOq6DX5sK9gIxUiOGCb5lqAGKoydA%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=31536000
cf-apo-via: proxy
accept-ranges: bytes
cf-ray: 849b1d790e4b6969-FRA
expires: Thu, 16 Jan 2025 11:02:10 GMT

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ Frame 5C3F 0
813 B 155ms
155ms Script
application/x-javascript 68.71.249.118
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=15839;tid=1;dt=7;p=1;rri=1705961300682_604545_178.162.209.135;mid=47782;zzz=%5B47782%2C1705961300%2C%22UAk%2BwU7yfLGC1psVe%2FIP%2Bg%22%5D;version=v2.23.3-confiant;cb=0.7026113079418872;qqq=2.2426553038797934;session=1;style=slider;vis=visible;traffic_info=%7B%7D;gdprApplies=true;consentGiven=false;consentData=cmpMissing
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 Toronto, Canada, ASN46562 (PERFORMIVE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: application/x-javascript
Date: Mon, 22 Jan 2024 22:08:22 GMT
Expires: -1d
Connection: Keep-Alive
Content-Length: 0
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3F2C 0
466 B 65ms
42ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGKS61YACMAE&v=APEucNVUKEFzI6t3vJWJgUSlksF8PEmAunDmyDUmgjmg6WnQDnvHAnf1_5duKjyPYQTDL_k6awg6Y0RopXv91JAiL9WhpLOllApQNnx_SUzvBZM_3XlRkEDRy94CEeKaBLYisT5lw9wDNHXJsk2Ra5m4BRI050hXxFI-8on9k7VaXDt_vKZGaaQ

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 22:08:22 GMT
expires: Mon, 22 Jan 2024 22:08:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5C3F 89 KB
31 KB 113ms
90ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 22:08:22 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C3F 42 B
401 B 62ms
39ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CsOMNY7liZFUDQfPVyYn3MBneEdtrO_6nBHg2op-RdNClFHnaPtfo_HoF24l2C4C0k8t_nAdNlYbSCWLzkHiCAQA75jl31MFmHkhFT2vZbbvgvqzg

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcd253f5-51b2-417c-9466-81febe27852b
beacon-ams3.rubiconproject.com/beacon/d/ Frame 5C3F 43 B
227 B 121ms
18ms Image
image/avif 2602:803:c003:200::67
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/dcd253f5-51b2-417c-9466-81febe27852b?oo=0&accountId=24042&siteId=403056&zoneId=2257012&sizeId=2&e=6A1E40E384DA563B6D9130B8A2D56F5F74609F6FF9EE044B54DFC3DC98A3C16F03B25537348F555546F48A7B49A559BB9F0BE1F8337FD75DBF268266FEF1E10B4EBE252B90BE750F9E95566C9C6AD9BCDDA331823C1AAAB25CCA56B5FF20D6C57E663FCD02063C52271E4FC2E8AB5646B96209DB5750E94C9E9A5317B64384C74E6FC96756E5E5710B008946FF5582DA3765BC18E55A6AA751C89B0B25B86387A3ACEA20A8FF2280B497CF15BF9C676E141230101F66329ECDA10306204D320B

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::67 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:21 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 edge-logo-white.png
bid.underdog.media/ 15 KB
16 KB 18ms
18ms Image
image/png 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bid.underdog.media/edge-logo-white.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:ae00:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d443235c5040b9e5a2461f69bcef0930f5820c356830bb0c59a4953d16f8a59e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 05:57:06 GMT
via: 1.1 49039a44484a184312d8f608c205b640.cloudfront.net (CloudFront)
last-modified: Tue, 17 Nov 2020 21:08:31 GMT
server: AmazonS3
x-amz-cf-pop: ZRH55-P1
age: 1440676
etag: "876f68d4ff152e17573c3a8f3cc1a580"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15804
x-amz-cf-id: CJ7xVJ9tljLTuMNErEJeaGzjG9JjDnXS_F9NzVE8Ovhj5lIQ-koG9g==

GET
H2 200 pixel
protected-by.clarium.io/ Frame 5C3F 68 B
244 B 103ms
32ms Image
image/png 63.32.16.169
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_VVpZeEM3NWtxRExSaUVkOUdvRVlPbW92VlZNL3J1Ymljb246NzI4eDkw&v=5&s=v31hkpjf9un&id=eyJwcmViaWQiOnsiYWRJZCI6IjE5ODA0YWQzMjdlZjgyNyIsImNwbSI6MC40NDU5LCJzIjoic2xpZGVyLW1pZGRsZS03Mjh4OTAiLCJzcmMiOiJjbGllbnQifSwidHBfY3JpZCI6IlBCOnJ1Ymljb247MjI0OTo1MzgyNzEwMTIiLCJhZG9tYWluIjoiZHlzb24uZGUifQ%3D%3D&cb=3424806&h=www.payetteforward.com&d=eyJ3aCI6IlZWcFplRU0zTld0eFJFeFNhVVZrT1VkdlJWbFBiVzkyVmxaTkwzSjFZbWxqYjI0Nk56STRlRGt3Iiwid2QiOnsiayI6eyJoYl9iaWRkZXIiOlsicnViaWNvbiJdLCJoYl9zaXplIjpbIjcyOHg5MCJdfX0sIndyIjowfQ==
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.16.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-16-169.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/png
pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
server: nginx/1.18.0 (Ubuntu)
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C3F 0
58 B 39ms
38ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9458415422498&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C3F 0
56 B 39ms
39ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9458415422498&version=m202309260101&ct=76&x=8&cor=4696824352948105000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5C3F 112 KB
43 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJxSadPtM5FJ5fDcQNqytHhscGX69ISGYIUajAZPYkNIwP8W5c_OhoeZEfcuUgm38KAySBPU2H54NukbHtxg0-6PMtr_OtHbKX13Oy5mFZo_YFlA4tY-mvCImXwHdrM9sPt5E1iauaCbFb9bCVUeiWgL8sSFf8jDqn4vsyyj7FlwceMx52sfBeuSihR-NDufkaBA8l3I8QkYXT_DE3V8UT8jjvPA&dbm_d=AKAmf-A6h_Kqfsybsu6VN6KUVBd9APLYp25NP0JEIRrpzK2LqDGUiu7lZlRlfS2MVFpumEk0Y1GWio_9NH1FmF8HJ8epdtcXdzCs64vbZv_-RfmfhPkswkKL7cpp4f9Igp4UJVJpi1yhrHgWp9PWmcINfYKXmzP4p3vXzM5n-3sYgnNGGq7_Z6qiIhWGX9buT2zgAsqnWDGbUJ6UgeUQejfuX-4twPYTelK9YbJXlzc5hWz3oFoxUA5dlFuZfQnJ0v8a51SrpFk3xX5r7dYtxz_51j3BxplIEQtj21kqUyCHTjdx9yg9axfqeyCr46S0DgvhXJGcJFjzD3JW6AOcS4YtMx-Jm8kH9epNe_iPRGbya5MXySNAWvAVjvHIPvrzxYiJ0087zDQGSQiiohGrz-vN6YbuZkXXKSZ4vijREPioRELwk0MC4VoLIH0ksggkpv_VzPT-MdmQTsD7CgjJsehKz0I4VMidonJkba9mA9_0sVUgu4J2cKSHC0dCm-1r-goyq5KuR6gf6SB68ehjp-4U467ae31_Z1SOnO3sUvA5CrEpUPa4jpIHTswu0KVRykt6ft3zFreLoJrM8jxmBdxSwZoDSp1LcfzqvAAio9B9ETxAdKrZDtdVVbGrZMC6cEr_cGzY2D5vRzhff73nkvIWjgUagHKQk99b-2DahfwxuFWeYuMqRtJsoTp-DNR-KLpjTcubatPt9IjA1ZCBeZM4mP2e28ZyQZSB8cwv2VOYJZ0WrOPqzfV8uES6BQEb47c_nwUmEtMAc1QRIMhoBM2b_XSPIX8o_kmHuKr9oXSDiF5baq4P0EHTJZN9Ovavmn4r2hrXst0iqqeMwVI9f58Ef7iAuhfiLWo11AgiSZ_5NeP2Jvze0lPkv5za42Xcj2HB8HxfGg2z-b4Cin_gwGzR0M8FmeGVn7DysMBb12Y8YcnzHiV9KOvtNSkMgz8qL2JN_PURDm-RT5oFwxpJCloNqSa8OE3sm6FAZNjtDqPfYiAMKgcEN05CmupZSlQ7yk86hf6bQ-Z-hIpcaBfhn0aj52k9d_t8iOYyedzqVRfPs8dVx_At7Kz_4V2nyivHhX1imnHM6IS10prE6-ukGndBGnAYeLSTSTYWkr-ShnNj47ogpkyUt9O28GEJ-9flmmUjJ43WeUaQwMOhqIyDKpDIoSM9fwLXtya1RtZaSov7CV4hlDIDe_AOTeY2xBTX85D8Ji0pLLrFu-3FlBCxHoFsFZEjRtQHnQEbB6TCmFLeY_P8DqXyEue61BAfMvQ_0EvShxiM82tpaMCg37vGWQQIw1wT2EddViMmPnFtIuc9lMFApcohzCzOftY1ms5_rh4Vq-9nRuwFuuej1d4RVsHqVdkHGcXfGmIl164FFCthCaxTtuaLHPokEqyZzMyEB8a27hxRO1jZZtbXauOAyAQpUhhfeOAT5aHVXKZV-MdR2oBEXXRLUWsvJOaLAE4DNdWnkmSHt_wL0p1IReuHA52JMYUFnhw47j_4JOGFvPitBgpn1XCFf5jwXLLXUfYZ3IOL_wPeZ-SO9mT40P32ZqiEJx3F6nFq4EVuaXuk_Y4tvKXLguCD4w51YGwldD85wMsOexeP7t2qMbrfJpDERV1K11-l1ds9EQ-G_Gkq4JE2z3a9oHGddIylaSRtx3k91EP5C4AwvczEdEDvwMkNhvJjXMrRlSH31D3Vx7BFLFs-u4UJ982ommMtALhKygPrykv9m94l-WB2Bwetckbl_8maBhZu_qcse_PgqTuU5mWDAk_zqdBDgDa-pUSgfxks2-SALt3LojxFhKWkIqEdN_ZjFppXGD-OyLbPeoI79ahjVbmEOlbm-aBAssKCW_4-38zHmTFiHdN-UH2bum5duC5s0_lmZC1KWdP2LzA76YktFBp3vqw_i3XvYfFAvgTLnzTOBLdnPkJ6SswuqjwTErH380L0QWX9_KXxOS7vnxxYcrVvzlaSgUexae_ImPgk55cWioqpBHGZU7yu_6MSzPU9rYAfWAH5MZ_9U-D8wt436tJD0zwLTZCwB0DnBYAvhq-8RDLpN-Msqa7mcoWdmivfevTDRbV4JlMs3OoN6Jvs97Vw1j4IodVUbff5du7Zeo2f-OVo92vDR985BGg27rtXfKMUHexr7OYUJ6LQOtvSkzxy7IJNV7aSKYSy0xyjPf_32lKQlHl0L-cz_WCay1NS09MACayA0FcuYrJWQhoT4oyKo22KLc8qiipKKyEMvOJJtEHyzXHZGXhT8Iem52laXte8IoqkPvLyrn6oaphJ_rsOo3l3ndZjJL6Yysa83I0mdUyPLknsNB5Tnd0mKDTziG8WYW4zh97Gur57Zt8Yja6SDvBXGCyUitVPHUsVRodQSFPrvn9Kcej4fLWv6tya8jwYZItcdgavDYafn19zhGxCSpA0BG88nbLqJP_9-sbF7N0AFWbQ_sVU0KQ-l1O2OwIZUgvsceaTxrEZ8jQ_FsPME9bRy5C1KVXL6jObx7MvITFypONrVBs2guXBeCWu1DxHIoY7FBfqDYBnPYd0142IEXtn0TWoszAgGVgqGxbgxxmPtvOEYbg93yCEssTIW8AJEyqndMT176E0Gwdfp5MPQLHBYkfPwEp0UNVI-nNeusJgY5fjU7aD6nt4QFDTCfacq12NnkCUjUdBxF030OH6c8uQu18b8vCMnqH3cFk2MNfk_xl6Ka3GwnqOdFXuxRW436Yb1zfQ_o6kDVE_-ja6XHjhKuiSkR1ILySPxmHXeRsIq5oZ4irJw6VlXOGgWFZb1NLlwU509bmBlp-2OTjzuESVT7KCTkD9QuQKyAv5a7VmItvWpLVWVczlzL4zgVyyCKhszk0EjgL7mz3jay7Lg6nN9LlrPSQalQuPvyDS6q7Roa_ssgJnCb_t_5p4k2qpvRwax8WGJfca-_QKfjyiMt-KkrIdb5keGCD3SkpqPX3mNvwaH_U2NXv4tMMYcQRrWSFUEl00inayDdyDgOxYhNxbzVFon3KgyQ9KURxfTpTapZMFGj7H9fuT2C3Xm6pXkQrASk2jd8ZJ0bxEpRFgM7H-ZIWebgTGtwZ7aRndcyfuHPSPuDCPNEEc9f1ROFpwl3akCkSqh24yLYzCwysXaibAhqAkKlwGOlQz1eaaE44A6yV7ySEX_B5lQLb6swYW4JvI7x7UC9iGhcc_1J1ZzjJEzECc_gPI2nw3s1MTSyAfkBM99BSqfHveS0OsamCQrnNerQHlDbc321PNUTXe_c-36pNCVHoHXsfhEvFuKMKCmfEA_hFWLONCYIa01RJuuzpUmhkTw6O_txHF8FxL9QOPe7gBIGCcQYag9agjxzp2Za5Wcn4Rcdl-9k3umbsYteybl4YXqZvt1Kx6KTwHjmOWGkzZbxXQL2Se9sarceOEen81V_je7Pr07txKvKoltMfj1UXat1AQHt7laynApezbggKc83Kwo0oyNuJg8fqjUfbyTetAFsrim5aXD9E7nhhHBneqAE6DpfzeuyNDpFEOuNAi-jO2yJUqUnupyIdjUTg9Nbr5Glz4Q1HK2gzMeWZezZyoOyrqC9UyxfwvRZEI7SZEMftIK7h9pwEZ0L43scqTqPrMhC_GzOPAwMm4jxpyeTVDc4V3lFpdvMdqVB9vwJ8&pr=8%3A3C67C9687E131D79&cid=CAQSMgAvHhf_Y9mXLuWJyFu-mFFh3og8DMXpoFSiikPSZhxGHWcUdJGBbkEf66M7K_wPvBVZGAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.payetteforward.com%2F&ds=l&xdt=0&iif=1&cor=4696824352948105000&adk=2116787313&idt=143&cac=0&dtd=6

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4d3e8467aa91c9c917d6ceeb0564cb873e88561d3cbfcd9c04fb98973203bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43468
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1874223/77019492/ Frame 5C3F 269 KB
79 KB 102ms
34ms Script
application/javascript 46.137.143.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1874223/77019492/skeleton.js?ias_dspID=3&ias_campId=1015060172&ias_pubId=24042&ias_chanId=8&ias_placementId=20833643169&bidurl=https://www.payetteforward.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hhMCQmPNSt5LD-_JoPmbrK
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.143.235 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-143-235.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3caf2be2097b3ee73667f6430b175f9c876fcfc17a9cb67972688ccb057067ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5C3F 111 KB
39 KB 61ms
18ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
Origin: https://www.payetteforward.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 21:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 21:44:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240117/r20110914/elements/html/ Frame 5C3F 12 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240117/r20110914/elements/html/omrhp.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 16:30:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 16:30:46 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240117/r20110914/ Frame 5C3F 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240117/r20110914/abg_lite.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 16:30:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 16:30:46 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C3F 41 KB
14 KB 29ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:28:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 502809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 02:28:13 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2174 281 B
555 B 32ms
9ms Document
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.payetteforward.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Jan 2024 22:08:22 GMT
ETag: "280524-119-60b38417c4040"
Last-Modified: Tue, 28 Nov 2023 15:41:45 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2174 40 KB
11 KB 7ms
7ms Script
text/html 184.30.22.30
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.22.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-22-30.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: cd3bec578049163e4cd3e91e52d55040e999465b011fde978ca10b689317ac4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 22:08:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jan 2024 09:39:05 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=41423
Connection: keep-alive
Content-Length: 10964
Expires: Tue, 23 Jan 2024 09:38:45 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7A5A 38 KB
13 KB 15ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 522854
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C3F 206 KB
65 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jan 2024 22:08:22 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10479265507807087626/ Frame 50D4 8 KB
2 KB 26ms
10ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2218f4accb7ba3b0d1bd3eb3dc3c41b50816d3970ff6e2cf558e2c44bb3fabdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.payetteforward.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 79224
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2338
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 00:07:58 GMT
expires: Tue, 21 Jan 2025 00:07:58 GMT
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C3F 0
0 104ms
51ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJA24qoaYFApIPH4ijEi0AC2h3DsLlLrdu89YumNk9VqWD_U91bQKLPqhGaDWsSAUHASYR5qL0ue_3hV3iOAfYkiKGs8DcayCdD1Z4fGWjBBaPThml8tqKgnBvhyEWA73e99E8br-lN2vffQ8PUinzcPD0aOgCw7g7oldSc1p6gHqH6FCN0DP-KDGDJq14BgNC-Hlg0ZrAgsWi__tsQ4oC6YeyjDtGIN0tEt4TUxp62XFLk3zJNyZxQuidKIWM0-TeYoQgx1cqxe3ggrXG4Dgo_Gb0HzXJs8paFeagh84VVvzZZQ83_nkbgfg0sIClSeO6UBJ0BRTHFZrKn8mV5l1gedeVXKRctla1x0Z-SV6Wkj-hS4Bo4G0Nk7X3ABGfCF4frmLFDtTfJdSCV8QDCOQu0MWhhEUh3SkoEogvpKndOr3boFhs3OluTobJBDr4p1jJDewEZXwOdA1uS7VyWTpZ7tcFM5Bb1gV5hkfQNXgkOYJQTWaVfUe3jCkm3HeAr_0iARlFvbEUloKOMC1sa-92HOWgLLMs1e8lj9ODzN2loqapJmZHgt3-EnrO53yvlo54NalYGJGB4eKS3Qjb3gg6McfAn8mCld4ffvXqV20UmgYdse4w_gGqLUoMMiDRzzJM0Uo_7DojEY679JtKSFozZ_yDQMITWVpHC902iZWwlyaUBovTbZ5-d5wsvKXCoPFYce8xpA5jyJAlt-cYSgDsaX6px5rPEru0ftzvt5sinLd32e3ZSiqQH48FfRY8Pa7OnG-qAAkdUwzx4teL3uv8t5ea570PQoU8NJWZG_dU3vdkNMbhSnasXgdIfekhetH3eR2K9VOlOdP9tC6N3M1Haz-BtpohUBmsChRnXzCDNqdOHj-3hBgJxaATQ0fXSdt9mJ36U2PMMj9ikhp5iynY1mXJz0zOmZ5oedgVMqTgNt6dLctgazu-FzMCsf2JyD1nsZF86H5LhpRd1BMbiv-yDjVsvRPZQccqknXuIAPbR7O2lyOi1SS8omYmP4g-o14hFV89S9i4zA6DuEVeyTuqlXaRSbDT1T6J4G-mgq1QEeQn_N6ZsZdzkMy6X4feWKBhRFbkcfp51_IAf8yfNTVoWXPotq29VDwMm0qK9ikRAlu7XCBiaTVzn6za9Os5-9vsvAyICtUp9Bv9oihH9I6u4F_cu0rIDik05zfXaigWO_hOOQiUmA-66KpEcM2_tR-_6LD5p9wMybsA_YvwqawCeyVO246njLryXk8NS04pYZjV7xaET2CCQHEzv9boR6z9g32s3gVFvM6aCcK8GGQwZh0AA_rLIF9_pxcGXuxseh__K8W_4CIyRPY62vag5T-gITIR6pxe55Xi&sai=AMfl-YS297-DaIUdGH80J0djXZcQfI2GUTI_ch_IG6ZZjfgh0Rhi62fqBvzVNM9_6cUvPw3tXyNK7Hyb1fekxKD1UTvV38B9vqZgmw-xymgrGmx4bbs9pP7fIofgN9aa0i-gZEq3apCSIzSpafiVMI-LYE3HZ0iAl6d3GfVFI1RdsnDNVOpFeiCdEaXLtxlu927U5gSGcqf0Ot7yEfOq2TETitEFjGsPe3DMqgRGoLeqvfBbuaEi5aXYOx-vt2Y&sig=Cg0ArKJSzOF3zIfc23elEAE&uach_m=%5BUACH%5D&pr=8:3C67C9687E131D79&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=100&cbvp=1&cstd=98&cisv=r20240117.18188&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 200 statistics
app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/ Frame 0
0 189ms
189ms Preflight 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/statistics

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.payetteforward.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 600
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 849b1d7bb9eb6ade-FRA
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
date: Mon, 22 Jan 2024 22:08:22 GMT
server: cloudflare
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 201 statistics Show response
app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/ 3 B
558 B 196ms
196ms XHR
application/json 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/statistics

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43974ed74066b207c30ffd0fed5146762e6c60745ac977004bc14507c7c42b50

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

x-rack-cors: hit
date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: c0445a7e-4176-4512-b7cc-dfc6e5bcdb1f
x-runtime: 0.014166
server: cloudflare
etag: W/"43974ed74066b207c30ffd0fed514676"
access-control-max-age: 600
access-control-allow-methods: POST
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin
cf-ray: 849b1d7ceb136ade-FRA

GET
H3 200 cookies Show response
app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/documents/b4f9fe89-1ed3-40dc-ab88-148f1afc5106/ 71 KB
14 KB 641ms
640ms XHR
application/json 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/a180398f-793b-4288-ac64-758e7b38d67c/documents/b4f9fe89-1ed3-40dc-ab88-148f1afc5106/cookies

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e80e257ec82b776973dac0d7d1234f606af35c2b46633c858f6064d0177b735

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rack-cors: hit
date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: aba3fcfe-05d6-49ee-9fe6-d25858fe1c7d
x-runtime: 0.019507
server: cloudflare
etag: W/"2e80e257ec82b776973dac0d7d1234f6"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=14400
vary: Origin, Accept-Encoding
cf-ray: 849b1d7bc9f56ade-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 2174 7 B
380 B 67ms
9ms XHR
application/json 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: bcdac959321a8cf7d38f9eb638bfa14f
Expires: 0

OPTIONS
H3 204 en.json
app.termly.io/resource-blocker/i18n/ Frame 0
0 188ms
188ms Preflight 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.termly.io/resource-blocker/i18n/en.json
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: csrf-token
Access-Control-Request-Method: GET
Origin: https://www.payetteforward.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 849b1d7bda076ade-FRA
date: Mon, 22 Jan 2024 22:08:22 GMT
server: cloudflare

GET
H2 200 882.min.js Show response
app.termly.io/resource-blocker/ 488 B
425 B 16ms
16ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/882.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06edac6c5ca20a9ea53915b1a8e69cbade3b54914de72eb1a82b3b7c925e8e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6117
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-1e8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d7bc806696a-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H3 200 en.json Show response
app.termly.io/resource-blocker/i18n/ 3 KB
1 KB 187ms
186ms XHR
application/json 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.termly.io/resource-blocker/i18n/en.json
Requested by: Host: app.termly.io
URL: https://app.termly.io/embed.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95a59dd65d5607393e72e8e5b7d59110ffc318336beb55cbc8838980f309aab7

Request headers

Accept: application/json, text/plain, */*
Csrf-Token: 8e701ba5-b3a6-4db1-8d03-1d4a4a6eb42b
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-ca4"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 849b1d7d0b3e6ade-FRA
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/10479265507807087626/css/ Frame 50D4 6 KB
2 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 00:07:59 GMT
date: Mon, 22 Jan 2024 00:07:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79223
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2000
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 50D4 70 KB
25 KB 17ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1044281
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 09 Jan 2024 01:45:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "659c9715-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g5Ql0RvOSpS%2FxvdXCgO264Q3s2rveCgmLR7jantNAQnJKE0%2Fmt1GhQuD8Q5DhXsDTiwTb22pzjAeLccUfF0HI3Db2WV20EnWu3%2FDJIr4k6OLRn2JM2FEuiohygD8RcbpcQdWwUIZxsVJAdnj7iCmZw7g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 849b1d7bd8219a0f-FRA
expires: Sat, 11 Jan 2025 22:08:22 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 50D4 7 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1893755
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I81gTH3jgdiMuEoTuNMUS9kZR0jSnOVqjHTVLzJITnAdgeRERwO%2BANBFCv1JLSiTrg7lOzd32obbbV1RprAICYuN3dCIwasK%2BHek2C%2BpZo1lJ2%2BrsF9xWm4q6OeBPH06oAogntznrnssSGVCXpiyjkXA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 849b1d7bd8249a0f-FRA
expires: Sat, 11 Jan 2025 22:08:22 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 2 KB
1 KB 10ms
10ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 02:29:32 GMT
date: Wed, 17 Jan 2024 02:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 502730
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 2 KB
801 B 10ms
10ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 09:41:03 GMT
date: Wed, 17 Jan 2024 09:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 476839
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 429 B
350 B 11ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 02:26:05 GMT
date: Wed, 17 Jan 2024 02:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 502937
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 dyson-v15s-submarine.svg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 25 KB
8 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/dyson-v15s-submarine.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 00:08:00 GMT
date: Mon, 22 Jan 2024 00:08:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79222
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8356
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 33 KB
33 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 02:12:49 GMT
date: Wed, 17 Jan 2024 02:12:49 GMT
x-content-type-options: nosniff
age: 503733
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33567
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 33 KB
33 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 22:25:55 GMT
date: Tue, 16 Jan 2024 22:25:55 GMT
x-content-type-options: nosniff
age: 517347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33601
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 25 KB
25 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 17 Jan 2025 15:28:05 GMT
date: Thu, 18 Jan 2024 15:28:05 GMT
x-content-type-options: nosniff
age: 369617
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25911
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 9 KB
9 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 16:12:54 GMT
date: Tue, 16 Jan 2024 16:12:54 GMT
x-content-type-options: nosniff
age: 539728
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8971
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 5-min.jpg
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 12 KB
12 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/5-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 17 Jan 2025 18:16:04 GMT
date: Thu, 18 Jan 2024 18:16:04 GMT
x-content-type-options: nosniff
age: 359538
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12054
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/10479265507807087626/script/ Frame 50D4 4 KB
960 B 10ms
10ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Mon, 20 Jan 2025 00:49:43 GMT
date: Sun, 21 Jan 2024 00:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163119
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 930
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A5A 39 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 21 Jan 2025 09:54:39 GMT

GET
H3 200 851.min.js Show response
app.termly.io/resource-blocker/ 17 KB
8 KB 26ms
24ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/851.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69bf00f685f771369ca65e83d23716a6f23c21e62d761baa71c067d34fa68fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6123
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-4559"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d7bfa18916e-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H3 200 883.min.js Show response
app.termly.io/resource-blocker/ 7 KB
3 KB 24ms
23ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/883.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef68775d4ddd522d3e2bc0be616bf54c8fdf325c743a431c6c5573a905c0d82c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6123
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-1a8e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d7bfa1e916e-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 5C3F
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1874223/77019492/4.js?ias_dspID=3&ias_campId=1015060172&ias_pubId=24042&ias_chanId=8&ias_placementId=20833643169&bidurl=https://www.payetteforward.com/&ias_dea...
https://static.adsafeprotected.com/4.js?ias_xappb=&adContainerId=brand_safety_VueuZYORCfK1juwP-KWTkAg&cbFunctionName=goog_wrapCb_VueuZYORCfK1juwP-KWTkAg&true_pb=

1 KB
1 KB

8ms
8ms

Script
application/javascript

2600:9000:223f:6c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?ias_xappb=&adContainerId=brand_safety_VueuZYORCfK1juwP-KWTkAg&cbFunctionName=goog_wrapCb_VueuZYORCfK1juwP-KWTkAg&true_pb=
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Server: 2600:9000:223f:6c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5431bf3cd2099a41e143f4ccab7ee74d223ea22941dfd9061c5d241ed05afade

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: chJzWGuhkrqyagXtH_ztVZhv7KoeCC.y
content-encoding: gzip
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
date: Thu, 18 Jan 2024 21:47:27 GMT
x-amz-cf-pop: FRA56-P5
age: 346856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 11 Jan 2024 21:47:25 GMT
server: AmazonS3
etag: W/"eb639ea9c60fa52fae8bd853911ab0a9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: PZCSLgmnzIA7N2mIFKfXbpc7mU_5rEFHgkjy_-xDH5XrXk2H5ui4Lg==

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
server: nginx
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?ias_xappb=&adContainerId=brand_safety_VueuZYORCfK1juwP-KWTkAg&cbFunctionName=goog_wrapCb_VueuZYORCfK1juwP-KWTkAg&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 46F6 91 KB
23 KB 39ms
10ms Script
application/javascript 2600:9000:223f:6c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: www.payetteforward.com
URL: https://www.payetteforward.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 10706352
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: CaSzk96KXoR0_MD3Vee4KOwVevYNDRSpxMJbGycaBkAlC3h9iJ1IUg==

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/10479265507807087626/assets/ Frame 50D4 8 KB
8 KB 11ms
11ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10479265507807087626/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10479265507807087626/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10479265507807087626/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 00:08:00 GMT
date: Mon, 22 Jan 2024 00:08:00 GMT
x-content-type-options: nosniff
age: 79222
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 11:15:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 314ms
102ms Image
image/gif 2600:1f18:1aca:4280:799:3bcd:c321:efff
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1874223&asId=41eb07b3-22d1-a13f-6463-d6c70a371867&tv=%7Bc:24qz6S,pingTime:-2,time:86,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:493,beZ:494,mfA:495,cmA:496,inA:497,inZ:499,prA:499,prZ:502,si:506,poA:507,poZ:521,cmZ:521,mfZ:521,loA:534,loZ:536,ltA:578,ltZ:578%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:86,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B81~0%5D,as:%5B81~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:rjss,dtt:0,fm:u28fLLG+11%7C12*.1874223-77019492%7C121%7C122%7C1231%7C124,idMap:12*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:14,slid:%5Bslider-middle-728x90-frame,slider-middle-728x90%5D,sinceFw:70,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:799:3bcd:c321:efff Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
server: nginx
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C3F 0
0 278ms
278ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJA24qoaYFApIPH4ijEi0AC2h3DsLlLrdu89YumNk9VqWD_U91bQKLPqhGaDWsSAUHASYR5qL0ue_3hV3iOAfYkiKGs8DcayCdD1Z4fGWjBBaPThml8tqKgnBvhyEWA73e99E8br-lN2vffQ8PUinzcPD0aOgCw7g7oldSc1p6gHqH6FCN0DP-KDGDJq14BgNC-Hlg0ZrAgsWi__tsQ4oC6YeyjDtGIN0tEt4TUxp62XFLk3zJNyZxQuidKIWM0-TeYoQgx1cqxe3ggrXG4Dgo_Gb0HzXJs8paFeagh84VVvzZZQ83_nkbgfg0sIClSeO6UBJ0BRTHFZrKn8mV5l1gedeVXKRctla1x0Z-SV6Wkj-hS4Bo4G0Nk7X3ABGfCF4frmLFDtTfJdSCV8QDCOQu0MWhhEUh3SkoEogvpKndOr3boFhs3OluTobJBDr4p1jJDewEZXwOdA1uS7VyWTpZ7tcFM5Bb1gV5hkfQNXgkOYJQTWaVfUe3jCkm3HeAr_0iARlFvbEUloKOMC1sa-92HOWgLLMs1e8lj9ODzN2loqapJmZHgt3-EnrO53yvlo54NalYGJGB4eKS3Qjb3gg6McfAn8mCld4ffvXqV20UmgYdse4w_gGqLUoMMiDRzzJM0Uo_7DojEY679JtKSFozZ_yDQMITWVpHC902iZWwlyaUBovTbZ5-d5wsvKXCoPFYce8xpA5jyJAlt-cYSgDsaX6px5rPEru0ftzvt5sinLd32e3ZSiqQH48FfRY8Pa7OnG-qAAkdUwzx4teL3uv8t5ea570PQoU8NJWZG_dU3vdkNMbhSnasXgdIfekhetH3eR2K9VOlOdP9tC6N3M1Haz-BtpohUBmsChRnXzCDNqdOHj-3hBgJxaATQ0fXSdt9mJ36U2PMMj9ikhp5iynY1mXJz0zOmZ5oedgVMqTgNt6dLctgazu-FzMCsf2JyD1nsZF86H5LhpRd1BMbiv-yDjVsvRPZQccqknXuIAPbR7O2lyOi1SS8omYmP4g-o14hFV89S9i4zA6DuEVeyTuqlXaRSbDT1T6J4G-mgq1QEeQn_N6ZsZdzkMy6X4feWKBhRFbkcfp51_IAf8yfNTVoWXPotq29VDwMm0qK9ikRAlu7XCBiaTVzn6za9Os5-9vsvAyICtUp9Bv9oihH9I6u4F_cu0rIDik05zfXaigWO_hOOQiUmA-66KpEcM2_tR-_6LD5p9wMybsA_YvwqawCeyVO246njLryXk8NS04pYZjV7xaET2CCQHEzv9boR6z9g32s3gVFvM6aCcK8GGQwZh0AA_rLIF9_pxcGXuxseh__K8W_4CIyRPY62vag5T-gITIR6pxe55Xi&sai=AMfl-YS297-DaIUdGH80J0djXZcQfI2GUTI_ch_IG6ZZjfgh0Rhi62fqBvzVNM9_6cUvPw3tXyNK7Hyb1fekxKD1UTvV38B9vqZgmw-xymgrGmx4bbs9pP7fIofgN9aa0i-gZEq3apCSIzSpafiVMI-LYE3HZ0iAl6d3GfVFI1RdsnDNVOpFeiCdEaXLtxlu927U5gSGcqf0Ot7yEfOq2TETitEFjGsPe3DMqgRGoLeqvfBbuaEi5aXYOx-vt2Y&sig=Cg0ArKJSzOF3zIfc23elEAE&uach_m=%5BUACH%5D&pr=8:3C67C9687E131D79&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=277&vt=11&dtpt=177&dett=3&cstd=98&cisv=r20240117.18188&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.payetteforward.com
URL: https://www.payetteforward.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 311.min.js Show response
app.termly.io/resource-blocker/ 4 KB
2 KB 67ms
67ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/311.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62a18ceceb8d1de10e76104bbb8ef3decde3c53d17489b38cdc57ed34b799c9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-101d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d7ccbdd916e-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 245ms
101ms Image
image/gif 2600:1f18:1aca:4280:799:3bcd:c321:efff
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1874223&asId=41eb07b3-22d1-a13f-6463-d6c70a371867&tv=%7Bc:24qz7Y,time:154,type:e,im:%7Bpci:%7Btdr:89%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:8,o:146,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B141~0%5D,as:%5B141~728.90%5D%7D%7D,%7Bsl:i,t:146,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B8~100%5D,as:%5B8~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:true,e:,tt:rjss,dtt:0,fm:u28fLLG+11%7C12*.1874223-77019492%7C121%7C122%7C1231%7C124,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:114%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:799:3bcd:c321:efff Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A5A 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bjf_gVueuZYORCfK1juwP-KWTkAgAAAAAOAHgBAI&bg=!nJ-ln9DNAAa8BdJLnAU7ADQBe5WfOGYRQQWedjCX57AsjWeVWEkOR05AYBugQlQM1hEDcpym608i-qQX2sboj631Tq2aAgAAAJtSAAAAAWgBB5kC60hU85cD_VqMUeMOFzi2Z6K9FfKeuuKtkOQeMSXlSDfAmwb1nLEeveFEjfd2vnFs1yxGM5UH0QEde2EPW2bMZHeKddn6LnhGj3FDVr9zvvXuIKaHv8E5RMHI4r7V_xBVGn3Yjlv9CscO1bB-jjPDsalQLw9mK_EIZAnMKK7xNXBUX35GJkB8eEz0J6WMZbUHIUGAdM6SOwmxA5JG1sMOEsHYjwXDzkGrTHCZoy45Wz-zHnUs8FkLWR3l8rRPrg4QOFBCJ-4_WiOqYXeX_nqXkugiymv2-os7iWDFVwHouvuPldu5Dwz4uc2tl2Z3fQ85o8TtbYSlKlT6JRtthhwKnQWbxXxvBIoCwngMsp2RDhOZHIfKYjLH4R_hHn9xiuvfTvA1WsADIzpzmKtB9ZQoTc2XCZweTO8__c504-tr0iknYvj3MDHASZN2RTir9TOIjuDM06O3U-jHSIvzAkXagPxDvu8duaJaDs4pCV5rAe-3XQLGO1b14MvWx7LEMhm1XuOIpPPqprn6JgIC-zr69pggEPUcduAfBjePwu7wbd_v5REAvxY_LvCvFq7-xOKJtjBVAkNpKHBRA26IjKjKvL_AlwQ_-uIR62mJvhxI9sDf-NvcAZ59w-lMjqM3HjXEeuqCCRA6jMVHXtpSyJcm1dsCFeDE_toh8CYlGj--9geaJ0BUCGpGrrnOtUexycwXGGIQWz3fxjoM_qvKvCdBe6tiTm2P7KyQxQdJO2v87dNhtZzVP27MB4SqaQ_acFcPH4hYMjIYIDLeMHj-kvWVfHBE4KFfq2EPlK1LWkx410ns46XEGxZ2s9tvzZn9oK3Cpostg5MK6u9vEmpODE4-XFa2fQHiRwGfQWpRQxfoUcN0tdc2sujFSs2dTsiUzjW_TohgG1vElMYpweIb1BomOYuK-cUtI5GK4tUiAq4dnmtFjCuKcxip9l4fRIIpCHVk10z-wcOI41ETbU-rfMuLBcN_2v1rZXmokB2l5g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 733.min.js Show response
app.termly.io/resource-blocker/ 4 KB
866 B 20ms
19ms Script
application/javascript 2606:4700::6812:1fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/733.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/embed.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1fea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6b0a123972dc8c6a9e209e9f76111f623ecfb92f0ea8e0997d9733b608ac441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:08:22 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 6119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 16:34:23 GMT
server: cloudflare
etag: W/"65ae990f-1066"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 849b1d7d3ca9916e-FRA
expires: Tue, 23 Jan 2024 02:08:22 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 101ms
101ms Image
image/gif 2600:1f18:1aca:4280:799:3bcd:c321:efff
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1874223&asId=41eb07b3-22d1-a13f-6463-d6c70a371867&tv=%7Bc:24qzbA,pingTime:-10,time:378,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjIyNCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1705961302793%7C%7Ccbc54b6682605d1a78fda54ac637cc56%7C%7C09dd4f7e094d0daae996260c074cbdea%7C%7Cf026a033b31f0f0d9d5b5e2e2e6eb1bd%7C%7C3baebc04bbac75fbbdc3564af47399cd%7C%7Ce9f7385efee1c4566dc70411ee4f8b60%7C%7C1cedc361b8cdfffd1680cd9b543fa6c1%7C%7C163a6076f044353dcde3bd3493054569%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:799:3bcd:c321:efff Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:22 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C3F 42 B
64 B 69ms
53ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssitcvn0kah7iCo5fblZhdzBcvKsOSlpuNok0URbyOnv3EdiMHgcRwpB52XNA09YM6M_BTguCWJFu_qxlOo6EJ7YhlQqXHo43afXmeMW60c6mRDx8z2IFePfAj3&sig=Cg0ArKJSzCvuA2PFAtQqEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705961301924&rpt=570&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C3F 0
20 B 38ms
38ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9458415422498&version=m202309260101&ct=76&x=8&cor=4696824352948105000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 101ms
100ms Image
image/gif 2600:1f18:1aca:4280:799:3bcd:c321:efff
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1874223&asId=41eb07b3-22d1-a13f-6463-d6c70a371867&tv=%7Bc:24qzpv,pingTime:1,time:1241,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:146%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1095,o:146,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B141~0%5D,as:%5B141~728.90%5D%7D%7D,%7Bsl:i,t:146,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1095~100%5D,as:%5B1095~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:true,e:,tt:rjss,dtt:103,fm:u28fLLG+11%7C12*.1874223-77019492%7C121%7C122%7C1231%7C124,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:114%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:799:3bcd:c321:efff Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:23 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 101ms
101ms Image
image/gif 2600:1f18:1aca:4280:799:3bcd:c321:efff
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1874223&asId=41eb07b3-22d1-a13f-6463-d6c70a371867&tv=%7Bc:24qzpv,pingTime:1,time:1241,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:146%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1095,o:146,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B141~0%5D,as:%5B141~728.90%5D%7D%7D,%7Bsl:i,t:146,wc:0.0.1600.1200,ac:436.1110.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1095~100%5D,as:%5B1095~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:true,e:,tt:rjss,dtt:103,fm:u28fLLG+11%7C12*.1874223-77019492%7C121%7C122%7C1231%7C124,idMap:12*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:114%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:799:3bcd:c321:efff Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.payetteforward.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 22:08:23 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
302 B 95ms
95ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.payetteforward.com
Date: Mon, 22 Jan 2024 22:08:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
255 B 153ms
113ms XHR
application/json 35.244.193.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0015a00002y4bCYAAY&gdpr=0&src=pbjs&ver=8.8.0&coppa=0
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.193.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.193.244.35.bc.googleusercontent.com
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 22:08:24 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://www.payetteforward.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2 200 fed Show response
ups.analytics.yahoo.com/ups/58809/ 2 B
130 B 11ms
11ms XHR
application/json 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58809/fed?v=1&1p=0&gdpr=0&gdpr_consent=&us_privacy=&url=https://www.payetteforward.com/&pixelId=58809

Requested by

Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 22:08:24 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
vary: Origin
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin: https://www.payetteforward.com
content-type: application/json
access-control-allow-credentials: true

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
427 B 105ms
33ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=1324mj4&fmt=json
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.23.3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 21d2c0ce4fdce3adf43dcef276e76d320a292a2ca3e659ddf65b155254b70162

Request headers

Referer: https://www.payetteforward.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 22:08:25 GMT
content-encoding: gzip
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.payetteforward.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires: Wed, 21 Feb 2024 22:08:25 GMT

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.payetteforward.com/	1970-01-21 03:28:41	Name: _ga_6NYF58WW9Q Value: GS1.1.1705961300.1.0.1705961300.60.0.0
www.clarity.ms/	1970-01-21 02:38:17	Name: CLID Value: 32501b9667914111a77ffeba0ffae0f9.20240122.20250121
.payetteforward.com/	1970-01-21 02:38:17	Name: _clck Value: 1q6uhc8%7C2%7Cfim%7C0%7C1482
.payetteforward.com/	1970-01-20 17:52:44	Name: AMP_TOKEN Value: %24NOT_FOUND
.payetteforward.com/	1970-01-21 03:28:41	Name: _ga Value: GA1.2.1712327010.1705961300
.payetteforward.com/	1970-01-20 17:54:07	Name: _gid Value: GA1.2.2000628359.1705961300
.payetteforward.com/	1970-01-20 17:52:41	Name: _gat_UA-41913908-1 Value: 1
.udmserve.net/	1970-01-21 02:38:17	Name: dt Value: A30EE0E0-2ADD-3FFA-949C-0E217A5DA438
.adnxs.com/	1970-01-20 20:02:17	Name: XANDR_PANID Value: MXIw5JVwdYX8VD4-KYzyPzKS7XaK0Qs5BzWLi_VEC5XO1Tc-abxzGrZ1izB_P6PNQ3cfSciveHmX2mW7DfyzBjxdic8YtR0XKbx4NgM9vSw.
.adnxs.com/	1970-01-21 03:28:41	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:02:17	Name: uuid2 Value: 6245561651582914746
.casalemedia.com/	1970-01-21 02:38:17	Name: CMID Value: Za7nVE6SDrw.KYAGO2r0ggAA
.casalemedia.com/	1970-01-20 20:02:17	Name: CMPS Value: 3230
.casalemedia.com/	1970-01-20 20:02:17	Name: CMPRO Value: 3230
.payetteforward.com/	1970-01-20 17:54:07	Name: _clsk Value: 731ehj%7C1705961300906%7C1%7C1%7Co.clarity.ms%2Fcollect
.quantserve.com/	1970-01-21 03:22:55	Name: mc Value: 65aee754-e15b7-2c7a9-5bacb
www.payetteforward.com/	1970-01-20 18:35:53	Name: udmsrc Value: %7B%7D
www.payetteforward.com/	1970-01-20 18:35:53	Name: _pbjs_userid_consent_data Value: 3524755945110770
.payetteforward.com/	1970-01-21 02:38:17	Name: _sharedid Value: 5fcf920c-c961-4142-9332-e9d8d9323964
.payetteforward.com/	1970-01-21 03:17:10	Name: __qca Value: P0-526169853-1705961300822
.udmserve.net/	1970-01-20 20:02:17	Name: indx Value: Za7nVE6SDrw-KYAGO2r0ggAADJ4AAAAB
.mgid.com/	1970-01-20 18:12:50	Name: lmg_usr Value: a45f7ca2-a627-4da1-be37-ff44306ea1aa
.mgid.com/	1970-01-20 18:12:50	Name: lmg_r Value: 24
.udmserve.net/	1970-01-20 20:02:17	Name: apnid Value: 6245561651582914746
.udmserve.net/	1970-01-20 20:02:17	Name: mgid Value: a45f7ca2-a627-4da1-be37-ff44306ea1aa
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86179\|Za7nW
.adnxs.com/	1970-01-20 20:02:17	Name: icu Value: ChkI8vGJARAKGAEgASgBMNXOu60GOAFAAUgBENXOu60GGAA.
.bing.com/	1970-01-21 03:14:17	Name: MUID Value: 181BE12DB3CE6CAC2B34F523B2A56D67
.c.bing.com/	1970-01-20 18:02:46	Name: MR Value: 0
.c.bing.com/	1970-01-21 03:14:17	Name: SRM_B Value: 181BE12DB3CE6CAC2B34F523B2A56D67
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 03:14:17	Name: MUID Value: 181BE12DB3CE6CAC2B34F523B2A56D67
.c.clarity.ms/	1970-01-20 18:02:46	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 17:52:41	Name: ANONCHK Value: 0
.rubiconproject.com/	1970-01-21 02:38:17	Name: khaos Value: LRPHB8WQ-A-L1DZ
.rubiconproject.com/	1970-01-21 02:38:17	Name: audit Value: 1\|naVuGyos1qqiM2YUrtzjHC+IXqvPVzt4X6LBWwGzep2k2NKlEueGiKq6msFH3p8AmeiSicxXZoZndXwINW39BvicwizFOSo3JhsHlJbldDcR1ab++wVjGSKPLRELhl3xGLmP30iNJH4=
www.payetteforward.com/	1970-01-20 18:35:53	Name: udm_edge_floater_fcap Value: %5B1705961301927%5D
www.payetteforward.com/	1970-01-20 17:52:43	Name: udm_session Value: 1
.udmserve.net/	1970-01-21 02:38:17	Name: udmts Value: 1705961302.0
.udmserve.net/	1970-01-21 02:38:17	Name: gdpr Value: 15839:cmpMissing
.udmserve.net/	1970-01-21 02:38:17	Name: geode Value: 63830729302:178.162.209.135:276:C42476:D276005:S10436:de:gunzenhausen:ZZ:91710:wifi:hosting:?
.doubleclick.net/	1970-01-21 03:14:17	Name: IDE Value: AHWqTUmpl2i8ui-lqUQS8uy2VT5ROh_hJ3f3JvjXEQxbyNpi4hOCGs2V5iyr39D5XLg
.doubleclick.net/	1970-01-20 22:11:53	Name: APC Value: AfxxVi4NOOgqdCyG6rjSJsjR6cSG13xdFVVEf4O061jq9XxKyR_iWg
www.payetteforward.com/	1970-01-20 18:35:53	Name: csrf_token Value: 8e701ba5-b3a6-4db1-8d03-1d4a4a6eb42b
www.payetteforward.com/	1970-01-20 18:35:53	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222024-01-22T22%3A08%3A25%22%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://bid.underdog.media/udm-r3_v2.23.3.js(Line 4) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
app.termly.io
beacon-ams3.rubiconproject.com
bid.underdog.media
bidder.criteo.com
c.bing.com
c.clarity.ms
cdn.confiant-integrations.net
cdnjs.cloudflare.com
cm-x.mgid.com
dt.adsafeprotected.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hbopenbid.pubmatic.com
ib.adnxs.com
image8.pubmatic.com
lexicon.33across.com
match.adsrvr.org
o.clarity.ms
pagead2.googlesyndication.com
pixel-us-west.rubiconproject.com
pixel.quantserve.com
prebid.a-mo.net
protected-by.clarium.io
region1.analytics.google.com
rules.quantcount.com
s0.2mdn.net
secure.adnxs.com
secure.quantserve.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
sync.go.sonobi.com
token.rubiconproject.com
tpc.googlesyndication.com
udmserve.net
underdogmedia-d.openx.net
ups.analytics.yahoo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.payetteforward.com
142.250.181.226
145.40.97.66
172.64.151.101
184.30.22.30
185.64.189.112
185.64.190.79
2001:4860:4802:32::36
2600:1f18:1aca:4280:799:3bcd:c321:efff
2600:9000:223f:6c00:8:48e:53c0:93a1
2600:9000:25a2:ae00:5:c4ab:c3c0:93a1
2600:9000:25a2:d400:6:44e3:f8c0:93a1
2602:803:c003:200::31
2602:803:c003:200::67
2606:4700:20::681a:b95
2606:4700:20::ac43:460d
2606:4700:4400::ac40:90a6
2606:4700::6811:190e
2606:4700::6812:1fea
2607:f350:3:2569:0:10:0:d
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:809::200e
2a00:1450:4001:810::2008
2a00:1450:4001:827::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2006
2a00:1450:400c:c1d::9a
2a02:2638:3::7
3.75.62.37
35.244.159.8
35.244.193.51
37.252.171.85
46.137.143.235
52.152.143.207
52.223.40.198
63.32.16.169
68.219.88.97
68.71.249.118
69.173.144.165
8.2.110.161
8.39.36.142
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
06edac6c5ca20a9ea53915b1a8e69cbade3b54914de72eb1a82b3b7c925e8e47
0b59c84236e1aa480f6e46307bc58e447153f649c3e78390495b1ae6ef08730b
0be985080be85a1d48544f083b39ded06c758c489bcfa04b7860058e805c6fc0
11b2088deff6ac044087d2ef9e23453bc600e5e505f5cca9bd62a4cfe6d11a74
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16bd001aec7b26aced2962f85ef9c85e52e111ab64fe003172e7c45c5a3572d9
1c3c5400087c7a0933a14001c67987c69be79772724a3c6c1dcaac4119d976e3
1d1a47905ad72cec0ada3490ecaa76e42dd89db8838c3254b8bcf46a81564865
1dd07d410cf12478e9fedd90262cc824b7e8143b578bea4fd47b4cd3f608bc47
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
21d2c0ce4fdce3adf43dcef276e76d320a292a2ca3e659ddf65b155254b70162
21ed3fbbab468b6be3fc966ae6abfadb34aac3cfcee091b2e3cc8323cbaa36d8
2218f4accb7ba3b0d1bd3eb3dc3c41b50816d3970ff6e2cf558e2c44bb3fabdc
2648538218810c38d1a9976c5d28a55e9b1dea3e503932e00419f7c82b136a0f
2c9c000242ec31f3d772ddcf4ae871f8a8484a931ae01de7256fcd7227980799
2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437
2e80e257ec82b776973dac0d7d1234f606af35c2b46633c858f6064d0177b735
3830a7d5c4337d74371e2001d727220eed470a3b266ce77f2cede611d67c15b6
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3bb4d10a4ee5fae874bb60f4f47be5ace65c68fd1e0adb82a0e17759beafaae9
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3caf2be2097b3ee73667f6430b175f9c876fcfc17a9cb67972688ccb057067ef
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43974ed74066b207c30ffd0fed5146762e6c60745ac977004bc14507c7c42b50
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a4c240a17a4d5f925ef0e125b86d882c6ad7549028d9cbf6f4f06fd1dd897d
49f928b3256c4ccca5095edbb0073ec9ae139256df0378dcc3d684786f11e201
501ed6d7c49a3526af1f804fff30cc8b7b8608525b100f4140b7504cc5afd4bd
5268a8afa9325a8e0ea0c0039216ccc1c87cc59303ca5d0e7cef64469d9221aa
539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09
5431bf3cd2099a41e143f4ccab7ee74d223ea22941dfd9061c5d241ed05afade
54e1c3b691fad00b895d6ea8be4188c7d1253d56f4d1ae564e30e0de40cb5c1b
57f7117e895cffdd63c9588a8975b3842c00083c4cef4ccebadbfb55f4810607
58ecbb5b37c594cc57227155ad3391f84eabba836559b7f2ff4f801b3e1930f2
5e1a3fc0ee5a71ce8585a3464a579461e0dc853ce9073beb88297babe8d2b701
5feb1522f34adb55228a792331bb1ed51effbb4c7244dfdaf755178cfd27ddf1
62a18ceceb8d1de10e76104bbb8ef3decde3c53d17489b38cdc57ed34b799c9a
646f54e64d230bf10e2d2c14236c4f59b18257b96938951d346613671ee450b9
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6969a0eb16dcd4a1f69dad06aa7238b0ced59b55caaeaf8a88cf2f13c85d90a3
69bf00f685f771369ca65e83d23716a6f23c21e62d761baa71c067d34fa68fd1
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500
6a4dac260dffc284594d633859fb508b2fcfade38b61c8af9cd55eb23adf9e89
6dc665f3ade51319cb3df1ed00c2af977e87837208c8a1906c0d05359e5cce4b
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
740136e6df0830c6b5c38978f3d055af13fb56f9b5653202468cb0223e7cdd67
75a1e951e3218a586ec9aaf42a8e1b079064b9901bbc38c9044d9b39cf8f7af4
766a2e1984e6104f641176065f6806f1119a74a8703473c69658048146129997
7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527
809bd3ecc7f9c76dc13174b525a68e8f721eac9c31d5218582d17461163f74b8
80ca13009072ed3a0a1139b4905853ed8b104d5875e0d698fb0e4d3a3d61a6b7
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
922d55b2aad07c7199f4f4dc75e47928b0f08395b94d89675b5f6d18402249c6
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
95a59dd65d5607393e72e8e5b7d59110ffc318336beb55cbc8838980f309aab7
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b32b017ebeafd57cbe164d1b28a8d62e4193aca8dcc8dabfbceffa04fee55b4
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4d3e8467aa91c9c917d6ceeb0564cb873e88561d3cbfcd9c04fb98973203bd6
a60b1ba9daa11468bf1b846e8515e51b97023f341f2962a9623b9d8aaa7904ad
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff
aeb6d1f48af3487adeefeb452a2df688e0a3406bfc37a7d75b892a7175dde1e7
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b9fb40a5b3a55be44cabff815a499a7d90d34da8343767f7edebf8e0cf657e84
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682
c6711bfcb5b38b1adb4bd7965767ab87227965bd106a253592b53b889fb484a5
c6b0a123972dc8c6a9e209e9f76111f623ecfb92f0ea8e0997d9733b608ac441
c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd3bec578049163e4cd3e91e52d55040e999465b011fde978ca10b689317ac4c
cdf861d17ccfb5484653c6faa83194e3cdd22d77f8c184563350aef2fe6b24c4
ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0
ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d14ae5d5a8ff7ae8308abf35e47e40f4e14aa0e6853f5a7b40aa552589a5b68b
d443235c5040b9e5a2461f69bcef0930f5820c356830bb0c59a4953d16f8a59e
d44da8cb8d1fad9bc5999ce7e69b725b791d0abeab3b9ef837624ebf33b099ef
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9
e64be9c7535deda51f0f11fa8210cdf025dbb3ebd12ee4dfa090965957069026
e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b
eb12067abcd623ed3eef6aa27f52996536e3bda6104f95ccaba60df16e3e5305
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef0cc9b10c0a3f86a08535f0e58da53e4d68da2bff4172a7ccba30b9489c4574
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef68775d4ddd522d3e2bc0be616bf54c8fdf325c743a431c6c5573a905c0d82c
f4110d145ad25681a3ef677782ec9a807407fe09b028c2ea15648833ed9cac60
f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45
f5a50538e93b491d1027591b0b6f06731e07fb29b284c71eb260219bdfc50b37
f7f21bbe8b2d099eee3797fa0d65b1c45e4dd06f805fc8418986b8ca4aac37c3
fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00

www.payetteforward.com Open in urlscan Pro 2606:4700:20::ac43:460d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

136 Requests

96 %HTTPS

61 %IPv6

34 Domains

51 Subdomains

46 IPs

8 Countries

1818 kBTransfer

4922 kBSize

45 Cookies

4 Outgoing links

Page URL History

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.payetteforward.com Open in urlscan Pro
2606:4700:20::ac43:460d Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

96 %
HTTPS

61 %
IPv6

34
Domains

51
Subdomains

46
IPs

8
Countries

1818 kB
Transfer

4922 kB
Size

45
Cookies

136 HTTP transactions
6 data transactions