urlscan.io logo urlscan.io
SecurityTrails logo

freedomheadlines.com Open in urlscan Pro
104.21.34.120  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3625dce33e699a6f21c3602
Effective URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=e...
Submission: On January 18 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 86 IPs in 9 countries across 89 domains to perform 304 HTTP transactions. The main IP is 104.21.34.120, located in and belongs to CLOUDFLARENET, US. The main domain is freedomheadlines.com.
TLS certificate: Issued by GTS CA 1P5 on November 24th 2023. Valid for: 3 months.
This is the only time freedomheadlines.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 45.79.14.235 63949 (AKAMAI-LI...)
25 104.21.34.120 13335 (CLOUDFLAR...)
2 142.251.40.234 15169 (GOOGLE)
4 142.251.35.162 15169 (GOOGLE)
2 142.250.72.104 15169 (GOOGLE)
2 172.64.207.35 13335 (CLOUDFLAR...)
1 13.226.34.98 16509 (AMAZON-02)
2 18.173.132.31 16509 (AMAZON-02)
21 104.22.60.168 13335 (CLOUDFLAR...)
8 142.251.40.163 15169 (GOOGLE)
8 142.251.40.142 15169 (GOOGLE)
8 172.64.206.35 13335 (CLOUDFLAR...)
1 172.67.22.149 13335 (CLOUDFLAR...)
2 34.149.139.129 396982 (GOOGLE-CL...)
3 216.239.32.178 15169 (GOOGLE)
11 142.250.80.46 15169 (GOOGLE)
1 2 142.250.64.98 15169 (GOOGLE)
1 142.251.41.6 15169 (GOOGLE)
3 142.251.163.155 15169 (GOOGLE)
4 13.35.93.14 16509 (AMAZON-02)
2 142.251.32.100 15169 (GOOGLE)
1 142.250.65.214 15169 (GOOGLE)
1 142.250.65.225 15169 (GOOGLE)
1 104.22.52.86 13335 (CLOUDFLAR...)
1 18.164.111.190 16509 (AMAZON-02)
1 151.101.129.229 54113 (FASTLY)
1 108.138.128.34 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 172.64.152.89 13335 (CLOUDFLAR...)
1 74.119.119.131 19750 (AS-CRITEO)
4 142.251.32.97 15169 (GOOGLE)
3 23.41.168.202 16625 (AKAMAI-AS)
2 151.101.130.132 54113 (FASTLY)
1 2 34.120.107.143 396982 (GOOGLE-CL...)
3 141.95.98.65 16276 (OVH)
1 52.201.104.25 14618 (AMAZON-AES)
1 5 35.244.159.8 15169 (GOOGLE)
2 52.204.251.132 14618 (AMAZON-AES)
2 52.5.107.34 14618 (AMAZON-AES)
1 4 52.46.128.147 16509 (AMAZON-02)
6 7 52.223.40.198 16509 (AMAZON-02)
7 8 142.250.72.98 15169 (GOOGLE)
13 3.224.101.115 14618 (AMAZON-AES)
17 23.48.224.80 20940 (AKAMAI-ASN1)
5 142.250.80.98 15169 (GOOGLE)
7 44.218.163.194 14618 (AMAZON-AES)
1 13.225.63.4 16509 (AMAZON-02)
2 162.210.193.205 30633 (LEASEWEB-...)
1 34.206.180.7 14618 (AMAZON-AES)
18 18.238.55.39 16509 (AMAZON-02)
9 34.192.38.184 14618 (AMAZON-AES)
1 3 147.135.119.115 16276 (OVH)
2 2 63.251.86.51 32475 (SINGLEHOP...)
2 8.28.7.81 62713 (AS-PUBMATIC)
1 23.44.201.212 20940 (AKAMAI-ASN1)
2 2 72.251.229.176 32475 (SINGLEHOP...)
2 25 162.248.18.37 62713 (AS-PUBMATIC)
2 2 68.67.178.10 29990 (ASN-APPNEX)
6 6 54.157.227.4 14618 (AMAZON-AES)
1 1 198.148.27.131 19189 (PULSEPOINT)
2 5 23.105.12.172 30633 (LEASEWEB-...)
2 2 193.122.128.135 31898 (ORACLE-BM...)
3 9 104.18.36.155 13335 (CLOUDFLAR...)
1 2 151.101.194.49 54113 (FASTLY)
1 38.91.45.7 398989 (DEEPINTENT)
5 5 35.211.178.172 19527 (GOOGLE-2)
2 2 52.44.241.230 14618 (AMAZON-AES)
2 2 192.184.68.134 14618 (AMAZON-AES)
3 3 54.209.243.229 14618 (AMAZON-AES)
2 2 54.175.110.69 14618 (AMAZON-AES)
1 2 34.231.250.139 14618 (AMAZON-AES)
2 3 74.119.119.150 19750 (AS-CRITEO)
2 2 199.38.167.130 54312 (ROCKETFUEL)
2 3 34.111.113.62 396982 (GOOGLE-CL...)
1 2 52.223.22.214 16509 (AMAZON-02)
2 2 34.150.170.96 396982 (GOOGLE-CL...)
2 2 8.18.45.105 25751 (VALUECLICK)
2 2 50.116.194.21 6336 (TURN-US-ASN)
1 2 38.98.69.175 174 (COGENT-174)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
2 23.82.15.162 30633 (LEASEWEB-...)
1 23.83.76.100 395954 (LEASEWEB-...)
4 5 54.74.215.17 16509 (AMAZON-02)
3 3 185.167.164.39 198622 (ADFORM)
1 216.239.32.3 15169 (GOOGLE)
2 8.28.7.84 62713 (AS-PUBMATIC)
1 2 35.244.193.51 15169 (GOOGLE)
1 34.120.155.137 396982 (GOOGLE-CL...)
1 34.197.104.11 14618 (AMAZON-AES)
1 50.16.140.64 ()
1 34.120.63.153 396982 (GOOGLE-CL...)
3 3 44.213.227.236 14618 (AMAZON-AES)
1 3.233.89.241 14618 (AMAZON-AES)
1 2 63.251.28.233 13789 (INTERNAP-...)
1 2 44.224.76.14 16509 (AMAZON-02)
1 162.19.138.116 16276 (OVH)
1 1 69.90.254.78 13768 (COGECO-PEER1)
1 1 216.200.232.249 30419 (MEDIAMATH...)
1 1 172.104.64.149 63949 (AKAMAI-LI...)
7 7 69.194.240.13 26120 (RHYTHMONE)
1 35.186.193.173 15169 (GOOGLE)
1 23.88.86.2 24940 (HETZNER-AS)
1 195.5.165.20 44968 (IPROM-AS)
2 2 104.66.251.81 16625 (AKAMAI-AS)
1 2 34.224.254.163 14618 (AMAZON-AES)
1 54.90.34.250 14618 (AMAZON-AES)
1 52.2.244.166 14618 (AMAZON-AES)
1 1 64.227.64.62 ()
1 1 23.1.200.83 16625 (AKAMAI-AS)
2 23.56.163.106 ()
304 86
2    45.79.14.235 (Richardson, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-79-14-235.ip.linodeusercontent.com
mailz.leafybranch.com
25    104.21.34.120 (None, )

ASN13335 (CLOUDFLARENET, US)
freedomheadlines.com
2    142.251.40.234 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f10.1e100.net
fonts.googleapis.com
4    142.251.35.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net
securepubads.g.doubleclick.net
2    142.250.72.104 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f8.1e100.net
www.googletagmanager.com
2    172.64.207.35 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.whizzco.com
api.whizzco.com
1    13.226.34.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-34-98.ewr53.r.cloudfront.net
cdn1.lockerdomecdn.com
2    18.173.132.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-132-31.jfk52.r.cloudfront.net
cdn2.decide.dev
21    104.22.60.168 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.vuukle.com
vuukle.com
publish.vuukle.com
image.vuukle.com
8    142.251.40.163 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f3.1e100.net
fonts.gstatic.com
www.gstatic.com
8    142.251.40.142 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f14.1e100.net
www.youtube.com
8    172.64.206.35 (United States)

ASN13335 (CLOUDFLARENET, US)
api.whizzco.com
cdn.whizzco.com
1    172.67.22.149 (United States)

ASN13335 (CLOUDFLARENET, US)
api.vuukle.com
2    34.149.139.129 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 129.139.149.34.bc.googleusercontent.com
decide.dev
3    216.239.32.178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
11    142.250.80.46 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f14.1e100.net
fundingchoicesmessages.google.com
2    142.250.64.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f2.1e100.net
googleads.g.doubleclick.net
1    142.251.41.6 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f6.1e100.net
static.doubleclick.net
3    142.251.163.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net
stats.g.doubleclick.net
4    13.35.93.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-14.jfk50.r.cloudfront.net
assets.revcontent.com
2    142.251.32.100 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net
www.google.com
1    142.250.65.214 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f22.1e100.net
i.ytimg.com
1    142.250.65.225 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f1.1e100.net
yt3.ggpht.com
1    104.22.52.86 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    18.164.111.190 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-111-190.jfk50.r.cloudfront.net
cdn.prod.uidapi.com
1    151.101.129.229 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    108.138.128.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-34.jfk50.r.cloudfront.net
tags.crwdcntrl.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
1    74.119.119.131 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
4    142.251.32.97 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f1.1e100.net
73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com
tpc.googlesyndication.com
3    23.41.168.202 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-202.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    151.101.130.132 (United States)

ASN54113 (FASTLY, US)
player.ex.co
2    34.120.107.143 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com
oajs.openx.net
3    141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu
id5-sync.com
1    52.201.104.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-104-25.compute-1.amazonaws.com
bcp.crwdcntrl.net
5    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
google-bidout-d.openx.net
us-u.openx.net
u.openx.net
2    52.204.251.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-251-132.compute-1.amazonaws.com
trends.revcontent.com
2    52.5.107.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-107-34.compute-1.amazonaws.com
pr-bh.ybp.yahoo.com
4    52.46.128.147 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
7    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
8    142.250.72.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
cm.g.doubleclick.net
13    3.224.101.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-101-115.compute-1.amazonaws.com
collector.ex.co
17    23.48.224.80 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-80.deploy.static.akamaitechnologies.com
mcd.ex.co
cdn.ex.co
5    142.250.80.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f2.1e100.net
pagead2.googlesyndication.com
7    44.218.163.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-218-163-194.compute-1.amazonaws.com
yeet.revcontent.com
trends.revcontent.com
1    13.225.63.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-4.ewr53.r.cloudfront.net
img.revcontent.com
2    162.210.193.205 (Washington, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
p.channelexco.com
s-02.channelexco.com
1    34.206.180.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-180-7.compute-1.amazonaws.com
gpv.ex.co
18    18.238.55.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-39.jfk52.r.cloudfront.net
images.revcontent.com
9    34.192.38.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-38-184.compute-1.amazonaws.com
sync.ex.co
3    147.135.119.115 (United States)

ASN16276 (OVH, FR)
PTR: ip115.ip-147-135-119.us
www9.smartadserver.com
prg.smartadserver.com
2    63.251.86.51 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
2    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    23.44.201.212 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-201-212.deploy.static.akamaitechnologies.com
creatives.sascdn.com
2    72.251.229.176 (United States)

ASN32475 (SINGLEHOP-LLC, US)
cm.adgrx.com
25    162.248.18.37 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
image2.pubmatic.com
2    68.67.178.10 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
6    54.157.227.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-227-4.compute-1.amazonaws.com
match.prod.bidr.io
1    198.148.27.131 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
5    23.105.12.172 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
rtb-csync.smartadserver.com
2    193.122.128.135 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
9    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
htlb.casalemedia.com
dsum-sec.casalemedia.com
2    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    38.91.45.7 (Ashburn, United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
5    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
2    52.44.241.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-241-230.compute-1.amazonaws.com
ads.creative-serving.com
2    192.184.68.134 (United States)

ASN14618 (AMAZON-AES, US)
cms.quantserve.com
3    54.209.243.229 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-243-229.compute-1.amazonaws.com
pm.w55c.net
2    54.175.110.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-110-69.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    34.231.250.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-250-139.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
3    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
2    199.38.167.130 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
3    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
2    52.223.22.214 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
2    34.150.170.96 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 96.170.150.34.bc.googleusercontent.com
um.simpli.fi
2    8.18.45.105 (United States)

ASN25751 (VALUECLICK, US)
PTR: ric06-nessy-float1.dotomi.com
pubmatic-match.dotomi.com
2    50.116.194.21 (United States)

ASN6336 (TURN-US-ASN, US)
PTR: presentation-atl1.turn.com
ad.turn.com
2    38.98.69.175 (North Bergen, United States)

ASN174 (COGENT-174, US)
pmp.mxptint.net
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
2    23.82.15.162 (Manassas, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
e.channelexco.com
1    23.83.76.100 (Los Angeles, United States)

ASN395954 (LEASEWEB-USA-LAX, US)
ssbsync-global.smartadserver.com
5    54.74.215.17 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-215-17.eu-west-1.compute.amazonaws.com
a.audrte.com
3    185.167.164.39 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
c1.adform.net
1    216.239.32.3 (United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
2    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
2    35.244.193.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
1    34.120.155.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.155.120.34.bc.googleusercontent.com
api.rlcdn.com
1    34.197.104.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-104-11.compute-1.amazonaws.com
ads.yieldmo.com
1    50.16.140.64 (None, )

ASN- ()
rtb.ex.co
1    34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com
prebid.media.net
3    44.213.227.236 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-213-227-236.compute-1.amazonaws.com
i.liadm.com
1    3.233.89.241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-89-241.compute-1.amazonaws.com
i6.liadm.com
2    63.251.28.233 (Secaucus, United States)

ASN13789 (INTERNAP-BLK3, US)
ads.stickyadstv.com
2    44.224.76.14 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-224-76-14.us-west-2.compute.amazonaws.com
dpm.demdex.net
1    162.19.138.116 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu
lb.eu-1-id5-sync.com
1    69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
ums.acuityplatform.com
1    216.200.232.249 (Frederick, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    172.104.64.149 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1674-149.members.linode.com
gocm.c.appier.net
7    69.194.240.13 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
ipac.ctnsnet.com
1    23.88.86.2 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.2.86.88.23.clients.your-server.de
matching.truffle.bid
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
2    104.66.251.81 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-66-251-81.deploy.static.akamaitechnologies.com
px.owneriq.net
2    34.224.254.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-254-163.compute-1.amazonaws.com
thrtle.com
1    54.90.34.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-34-250.compute-1.amazonaws.com
crb.kargo.com
1    52.2.244.166 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-244-166.compute-1.amazonaws.com
sync.bfmio.com
1    64.227.64.62 (None, )

ASN- ()
match.adsby.bidtheatre.com
1    23.1.200.83 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-1-200-83.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
2    23.56.163.106 (None, )

ASN- ()
eus.rubiconproject.com
Apex Domain
Subdomains		 Transfer
43 ex.co
player.ex.co — Cisco Umbrella Rank: 9660
collector.ex.co — Cisco Umbrella Rank: 9822
mcd.ex.co — Cisco Umbrella Rank: 15760
cdn.ex.co — Cisco Umbrella Rank: 10387
gpv.ex.co — Cisco Umbrella Rank: 10820
sync.ex.co — Cisco Umbrella Rank: 3443
rtb.ex.co
1 MB
32 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 535
image6.pubmatic.com — Cisco Umbrella Rank: 805
simage2.pubmatic.com — Cisco Umbrella Rank: 870
image2.pubmatic.com — Cisco Umbrella Rank: 912
simage4.pubmatic.com — Cisco Umbrella Rank: 1277
104 KB
32 revcontent.com
assets.revcontent.com — Cisco Umbrella Rank: 7198
trends.revcontent.com — Cisco Umbrella Rank: 2565
yeet.revcontent.com — Cisco Umbrella Rank: 8249
img.revcontent.com — Cisco Umbrella Rank: 9158
images.revcontent.com — Cisco Umbrella Rank: 8231
273 KB
25 freedomheadlines.com
freedomheadlines.com
508 KB
22 vuukle.com
cdn.vuukle.com — Cisco Umbrella Rank: 19598
vuukle.com — Cisco Umbrella Rank: 6350
api.vuukle.com — Cisco Umbrella Rank: 26492
publish.vuukle.com — Cisco Umbrella Rank: 23535
image.vuukle.com — Cisco Umbrella Rank: 49805
495 KB
18 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
static.doubleclick.net — Cisco Umbrella Rank: 263
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
cm.g.doubleclick.net — Cisco Umbrella Rank: 260
216 KB
13 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
www.google.com — Cisco Umbrella Rank: 2
92 KB
10 whizzco.com
cdn.whizzco.com — Cisco Umbrella Rank: 98782
api.whizzco.com — Cisco Umbrella Rank: 98185
9 KB
9 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 497
htlb.casalemedia.com — Cisco Umbrella Rank: 478
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622
6 KB
9 smartadserver.com
www9.smartadserver.com — Cisco Umbrella Rank: 19636
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 669
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1724
prg.smartadserver.com — Cisco Umbrella Rank: 1533
7 KB
9 googlesyndication.com
73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
66 KB
9 gstatic.com
fonts.gstatic.com
www.gstatic.com
csi.gstatic.com
167 KB
8 youtube.com
www.youtube.com — Cisco Umbrella Rank: 75 Failed
1005 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 357
3 KB
7 openx.net
oajs.openx.net — Cisco Umbrella Rank: 1736
google-bidout-d.openx.net — Cisco Umbrella Rank: 1735
us-u.openx.net — Cisco Umbrella Rank: 524
u.openx.net
2 KB
6 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 555
3 KB
5 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 547
3 KB
5 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2054
3 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 373
3 KB
4 liadm.com
i.liadm.com — Cisco Umbrella Rank: 550
i6.liadm.com — Cisco Umbrella Rank: 2884
2 KB
4 channelexco.com
p.channelexco.com — Cisco Umbrella Rank: 10967
s-02.channelexco.com — Cisco Umbrella Rank: 87945
e.channelexco.com — Cisco Umbrella Rank: 10001
18 KB
4 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 326
3 KB
4 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 857
id5-sync.com — Cisco Umbrella Rank: 425
30 KB
4 decide.dev
cdn2.decide.dev — Cisco Umbrella Rank: 34906
decide.dev — Cisco Umbrella Rank: 27169
8 KB
3 rubiconproject.com
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 967
eus.rubiconproject.com
token.rubiconproject.com Failed
12 KB
3 adform.net
dmp.adform.net — Cisco Umbrella Rank: 3041
c1.adform.net — Cisco Umbrella Rank: 583
2 KB
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 501
1 KB
3 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 608
1 KB
3 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 875
2 KB
3 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1299
lexicon.33across.com — Cisco Umbrella Rank: 1517
5 KB
3 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 2253
creativecdn.com — Cisco Umbrella Rank: 564
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 thrtle.com
thrtle.com — Cisco Umbrella Rank: 1397
684 B
2 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 1778
1 KB
2 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1373
1009 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 239
1 KB
2 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 562
1 KB
2 mxptint.net
pmp.mxptint.net — Cisco Umbrella Rank: 4970
967 B
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 843
952 B
2 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3439
744 B
2 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 856
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 412
735 B
2 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 841
2 KB
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1604
833 B
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 730
2 KB
2 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 764
1007 B
2 creative-serving.com
ads.creative-serving.com — Cisco Umbrella Rank: 4277
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 716
770 B
2 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1913
2 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 253
secure.adnxs.com Failed
2 KB
2 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1563
1011 B
2 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 671
1 KB
2 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 495
ups.analytics.yahoo.com Failed
1 KB
2 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1005
bcp.crwdcntrl.net — Cisco Umbrella Rank: 898
13 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
146 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
3 KB
2 leafybranch.com
mailz.leafybranch.com
1 KB
1 bidtheatre.com
match.adsby.bidtheatre.com
555 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1716
425 B
1 kargo.com
crb.kargo.com — Cisco Umbrella Rank: 1149
358 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 6118
279 B
1 truffle.bid
matching.truffle.bid — Cisco Umbrella Rank: 6671
1 ctnsnet.com
ipac.ctnsnet.com — Cisco Umbrella Rank: 5784
360 B
1 appier.net
gocm.c.appier.net — Cisco Umbrella Rank: 2934
436 B
1 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1331
738 B
1 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 1353
674 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 914
280 B
1 media.net
prebid.media.net — Cisco Umbrella Rank: 1229
656 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 651
327 B
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 1011
282 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1026
339 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 523
967 B
1 sascdn.com
creatives.sascdn.com — Cisco Umbrella Rank: 12125
388 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 657
13 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 1833
8 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324
902 B
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 2948
3 KB
1 ggpht.com
yt3.ggpht.com — Cisco Umbrella Rank: 231
3 KB
1 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 93
46 KB
1 lockerdomecdn.com
cdn1.lockerdomecdn.com — Cisco Umbrella Rank: 29192
1 KB
0 adentifi.com Failed
rtb.adentifi.com Failed
0 sitescout.com Failed
pixel-sync.sitescout.com Failed
0 ipredictive.com Failed
sync.ipredictive.com Failed
0 antigena.com Failed
us01.z.antigena.com Failed
0 opera.com Failed
t.adx.opera.com Failed
0 loopme.me Failed
csync.loopme.me Failed
0 tribalfusion.com Failed
a.tribalfusion.com Failed
0 mrtnsvr.com Failed
ad.mrtnsvr.com Failed
0 jeeng.com Failed
users.api.jeeng.com Failed
304 89
Domain Requested by
25 freedomheadlines.com freedomheadlines.com
18 simage2.pubmatic.com 2 redirects ads.pubmatic.com
18 images.revcontent.com freedomheadlines.com
13 collector.ex.co player.ex.co
12 mcd.ex.co freedomheadlines.com
cdn.ex.co
11 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
10 image.vuukle.com freedomheadlines.com
9 sync.ex.co cdn.ex.co
ads.pubmatic.com
ssbsync-global.smartadserver.com
ssum-sec.casalemedia.com
9 cdn.vuukle.com freedomheadlines.com
cdn.vuukle.com
8 cm.g.doubleclick.net 7 redirects google-bidout-d.openx.net
8 api.whizzco.com cdn.whizzco.com
8 www.youtube.com freedomheadlines.com
www.youtube.com
7 image2.pubmatic.com ads.pubmatic.com
7 match.adsrvr.org 6 redirects cdn.ex.co
6 match.prod.bidr.io 6 redirects
6 yeet.revcontent.com assets.revcontent.com
6 fonts.gstatic.com fonts.googleapis.com
www.youtube.com
5 sync.1rx.io 5 redirects
5 a.audrte.com 4 redirects ssbsync-global.smartadserver.com
5 x.bidswitch.net 5 redirects
5 ssum-sec.casalemedia.com 3 redirects cdn.ex.co
ssum-sec.casalemedia.com
5 rtb-csync.smartadserver.com 2 redirects ssbsync-global.smartadserver.com
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
5 cdn.ex.co player.ex.co
cdn.ex.co
4 s.amazon-adsystem.com 1 redirects google-bidout-d.openx.net
ads.pubmatic.com
ssum-sec.casalemedia.com
4 assets.revcontent.com cdn.whizzco.com
assets.revcontent.com
4 securepubads.g.doubleclick.net freedomheadlines.com
securepubads.g.doubleclick.net
3 i.liadm.com 3 redirects
3 dsum-sec.casalemedia.com ssum-sec.casalemedia.com
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 pixel.tapad.com 2 redirects
3 dis.criteo.com 2 redirects ads.pubmatic.com
3 pm.w55c.net 3 redirects
3 us-u.openx.net google-bidout-d.openx.net
3 trends.revcontent.com assets.revcontent.com
3 id5-sync.com cdn.id5-sync.com
cdn.ex.co
3 ads.pubmatic.com assets.revcontent.com
cdn.ex.co
3 stats.g.doubleclick.net decide.dev
www.google-analytics.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 eus.rubiconproject.com cdn.ex.co
eus.rubiconproject.com
2 thrtle.com 1 redirects
2 px.owneriq.net 2 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 dpm.demdex.net 1 redirects ssum-sec.casalemedia.com
2 ads.stickyadstv.com 1 redirects ssum-sec.casalemedia.com
2 lexicon.33across.com 1 redirects
2 simage4.pubmatic.com ads.pubmatic.com
2 dmp.adform.net 2 redirects
2 e.channelexco.com cdn.ex.co
2 creativecdn.com 2 redirects
2 pmp.mxptint.net 1 redirects
2 ad.turn.com 2 redirects
2 pubmatic-match.dotomi.com 2 redirects
2 um.simpli.fi 2 redirects
2 eb2.3lift.com 1 redirects
2 p.rfihub.com 2 redirects
2 beacon.lynx.cognitivlabs.com 1 redirects ads.pubmatic.com
2 sync.srv.stackadapt.com 2 redirects
2 cms.quantserve.com 2 redirects
2 ads.creative-serving.com 2 redirects
2 sync-tm.everesttech.net 1 redirects ads.pubmatic.com
2 sync.technoratimedia.com 2 redirects
2 ib.adnxs.com 2 redirects
2 cm.adgrx.com 2 redirects
2 image6.pubmatic.com ads.pubmatic.com
2 ap.lijit.com 2 redirects
2 www9.smartadserver.com 1 redirects freedomheadlines.com
2 pr-bh.ybp.yahoo.com google-bidout-d.openx.net
2 oajs.openx.net 1 redirects freedomheadlines.com
2 player.ex.co freedomheadlines.com
player.ex.co
2 www.gstatic.com www.youtube.com
www.gstatic.com
2 www.google.com www.youtube.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net 1 redirects www.youtube.com
2 decide.dev cdn2.decide.dev
2 cdn2.decide.dev freedomheadlines.com
cdn1.lockerdomecdn.com
2 cdn.whizzco.com freedomheadlines.com
cdn.whizzco.com
2 www.googletagmanager.com freedomheadlines.com
www.googletagmanager.com
2 fonts.googleapis.com freedomheadlines.com
client
2 mailz.leafybranch.com 2 redirects
1 u.openx.net 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 c1.adform.net 1 redirects
1 sync.bfmio.com
1 crb.kargo.com
1 core.iprom.net ads.pubmatic.com
1 matching.truffle.bid ads.pubmatic.com
1 ipac.ctnsnet.com ads.pubmatic.com
1 gocm.c.appier.net 1 redirects
1 sync.mathtag.com 1 redirects
1 ums.acuityplatform.com 1 redirects
1 lb.eu-1-id5-sync.com cdn.ex.co
1 i6.liadm.com ssum-sec.casalemedia.com
1 htlb.casalemedia.com cdn.ex.co
1 prebid.media.net cdn.ex.co
1 prg.smartadserver.com cdn.ex.co
1 rtb.ex.co cdn.ex.co
1 ads.yieldmo.com cdn.ex.co
1 api.rlcdn.com cdn.ex.co
1 csi.gstatic.com pagead2.googlesyndication.com
1 ssbsync-global.smartadserver.com cdn.ex.co
1 match.deepintent.com ads.pubmatic.com
1 bh.contextweb.com 1 redirects
1 creatives.sascdn.com
1 s-02.channelexco.com freedomheadlines.com
1 gpv.ex.co cdn.ex.co
1 p.channelexco.com cdn.ex.co
1 img.revcontent.com freedomheadlines.com
1 google-bidout-d.openx.net oa.openxcdn.net
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 yt3.ggpht.com www.youtube.com
1 i.ytimg.com www.youtube.com
1 static.doubleclick.net www.youtube.com
1 publish.vuukle.com cdn.vuukle.com
1 api.vuukle.com cdn.vuukle.com
1 vuukle.com cdn.vuukle.com
1 cdn1.lockerdomecdn.com freedomheadlines.com
0 secure.adnxs.com Failed
0 token.rubiconproject.com Failed eus.rubiconproject.com
0 rtb.adentifi.com Failed
0 pixel-sync.sitescout.com Failed
0 sync.ipredictive.com Failed
0 ups.analytics.yahoo.com Failed
0 us01.z.antigena.com Failed
0 t.adx.opera.com Failed ads.pubmatic.com
0 csync.loopme.me Failed ads.pubmatic.com
0 a.tribalfusion.com Failed ads.pubmatic.com
0 ad.mrtnsvr.com Failed ads.pubmatic.com
0 users.api.jeeng.com Failed freedomheadlines.com
304 138

This site contains links to these domains. Also see Links.

Domain
vuukle.com
smeagol.revcontent.com
www.facebook.com
twitter.com
pinterest.com
plus.google.com
Subject Issuer Validity Valid
freedomheadlines.com
GTS CA 1P5		 2023-11-24 -
2024-02-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
whizzco.com
Cloudflare Inc ECC CA-3		 2023-03-31 -
2024-03-30		 a year crt.sh
*.lockerdomecdn.com
Amazon RSA 2048 M02		 2023-11-26 -
2024-12-24		 a year crt.sh
*.decide.dev
Amazon RSA 2048 M02		 2023-11-26 -
2024-12-25		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-05 -
2024-05-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
decide.dev
GTS CA 1D4		 2023-12-09 -
2024-03-08		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
revcontent.com
Amazon RSA 2048 M02		 2023-05-18 -
2024-06-16		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
cdn.prod.uidapi.com
R3		 2023-11-02 -
2024-01-31		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01		 2023-10-08 -
2024-11-05		 a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4		 2023-12-23 -
2024-03-22		 3 months crt.sh
oa.openxcdn.net
GTS CA 1D4		 2023-11-24 -
2024-02-22		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-15 -
2024-03-10		 3 months crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-26 -
2024-11-26		 a year crt.sh
*.ex.co
Go Daddy Secure Certificate Authority - G2		 2023-06-08 -
2024-07-09		 a year crt.sh
*.id5-sync.com
R3		 2024-01-01 -
2024-03-31		 3 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-01-10 -
2024-06-26		 6 months crt.sh
cdn.ex.co
R3		 2024-01-04 -
2024-04-03		 3 months crt.sh
*.channelexco.com
R3		 2023-12-24 -
2024-03-23		 3 months crt.sh
*.sascdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-14 -
2024-07-17		 a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2024-01-01 -
2024-12-21		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-11 -
2024-09-11		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2023-12-01 -
2025-01-01		 a year crt.sh
beacon.lynx.cognitivlabs.com
Amazon RSA 2048 M02		 2023-03-31 -
2024-04-28		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-01 -
2024-03-01		 3 months crt.sh
*.smartadserver.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2024-01-17 -
2025-01-16		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.yieldmo.com
Amazon RSA 2048 M01		 2023-08-14 -
2024-09-12		 a year crt.sh
prebid.media.net
GTS CA 1D4		 2023-12-24 -
2024-03-23		 3 months crt.sh
*.ads.stickyadstv.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-19 -
2024-05-19		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2024-01-01 -
2024-03-31		 3 months crt.sh
*.ctnsnet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-13 -
2024-11-10		 a year crt.sh
truffle.bid
R3		 2024-01-08 -
2024-04-07		 3 months crt.sh
*.iprom.net
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
*.prod.use1.green.ops.kargo.com
Amazon RSA 2048 M03		 2023-12-11 -
2025-01-08		 a year crt.sh
*.bfmio.com
Amazon RSA 2048 M02		 2023-03-17 -
2024-04-14		 a year crt.sh
*.rubiconproject.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-03-07 -
2024-04-03		 a year crt.sh

This page contains 46 frames:

Primary Page: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Frame ID: D232504883EB5730E7400296AE7E5B57
Requests: 154 HTTP requests in this frame

Frame: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Frame ID: 4403D460327F81D30F0DA7188BA8C999
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Frame ID: 0F6AC2497EFFDEB17507100483319F39
Requests: 18 HTTP requests in this frame

Frame: https://cdn.vuukle.com/widgets/emotes.html?version=3.12.6
Frame ID: A0DE50A64626210DE0599157F21952BA
Requests: 8 HTTP requests in this frame

Frame: https://cdn.vuukle.com/widgets/index.html?version=3.32.2
Frame ID: A619A707DB7B79289DEBAC06C0EF7D5D
Requests: 16 HTTP requests in this frame

Frame: https://decide.dev/lad/14305626872558694?pubid=ld-9377-335&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=780&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=220&y=2321.21875&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Frame ID: 1042B103AF36EF04AC44D3E9233587BA
Requests: 2 HTTP requests in this frame

Frame: https://decide.dev/lad/14729220068684902?pubid=ld-14729220068684902&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=1560&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=-100779&y=101199&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Frame ID: E496D7E06DBB6BFB7D5737E0AB321279
Requests: 2 HTTP requests in this frame

Frame: https://73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1455BE4DAF0138CB1B291CDAA49D28CA
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 85D6B2BAFE7D79FE5313ABEFB7C25E91
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ex.co/sync/0.0.1-7abf705/cookie_sync.html?network=368531133%2C1841615463&gdpr=0&gdpr_consent=
Frame ID: A83315A12F209C404C78D9B88E5D8095
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ex.co/player/pb/2.4.0/expb.js
Frame ID: 034BA1DF7C8518F95AD333906152BEAF
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Frame ID: 8F9E59257429639341EC88DF385A10B2
Requests: 28 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&redir=true&gdpr=0&gdpr_consent=
Frame ID: 373635DBFE98949A943AF3146243D84A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=c95b564a-b652-11ee-b03b-f81da172816e
Frame ID: FF17D5FD7C972542292C0720D0F556C1
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2246955529131902645&gdpr=0&gdpr_consent=
Frame ID: 76C16331DC1563AF2CA4216294E02AB9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAuyU7LU1IAABOR4M71kg&gdpr=0&gdpr_consent=
Frame ID: C13D957BB0C81D3FF69B22E104E5AE0B
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZampNQAPg-i5dwBH
Frame ID: 63F00E72DA474D4A455C0C434A3FD15D
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: C1D09F47F62D2E1586BBA43DA2963DF7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Frame ID: 743A5E6717263850A6A78AABF8FBBFBC
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
Frame ID: 8DB539D05E8B53A31AEB29745146641D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:FaQkITiQ1RqB5b5&gdpr=0&gdpr_consent=
Frame ID: D92E2BC0CEC695A273755AA3C94E9414
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZlYai8prWFlG630TIH-Z7bm9GZk&gdpr=0&gdpr_consent=
Frame ID: B9B55D2E36CAB5C2D9A678D782ACB1F6
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Frame ID: 8A676D099B2534756EB4C9F362B83CD7
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: B10280E98AAABFFB0027B14F7BCFFC46
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336248539659481
Frame ID: 23D94EE312884EC6BFCAEA39B49BCDB8
Requests: 1 HTTP requests in this frame

Frame: https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent=
Frame ID: 68DDF6AAAD800A9EEA5CA15EB56BF520
Requests: 1 HTTP requests in this frame

Frame: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: E8085BE99E4FA90D696B412ACB905324
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
Frame ID: 2BBF583CCD0302A09F0136C20E589833
Requests: 1 HTTP requests in this frame

Frame: https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
Frame ID: 68E14F64BD959A4BA908FA96E68395BB
Requests: 1 HTTP requests in this frame

Frame: https://sync.ex.co/v1/setuid/pubmatic/?gdpr=0&gdpr_consent=&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Frame ID: C88DA80AE718F0EE2961F3779088BDF3
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Frame ID: 74BD83CCF8138AD53438B78657C84A87
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0F74087C8B1D10299E791FE14CE2E338
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2B6AEACAE209A2EDB5C793A03872FE49
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Frame ID: 7DFA93ED181469774A891B096580CBD3
Requests: 10 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=878557539485
Frame ID: 87EDE2735B28BF7C0559D6B39020F386
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019&gdpr=0&gdpr_consent=
Frame ID: 1F3A8027C83D197C5704DEDF7DA6B7E7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=53L4xdR7DOODFVT8OampZQ
Frame ID: C7BA980D749943E453C86419345AF9D2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
Frame ID: AB4874F50D2E7CB5BF8E6669558323BB
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 16D4C38B6678394BF1E01BFA14664CDB
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 888EF2A3C1960BF353FD7C19BD750097
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 5484316CE682A6B7DD3C75728035DF73
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7589041201645427175
Frame ID: 2B693A363514A5F5C36BF1B73A5773AF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:3F754998CF3743FA8F63CF72A8B27320&gdpr=0&gdpr_consent=
Frame ID: B946311DF4CD1098AF5526EA2463BDC8
Requests: 1 HTTP requests in this frame

Frame: https://sync.ex.co/v1/setuid/pubmatic/?gdpr=0&gdpr_consent=&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Frame ID: 97C294BB34A2353157362D9893445D72
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
Frame ID: 2C78025ACEAEFF0E77FD318F677E88E9
Requests: 3 HTTP requests in this frame

Frame: https://sync.ex.co/v1/setuid?bidder=freewheel&gdpr=0&gdpr_consent=&uid=275fc58f48298b1878e277fd4cab9678
Frame ID: 9600685E275346F755585C3A12181DB1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Joran van der Sloot Has FINALLY Confessed to Killing Natalee Holloway – Freedom Headlines | Top Political News USA | USA Politics

Page URL History Show full URLs

  1. http://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3... HTTP 301
    https://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3... HTTP 301
    https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-ho... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

304
Requests

84 %
HTTPS

0 %
IPv6

89
Domains

138
Subdomains

86
IPs

9
Countries

4817 kB
Transfer

11732 kB
Size

158
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3625dce33e699a6f21c3602 HTTP 301
    https://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3625dce33e699a6f21c3602 HTTP 301
    https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 120
  • https://oajs.openx.net/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&rid=esp&cc=1
Request Chain 129
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6&dcc=t
Request Chain 130
  • https://match.adsrvr.org/track/cmf/openx?oxid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/openx?oxid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0&gdpr_consent=
Request Chain 132
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO_RTZ6ylF5nEK0PexU8pBw&google_cver=1
Request Chain 187
  • https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5BCB%5D&pgdomain=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&vph=438&vpw=780&gdpr_consent=&us_privacy=&schain=1.0%2C1%21playbuzz.com%2C0010J00002G2BxCQAV%2C1%2C%2C%2Cfreedomheadlines.com&gdpr=0 HTTP 302
  • https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5bCB%5d&pgdomain=https%3a%2f%2ffreedomheadlines.com%2ffreedom-wire%2fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2f&vph=438&vpw=780&gdpr_consent=&us_privacy=&schain=1.0%2c1!playbuzz.com%2c0010J00002G2BxCQAV%2c1%2c%2c%2cfreedomheadlines.com&gdpr=0&cklb=1
Request Chain 200
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fsovrn%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fsovrn%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
  • https://sync.ex.co/v1/setuid/sovrn/?gdpr=0&gdpr_consent=&uid=IA6RjLZH62qOOr39SEerjNv2
Request Chain 207
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=c95b564a-b652-11ee-b03b-f81da172816e
Request Chain 208
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2246955529131902645&gdpr=0&gdpr_consent=
Request Chain 209
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBdXlVN0xVMUlBQUJPUjRNNzFrZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?ev=AAAuyU7LU1IAABOR4M71kg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAAuyU7LU1IAABOR4M71kg&pid=558502&do=add&gdpr=0 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partneruserid=AAAuyU7LU1IAABOR4M71kg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=1806854147396276484&gdpr=0&gdpr_consent= HTTP 303
  • https://sync.technoratimedia.com/services?uid=AAAuyU7LU1IAABOR4M71kg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D1806854147396276484%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0 HTTP 307
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D1B7FE8AF12AF48F7809D41D081310265%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F%252Fmatch.prod.bidr.io%252Fcookie-sync%253Fgdpr%253D0%2526gdpr%253D0%2526userid%253D1806854147396276484%2526gdpr%253D0%2526gdpr_consent%253D%2526bee_sync_partners%253Dpm%2526bee_sync_current_partner%253Dsyn%2526bee_sync_initiator%253Dadx%2526bee_sync_hop_count%253D4%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D1B7FE8AF12AF48F7809D41D081310265%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F%252Fmatch.prod.bidr.io%252Fcookie-sync%253Fgdpr%253D0%2526gdpr%253D0%2526userid%253D1806854147396276484%2526gdpr%253D0%2526gdpr_consent%253D%2526bee_sync_partners%253Dpm%2526bee_sync_current_partner%253Dsyn%2526bee_sync_initiator%253Dadx%2526bee_sync_hop_count%253D4%26uid%3D&s=191740&C=1 HTTP 302
  • https://sync.technoratimedia.com/services?srv=cs&nuid=1B7FE8AF12AF48F7809D41D081310265&att=1&pid=82&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D1806854147396276484%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&uid=ZampN43nfS6Klc-x.-wgKQAA%262473 HTTP 307
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&userid=1806854147396276484&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAuyU7LU1IAABOR4M71kg&gdpr=0&gdpr_consent=
Request Chain 210
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZampNQAPg-i5dwBH
Request Chain 212
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=2ca39820-f504-4b9e-953f-6109e8cc0014&ssp=pubmatic&expires=30&user_group=5&bsw_param=0ecda7a8-55a0-4b14-affd-9a977bd5df6a HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Request Chain 213
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
Request Chain 214
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:FaQkITiQ1RqB5b5&gdpr=0&gdpr_consent=
Request Chain 215
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZlYai8prWFlG630TIH-Z7bm9GZk&gdpr=0&gdpr_consent=
Request Chain 216
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=53599fab-154f-443b-ab92-320a9156b7cc&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Request Chain 218
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336248539659481
Request Chain 224
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bMC8Wu5JQvWMRH0-PlVpvA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 225
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%2C%2C
Request Chain 227
  • https://eb2.3lift.com/xuid?mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
Request Chain 228
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkNDMEJDNUEtRUU0OS00MkY1LThDNDQtN0QzRTNFNTU2OUJD&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 229
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECpKLamR0jcid5GxZdfYEHo&google_cver=1
Request Chain 230
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:FB40634400C047BB9055353B18FFBA2E
Request Chain 231
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&gdpr=0&gdpr_consent=
Request Chain 235
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=725f098eb4b04a2&is_secure=true&networkId=17100&version=1&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACHL_Tl-PvxgMDCItTAAAAAAA&expiration=1705704118&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 238
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9011907017921379196&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 239
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R33645_10F80E176_8005853E&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 240
  • https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&pi=pubmatic&gdpr=0&gdpr_consent=&tc=1
Request Chain 251
  • https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=smartadserver HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=ZlYai8prWFlG630TIH-Z7bm9GZk&user_group=1&ssp=smartadserver&gdpr=0 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
Request Chain 252
  • https://a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aWIycng2MHVTVEJTbk9nY0lKMGl2LXBaUQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJSjBpdi1wWlEiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn0seyJuYW1lIjoic21hcnQifV19%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJSjBpdi1wWlEiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn0seyJuYW1lIjoic21hcnQifV19&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJSjBpdi1wWlEiLCJkIjpbeyJuYW1lIjoic21hcnQifV19&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJSjBpdi1wWlEiLCJkIjpbeyJuYW1lIjoic21hcnQifV19&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=1850987600149466198&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJSjBpdi1wWlEiLCJkIjpbeyJuYW1lIjoic21hcnQifV19 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=141&partneruserid=ib2rx60uSTBSnOgcIJ0iv-pZQ&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991648%26r%3Dhttps%253A%252F%252Fa.audrte.com%252Fp%253F HTTP 302
  • https://a.audrte.com/match?uid=1806854147396276484&p=M501991648&r=https%3A%2F%2Fa.audrte.com%2Fp%3F&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/p
Request Chain 253
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=965ae27b-298b-41c8-9bb5-1386f964b712&gdpr=0&gdpr_consent=
Request Chain 254
  • https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=JIGviXON_YU_jPiJc4fjhiGB_tE_hPeFK4FPPkVZ
Request Chain 267
  • https://ssum-sec.casalemedia.com/usermatch?s=190719&cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Request Chain 268
  • https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1--- HTTP 307
  • https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1---&b=1&g=V3X1K6gbU89Ez0zQnzTgtT7k7JzLY0vgKdDPKgOXC%2FI%3D
Request Chain 277
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&expiration=1708209719&gdpr=0&gdpr_consent=
Request Chain 278
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZampN6SvVkHTzb-mzC2DMAAACiYAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESED9LVAeV3w38G1F-ifbhRmA&google_cver=1
Request Chain 279
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZampN6SvVkHTzb.mzC2DMAAA%262598&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZampN6SvVkHTzb.mzC2DMAAA%262598&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=5e690679251e43538f575460d67ffb1d HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA
Request Chain 281
  • https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=997336248539659481
Request Chain 283
  • https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598
Request Chain 284
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=FaQkITiQ1RqB5b5
Request Chain 288
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=878557539485
Request Chain 289
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019&gdpr=0&gdpr_consent=
Request Chain 290
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=53L4xdR7DOODFVT8OampZQ
Request Chain 291
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1705617720480 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=6540955050 HTTP 302
  • https://sync.1rx.io/usersync/turn/8939849423883451260?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
Request Chain 295
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7589041201645427175&uid=Q7589041201645427175&ref=%2Fepm HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7589041201645427175
Request Chain 296
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:3F754998CF3743FA8F63CF72A8B27320&gdpr=0&gdpr_consent=
Request Chain 298
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent= HTTP 302
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&vxii_pid=12&vxii_pid1=10067&vxii_rcid=0b3d3ec3-6de4-4497-a3ea-1d3ee0b76d68
Request Chain 302
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1850987600149466198
Request Chain 303
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d37748e-a3f3-4cfd-bc2b-b5b85ce47022&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 305
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17136_2&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
Request Chain 309
  • https://u.openx.net/w/1.0/cm?id=f0686912-7fb3-48f6-be19-4d168ad880c0&r=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fopenx%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D HTTP 302
  • https://sync.ex.co/v1/setuid/openx/?gdpr=0&gdpr_consent=&uid=001f97c9-3046-48f2-8afc-604f4a5663d1
Request Chain 310
  • https://sync.1rx.io/usersync2/rmpssp?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Funruly%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7880916620 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/0f1e84a8-ad36-4acf-8754-852e04c3fc7a HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005?redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Funruly%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DRX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005 HTTP 302
  • https://sync.ex.co/v1/setuid/unruly/?gdpr=0&gdpr_consent=&uid=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
Request Chain 312
  • https://ads.stickyadstv.com/user-matching?id=3684&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ex.co/v1/setuid?bidder=freewheel&gdpr=0&gdpr_consent=&uid=275fc58f48298b1878e277fd4cab9678

304 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/
Redirect Chain
  • http://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3625dce33e699a6f21c3602
  • https://mailz.leafybranch.com/index.php/campaigns/me963742dk959/track-url/zq682o2rc5a66/1572a0acf74fc5fdc3625dce33e699a6f21c3602
  • https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
52 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc7c97e7979cbc532c30e18aa190bf91e74584ccbd80a9a2e090efd23e9df02d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847a59133bbf2c8f-DFW
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 18 Jan 2024 22:41:53 GMT
fastcgi-cache
BYPASS
link
<https://freedomheadlines.com/wp-json/>; rel="https://api.w.org/" <https://freedomheadlines.com/wp-json/wp/v2/posts/28738>; rel="alternate"; type="application/json" <https://freedomheadlines.com/?p=28738>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhiN6ActZzY0EtwJWbr23r09DPUifxcUvXeAG%2Burr3uLgSclJNNSwyM1Q4x3Gk9DhSYQbOJYJfUa%2FmiHlvMygWFOFP%2FK3xxVkH%2B0sW%2FZY0TXnx7HJx2aJHPSHO7riuQCzXUgPV9sDg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Thu, 18 Jan 2024 22:41:52 GMT
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Thu, 18 Jan 2024 22:41:52 GMT
Location
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Pragma
no-cache
Referrer-Policy
no-referrer
Server
Apache/2.4.56 (Debian)
X-Content-Type-Options
nosniff
X-Frame-Options
deny
X-Robots-Tag
noindex
X-XSS-Protection
1; mode=block
style.min.css
freedomheadlines.com/wp-includes/css/dist/block-library/ 		81 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4451710
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:02 GMT
server
cloudflare
etag
W/"6352011e-145db"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27S3k7CeIZ%2F3xOR4wnPV2abHOFQYqOTUGlzlFCyU9WjY6CTW%2FtQwinA4To5UUOG9h9e4YPpRh8EHI14gci7w2iMcBNbHTeYqyIqthKI3FX%2FPMkk2SBoxG3Nl04M8ltPK5dPdrjF2tw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d222c8f-DFW
expires
Wed, 30 Oct 2024 07:36:01 GMT
mediaelementplayer-legacy.min.css
freedomheadlines.com/wp-includes/js/mediaelement/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6185903
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:01 GMT
server
cloudflare
etag
W/"6352011d-2bf8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DO%2BnmRiMEFsRzt0Krb7JxRDTigAXaE4RaBBr%2BZO3XQpHUIIjaziz22%2F2nJBnjtytqig9Hggt2GUrvWSm7y7pHJsy7q4fOxBrHAidumLaOGKgHdXMX5Mek6NYLD%2F9mNsrEV6mkbaFbA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d252c8f-DFW
expires
Thu, 07 Nov 2024 08:19:46 GMT
wp-mediaelement.min.css
freedomheadlines.com/wp-includes/js/mediaelement/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4352638
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:02 GMT
server
cloudflare
etag
W/"6352011e-105a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FfwXeC1h59kHsp9phXCpJMWW7MmQvyz1eS8YV07PqwXtq%2FXphX9gspsO8sAZxvTjx1zdyCHXHUVchsermc5aUJw%2FoPLfJqhuAhiJ2bHX9hfzeAlxujF8yFhnZ6Kg3SHmTeMoxH39qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d292c8f-DFW
expires
Wed, 30 Oct 2024 14:37:08 GMT
components.css
freedomheadlines.com/wp-content/themes/breena/inc/assets/css/ 		52 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/components.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76bbe117102ce802cd20b57f9722133d7924bb3395bfe201f8f0b515a81c46dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5745916
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:19 GMT
server
cloudflare
etag
W/"6352012f-cf80"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yEdq%2B9h6X7BstFUvbrUkWJgDS0UQgQ2gqz6wtVAxl%2FeS5SZvJKcLuWUXD%2Fx03DZ396tQ%2BUYSLpf7gQeNIKVFNVzm7Yi8yPO9phMzuMWoMCHwYv7R7RpIzU49ZccEw4BDhMeRlI9VaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d2b2c8f-DFW
expires
Wed, 30 Oct 2024 10:41:10 GMT
style.css
freedomheadlines.com/wp-content/themes/breena/ 		106 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/style.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f673a8adc98789a6eca1dd65c67fb782787f2571ba2730bb8c5f69bea7b5bc0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6561831
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 01:58:37 GMT
server
cloudflare
etag
W/"6351fccd-1a9ae"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDF8JO68Pufs0k%2FDdAmwdzhP07eaoEZNgtDZsSzB%2FTyJC6o6Ga0f4sWhA9XG7LygIIUEwusy%2B6MYKRD2M2gTMSiCeUNKBIbYDHW%2F7Qa3FK5kQzTCRDCLV2ZOeaAjkyAwPenShWaQxA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d2e2c8f-DFW
expires
Sat, 12 Oct 2024 07:41:08 GMT
responsive.css
freedomheadlines.com/wp-content/themes/breena/inc/assets/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/responsive.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2e99d9f642cf26e56bad3ff3705fd8ab8ea028ffa302405d1642bb7456d796a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6009839
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:19 GMT
server
cloudflare
etag
W/"6352012f-3c33"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SBMpuxq2%2BhDgq7eIOZUcdIN9QxenJ9Q6yOTJ6icT79afviN%2B3zrt1v5Qj58nfluSApiET3aXnDONXK2YrfrFRuf7AAoxHqVxTXUn3T681vJqYgxpZ%2F47sd%2BZ5r%2BF6oBTNY%2FgfrFNA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d2f2c8f-DFW
expires
Sat, 12 Oct 2024 07:41:08 GMT
font-awesome.min.css
freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/css/font-awesome.min.css?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6185903
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:20 GMT
server
cloudflare
etag
W/"63520130-7918"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9u%2Bv7yEZqMIDOWMhoBPl%2F1%2BMUR7OtXzNZKb9lMVifl09bZ0B98b3Am2f9aXect7SBMSu%2BLbcapFW7GyWMdUYIWxhBuFfn%2FZedC0Z4n4lWKAxL8p1gbBrIgbET%2BsOotKD7xqWBeHoXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59144d322c8f-DFW
expires
Sat, 12 Oct 2024 07:41:08 GMT
css
fonts.googleapis.com/ 		58 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CLato%3A300%2C300i%2C400%2C700&subset=latin%2Clatin-ext
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f10.1e100.net
Software
ESF /
Resource Hash
253ce4a3cb84db5cb5505c8843c26aebe9d5e4c1bfbd36496e75c5f1964295b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 18 Jan 2024 22:41:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Jan 2024 22:41:53 GMT
jquery.min.js
freedomheadlines.com/wp-includes/js/jquery/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4451710
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:02 GMT
server
cloudflare
etag
W/"6352011e-15db1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHaO2KGgpedCN0ZDKFQRCPh3ARrD3N1Wz0v8GuoiHWtenVNIpsDrnBm1aVvesADyVQguC6l7lb9dwlB1D%2FUdB240J5QqcRcIXsc4oIJWen%2BAdPS%2FvR6lOHztdZuHpJMmI%2FefPGESDg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59145d332c8f-DFW
expires
Mon, 11 Nov 2024 13:10:50 GMT
jquery-migrate.min.js
freedomheadlines.com/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6794023
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:04 GMT
server
cloudflare
etag
W/"63520120-2bd8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvXCDFXW2udIQq9YZlUVKNKsZNC8EACt4OyyXCd7aSpHGYagzK0YYhdXy34UhaoPD9gp4I3KFXNp6kZ%2FvexKqFc1fVv8oiG7LIkuKzwgGNX16ah8UJXdSP3nflKfruVv4jTIsZfnKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59145d342c8f-DFW
expires
Fri, 17 May 2024 21:49:14 GMT
wp-emoji-release.min.js
freedomheadlines.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5921911
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:04 GMT
server
cloudflare
etag
W/"63520120-4705"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KJ6SimvJMnppR2%2BKGoqmGm9g8sh%2B51NladgS6kwSD0WKfjGUvWHA%2BbdHazXErCadriB%2B40TMnTGajUKpRUFxQdrduS3PW9CYQKY1nLPfL%2FS83vlMj02TRWJMN%2BDTWHVci9VWZUlQg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59161dd84791-DFW
expires
Sun, 10 Nov 2024 09:07:21 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		98 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
1fd8cd5e62cb436fafbaf01a449d1b5ba096b076e2e62b97414913f75c49e3a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29787
x-xss-protection
0
server
cafe
etag
856 / 19740 / m202401110101 / config-hash: 4827389799172652304
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Jan 2024 22:41:53 GMT
js
www.googletagmanager.com/gtag/ 		188 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-32644619-11
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
9855eb13fad5305d9af9ffef201f3342cfff67a343b5f5365d2c93b051fdd8cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
69446
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 18 Jan 2024 22:41:53 GMT
/
users.api.jeeng.com/users/domains/mO6DXK83XA/sdk/ 		0
0
FH-2021-sized-1.jpg
freedomheadlines.com/wp-content/uploads/2021/01/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2021/01/FH-2021-sized-1.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5f4f96e32a749a3c07b566aceb9b84a8445c71ca9713a4bfce9b7d28731fc33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6557777
alt-svc
h3=":443"; ma=86400
content-length
28587
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 01:55:25 GMT
server
cloudflare
etag
"6351fc0d-6fab"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXYVLAcY5xAF54b75y7uUt4RlnvAWjLBl0yvhf%2Fw9s0blQGHUfRHl%2FsBBES3RUipcjKTm6NR8yh3EWBynsuB7IJF%2BFP%2BF74X3BkormlboYdA7SKG4NSBHhzGOGTEFnQk9MpFN9%2FcLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59148d7e2c8f-DFW
expires
Wed, 07 Aug 2024 15:15:55 GMT
joran-van-der-sloot1-800x450.jpg
freedomheadlines.com/wp-content/uploads/2023/10/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2023/10/joran-van-der-sloot1-800x450.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cba9791585bac9949505c3caafb5fbc19a20868a370ebc3189ebc6294e88fb8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
38191
x-xss-protection
1; mode=block
last-modified
Thu, 19 Oct 2023 03:21:01 GMT
server
cloudflare
etag
"6530a09d-952f"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AG3XqjC55s3YMeI%2BY%2F7JBEM1P8%2F6YK75PI%2BWD2%2F8dy6qxRhPLLQzsxMzRGqlD8VQSbPc9axUXZw9KE9y%2F2LvYpqND5q9oOTOvnArwlAOpMyfXauyJescVvyT%2BAyUeHeN%2B41JiFTGhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59148d852c8f-DFW
expires
Sun, 12 Jan 2025 10:09:07 GMT
natalie-holloway-650x366.jpg
freedomheadlines.com/wp-content/uploads/2023/10/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2023/10/natalie-holloway-650x366.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565fc1fc4a3adb7bcc85e65403a43d7cf4b781eb7ff9b666b35c8a2669c646dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
29910
x-xss-protection
1; mode=block
last-modified
Thu, 19 Oct 2023 03:21:18 GMT
server
cloudflare
etag
"6530a0ae-74d6"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NHPBiIuH0tpQ6LboNWMyV362C5D73BwupK1Nyi%2FKFeA%2FbgmNdvJ5OuZqdpX9jkBDMEBrjEiw95p0NmiF2E%2BNq7hyKQHohgi3aLPPMRo2u0AZ8jpTgNUQDamtwboFd7MLCUiCPZ2lw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59154cb24791-DFW
expires
Tue, 14 Jan 2025 20:30:48 GMT
widget_v3.js
cdn.whizzco.com/scripts/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.whizzco.com/scripts/widget/widget_v3.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.207.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d8562efd8364015edd8080e72d8bd98f0a92019058f15df14e03f9951e01876

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
via
1.1 4bdfceaf1e5818a447172b952e6aa4c0.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
DFW57-P6
age
598
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 05 Mar 2023 13:26:38 GMT
server
cloudflare
etag
W/"af75195749ffac29c536aae88fdbda39"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZzElan7c9vqF2%2FLiBR%2B%2FEmWypP%2B8L3O%2FMLsnJ8MVY2Jof39SieDl4pddt32eE7uSbZ2um0nFEPu0hNqi3Or1Dv9b6cFIHaVvtY6ioc3t3jCzCm9PXdUljBUF65ylxjNYBs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
847a5916bdcbe5a9-DFW
x-amz-cf-id
B4-K012HkRgdV4BJCS18j6EccVvv9x6_ST97w1vPG5df7JO5ZA_qdA==
email-decode.min.js
freedomheadlines.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Jan 2024 17:29:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65983c8b-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIj5wluUpXlDVh5R%2BzzupAxMgvyNPrby3%2Bgwb7NO70BVpHD1ncsIsyCK5GQT7SU0RSokTtVM6DkFeWIjLFj0zipklTNDlCP%2BNV4OFtrYQL%2BC0gEiviZf85Ts0ILCQHKyP0xJP4STZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
847a59155cd44791-DFW
expires
Sat, 20 Jan 2024 22:41:53 GMT
freedomheadlines_freedomheadlines_sticky.js
cdn1.lockerdomecdn.com/embeds/ 		1003 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn1.lockerdomecdn.com/embeds/freedomheadlines_freedomheadlines_sticky.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.34.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-98.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2bcf7c31dad5a7352c5b9750d4e991939473441aef5d9ea22c036a47df0e1dca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id
2FslkIyxepjVYcj6UqIyjxnPoJ3KBM3m
date
Thu, 18 Jan 2024 13:34:29 GMT
via
1.1 78cc4d359edf91a401bf5898aa1dacc6.cloudfront.net (CloudFront)
last-modified
Thu, 05 Jan 2023 17:31:35 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
age
32845
x-amz-server-side-encryption
AES256
etag
"c33cc7321d972455c359a8bc75ba8455"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1003
x-amz-cf-id
Z5hlvSsmA4bin66u5P5VeUcLDpaToKJjRbYCe_eaErAoSIwSyvI3pQ==
components.js
freedomheadlines.com/wp-content/themes/breena/inc/assets/js/ 		241 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/js/components.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1bcf2aae786aa72292ec28f330390b1e324f4c273f9ca993150b5163620d862
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5998324
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:20 GMT
server
cloudflare
etag
W/"63520130-3c5ec"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCvLSwGWCgX%2BxWNfFI4DI73LRYbKo1bsw2uVYkzYkRWK5tzxOAh1JwvKfzYabV65DhFhD9rBqpLk289cXw8k0omRZ3vkwmK6pesdmahIsYKgh3NsuEHL2ppyqqFWPDjvKY0VlcSKVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a5915ad414791-DFW
expires
Sat, 12 Oct 2024 07:41:08 GMT
breena.js
freedomheadlines.com/wp-content/themes/breena/inc/assets/js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/js/breena.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6f14681142e16db6027f013840dc46f68cce2f3c5ccf8814d2361d06b5127d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4453325
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:18 GMT
server
cloudflare
etag
W/"6352012e-356e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phIoC1eFvn6nn%2F4Kg8jOhN3oTs%2BWQJZAbJm1jCG9s0jEVA%2BjW2keK%2Fj18%2Fz3ZRMfG1vETgGuxI5378zS4oKc25QOTRu1c48D%2FSU7dUPejJLrDvPoy8sIO22H1FCPkUnP%2BoUzxhVoCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a5915fdb24791-DFW
expires
Wed, 27 Nov 2024 08:12:54 GMT
mediaelement-and-player.min.js
freedomheadlines.com/wp-includes/js/mediaelement/ 		154 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5014747
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:04 GMT
server
cloudflare
etag
W/"63520120-267aa"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ii0t4epRXAyIwLlKLTXHY8%2FHXvIct%2FbCpuRU9VWVWlCyZw%2Fh%2FF5n%2Bf4cZrh8%2Bf63escYrZAWyyjcGpMFsGwTqSzCceTt4UUa9tjSJXVYZZwoLFBKGrnQ5xdPI59kwz4IHiK0%2BP%2FHqw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59161dd14791-DFW
expires
Wed, 30 Oct 2024 09:46:59 GMT
mediaelement-migrate.min.js
freedomheadlines.com/wp-includes/js/mediaelement/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6013225
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:04 GMT
server
cloudflare
etag
W/"63520120-4a9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dPlzM%2BrlGRqFr3U2YONXxwFzkpMCbtbG4Bd6VjhF5Ao%2Bley8IvTbrawGUcVnybhAKFq2TNI5mDOUq4HlvBlAXSF3DrHGJW2gsK9ZBeIX4R5G%2BWZQYs%2Fa3yvVcCPrUwYvCcOGf86Alg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59161dd24791-DFW
expires
Sat, 09 Nov 2024 07:53:07 GMT
wp-mediaelement.min.js
freedomheadlines.com/wp-includes/js/mediaelement/ 		906 B
977 B 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4187584
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:04 GMT
server
cloudflare
etag
W/"63520120-38a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9bWDlfLlb6fVOnpgZdqioN5SnJRErCz2CneZEo4gQYkXWrAKl7XDVRhl7OT5zK2pN7e4nBMpHS8ELkmzBvr3aeNmWWyG7zlPJ0LvNYoByzIRJMTG4%2FLQI0JRznbawiiNu7U6KvKRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59161dd44791-DFW
expires
Fri, 29 Nov 2024 12:19:32 GMT
comment-reply.min.js
freedomheadlines.com/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-includes/js/comment-reply.min.js?ver=5.9.8
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5827616
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 21 Oct 2022 02:17:03 GMT
server
cloudflare
etag
W/"6352011f-ba3"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Am1F2wRlZDJy8wFxhzAem4cEDqLyTHIAIpriOUvWXmKafMQPxdh8ZDBrpSXexR3TjtHN%2BJaSKd6jclcGOG4arqBx6%2FrMJBgWjVMv6C3CS%2FQXOuEiWN4ZFBkEzXbdNGt63Vl5YvTIiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
847a59161dd64791-DFW
expires
Sat, 09 Nov 2024 09:37:55 GMT
ajs.js
cdn2.decide.dev/_js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn2.decide.dev/_js/ajs.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-31.jfk52.r.cloudfront.net
Software
/
Resource Hash
571b06d1913de139d860b755ded1b677f7bae6a45ddd2c30393fadc8e8720279

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 14:20:59 GMT
content-encoding
gzip
via
1.1 google, 1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
last-modified
Wed, 17 Jan 2024 06:08:56 GMT
x-amz-cf-pop
JFK52-P2
age
30054
etag
W/"1675-18d16097b4f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=86400
accept-ranges
bytes
x-amz-cf-id
KEIVHFibl4AxoL5-BY5DgHv3CFamSwU3zT0AReK_TxnN96QRetPC4Q==
platform.js
cdn.vuukle.com/ 		245 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/platform.js
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5241f0728079864ee5553634ca3a7b18fdd2cffb9bbdf1697ad083d04e31fb48

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
br
cf-cache-status
HIT
age
50423
cf-polished
origSize=251477
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 18 Jan 2024 08:40:16 GMT
server
cloudflare
etag
W/"65a8e3f0-3d655"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=7200
cf-ray
847a5916bc342863-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
YARYJ8U1jio
www.youtube.com/embed/ Frame 4403 		0
0
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CLato%3A300%2C300i%2C400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://freedomheadlines.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 07:11:27 GMT
x-content-type-options
nosniff
age
55826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Jan 2025 07:11:27 GMT
fontawesome-webfont.woff2
freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/css/font-awesome.min.css?ver=5.9.8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://freedomheadlines.com/wp-content/themes/breena/inc/assets/css/font-awesome/css/font-awesome.min.css?ver=5.9.8
Origin
https://freedomheadlines.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4350922
alt-svc
h3=":443"; ma=86400
content-length
77160
last-modified
Fri, 21 Oct 2022 02:17:20 GMT
server
cloudflare
etag
"63520130-12d68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QuUsRNwKKevuKyH5FIdMOHNehf1zuah9hRhRb%2F6d0SoIopbinf33z0n5r%2BPXWyG1%2BhLRQbT52XFfNxypkLF82GhgjuomdXrgXpcJoSmyy5qeYSXFhHhKdoGnpnCHmAVF1Qvdzab3AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59163e004791-DFW
expires
Thu, 28 Nov 2024 12:19:26 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CLato%3A300%2C300i%2C400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://freedomheadlines.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 11:28:34 GMT
x-content-type-options
nosniff
age
40399
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Jan 2025 11:28:34 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CLato%3A300%2C300i%2C400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://freedomheadlines.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 07:51:30 GMT
x-content-type-options
nosniff
age
139823
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jan 2025 07:51:30 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C300italic%2C400italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CLato%3A300%2C300i%2C400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://freedomheadlines.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 23:55:06 GMT
x-content-type-options
nosniff
age
82007
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26736
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:28 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jan 2025 23:55:06 GMT
6_SUFvY80G4-HD-150x150.png
freedomheadlines.com/wp-content/uploads/2024/01/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2024/01/6_SUFvY80G4-HD-150x150.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c9a974575269cafe00639d9210903c393c2da3866c96e7e25ad1cb2d450358
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47701
alt-svc
h3=":443"; ma=86400
content-length
32371
x-xss-protection
1; mode=block
last-modified
Wed, 17 Jan 2024 20:06:12 GMT
server
cloudflare
etag
"65a83334-7e73"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dx6nufEQ5Kd9gG4UrduUOm%2FEbOln2jzm%2BHzeaheFHItLP4HzgzDaktHvWMbg98YIM96dwrXu32dx88xqBUD6MoQoIX2CeRssbjZSKBGIe%2B56uOBViRDuCSw27xc7hsxsXvruUwgPWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59166e324791-DFW
expires
Fri, 17 Jan 2025 08:58:49 GMT
lb0Gb4Hr1kQ-HD-150x150.png
freedomheadlines.com/wp-content/uploads/2024/01/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2024/01/lb0Gb4Hr1kQ-HD-150x150.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e2a5b98c331b38a3a216b1e5a3748adb293a40a4abe48eb57514b5dcaaf2e6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47701
alt-svc
h3=":443"; ma=86400
content-length
44275
x-xss-protection
1; mode=block
last-modified
Wed, 17 Jan 2024 17:39:01 GMT
server
cloudflare
etag
"65a810b5-acf3"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8p76ZM8mD%2BJMJDrR3i3tq4ujRW08Q33ogoZg0yxPjbRSrydlRyDS7exlXSInhquLneRWsseCR1O%2BMKCQMJ85mDgbaLXfn4l%2BJAA5yQevWuZXyqFovDwcIJQb7v1MMJ52j6dwfIfS%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59166e354791-DFW
expires
Fri, 17 Jan 2025 08:58:21 GMT
qsp6PikjDOw-HD-150x150.png
freedomheadlines.com/wp-content/uploads/2024/01/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://freedomheadlines.com/wp-content/uploads/2024/01/qsp6PikjDOw-HD-150x150.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.34.120 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fa2744da5c3369511fa06da73cd7eae7420bc0b9e4a131ae1d6a6294245a159
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47701
alt-svc
h3=":443"; ma=86400
content-length
34559
x-xss-protection
1; mode=block
last-modified
Wed, 17 Jan 2024 19:49:39 GMT
server
cloudflare
etag
"65a82f53-86ff"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgvDgVkHuHJ40WES1HXVsYwxvCgWkDHjYh%2BFElRu5qwx9N0pY5b0BJvOFY%2BnEAIaa7pIMgpWvArL45zCLN2g2TdS9%2FXeq%2FzSmyPfCKhCkiy52eoINurxAulbP%2BygFUJ6AJgn14fsBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
847a59166e364791-DFW
expires
Fri, 17 Jan 2025 08:58:21 GMT
YARYJ8U1jio
www.youtube.com/embed/ Frame 0F6A 		93 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
ESF /
Resource Hash
20f279f4c90be846c4e1b445b2310ccc90648c0b9d57f2210a32acbdd9a2bbdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 22:41:53 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rtads
api.whizzco.com/demand/v1/ 		626 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.207.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38387426c03ec7217e618384d562b856ddc86b2bf1385f9d6aef6eee96b38e50

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucvBZtfsLb3ZlvfVQy8SuU9IGxSTbL3iOZU60mdLmx9cNWJ69Wz7nIrfuRCGVRcltech7eTrMgfPiBA%2Boc5kgkrlknpbMf%2BJOZOzEmlPCHfrGJfAMCqjbiC2WRcxUWHa394%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
cf-ray
847a591a8b95e5a9-DFW
alt-svc
h3=":443"; ma=86400
rtads
api.whizzco.com/demand/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847a5917fb8faa63-DFW
content-length
0
date
Thu, 18 Jan 2024 22:41:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvJP8%2FEAswAjjcMYJ0pxco0MUcRpQYL0GcycSxAwiTisE%2BClEJ5t%2FtyTCCqWaeOzvxPnEG8PM%2B56i%2BKP6M4kYJi2DlckzloSD7FLHXWtOJZIHZ3j1g14qRXotjDp6rF6O7Q%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
getGeo
vuukle.com/ 		111 B
371 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vuukle.com/getGeo
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
180220e5b01f290e31e00bde65adcf5961c14b16c1e67ce7de09f2a0fc5f819c

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
accept-ch
sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-viewport-width
server
cloudflare
vary
Accept-Encoding
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,POST,OPTIONS
access-control-allow-origin
*
content-type
application/json;charset=UTF-8
cf-ray
847a591878536b41-DFW
alt-svc
h3=":443"; ma=86400
loadVuukle
api.vuukle.com/api/v1/Comments/ 		13 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.vuukle.com/api/v1/Comments/loadVuukle?apiKey=92fd8992-dbb2-4d42-9cc3-1b8101c44b9b&articleId=28738&globalRecommendation=false&host=freedomheadlines.com&start=0&uri=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&quizEnabled=false
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.22.149 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de71777d23d01797b62f19653d92667dcb2bb416c303e28bf18b77bb07250f0e
Security Headers
Name Value
X-Xss-Protection 1

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
via
1.1 varnish (Varnish/6.2)
content-encoding
br
cf-cache-status
DYNAMIC
age
0
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH, OPTIONS
x-varnish
475702842
content-type
application/json; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-store,no-cache
access-control-allow-credentials
true
access-control-allow-credentiails
true
cf-ray
847a591a784b2839-DFW
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
freedomheadlines.com.js
cdn.vuukle.com/domain-configs/ 		139 B
211 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/domain-configs/freedomheadlines.com.js
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdf47e9be1ad651fcad55288d534fbeeba846ce487322a2b8f1f7e0f6dfaab12

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:53 GMT
content-encoding
br
cf-cache-status
HIT
age
14775
cf-polished
origSize=186
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 18 Jan 2024 14:41:07 GMT
server
cloudflare
etag
W/"65a93883-ba"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=1800
cf-ray
847a59180d452863-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
emotes.html
cdn.vuukle.com/widgets/ Frame A0DE 		88 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/widgets/emotes.html?version=3.12.6
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd18cb9a4cbfd06f96f96d89fc8079c87141abdc150a9ee6848e7a80383bcd1e

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
age
905573
alt-svc
h3=":443"; ma=86400
cache-control
max-age=10800
cf-cache-status
HIT
cf-ray
847a59180d4f2863-DFW
content-encoding
br
content-type
text/html
date
Thu, 18 Jan 2024 22:41:53 GMT
last-modified
Mon, 13 Nov 2023 11:03:13 GMT
server
cloudflare
vary
Accept-Encoding
index.html
cdn.vuukle.com/widgets/ Frame A619 		336 KB
107 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/widgets/index.html?version=3.32.2
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc1cd94515c5f604d88a866461e199bbee75210441dae76316c74cf7dc34e200

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
age
50415
alt-svc
h3=":443"; ma=86400
cache-control
max-age=10800
cf-cache-status
HIT
cf-ray
847a59180d512863-DFW
content-encoding
br
content-type
text/html
date
Thu, 18 Jan 2024 22:41:53 GMT
last-modified
Thu, 18 Jan 2024 08:38:12 GMT
server
cloudflare
vary
Accept-Encoding
sjs.js
cdn2.decide.dev/_js/ 		10 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn2.decide.dev/_js/sjs.js
Requested by
Host: cdn1.lockerdomecdn.com
URL: https://cdn1.lockerdomecdn.com/embeds/freedomheadlines_freedomheadlines_sticky.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-31.jfk52.r.cloudfront.net
Software
/
Resource Hash
61773d9a3aa1ba14b2f4ea9a8118c619c460c5acbc8770405530cc5ce31ed7e4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 05:42:52 GMT
content-encoding
gzip
via
1.1 google, 1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
last-modified
Wed, 17 Jan 2024 06:08:55 GMT
x-amz-cf-pop
JFK52-P2
age
61141
etag
W/"26be-18d160977f3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=86400
accept-ranges
bytes
x-amz-cf-id
yUCCDrF4Gp4JpviRCpnmnSIEOKjxw8QMboc1ma0kf10IWGtpbZnP5A==
14305626872558694
decide.dev/lad/ Frame 1042 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://decide.dev/lad/14305626872558694?pubid=ld-9377-335&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=780&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=220&y=2321.21875&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Requested by
Host: cdn2.decide.dev
URL: https://cdn2.decide.dev/_js/ajs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.139.129 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
129.139.149.34.bc.googleusercontent.com
Software
/
Resource Hash
f670413d2ae1a2ae6adb0f76cf9a23e52e96324d60f3c10658a9bfe558a6513d

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, max-age=0, must-revalidate, no-store
content-length
1342
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:41:54 GMT
via
1.1 google
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/ 		430 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
8730aafbdb6d03c6d4a37f76ebf8d504d5706fbae56686399a4b198981a0b6be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:28:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
11629
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138464
x-xss-protection
0
server
cafe
etag
13337571285874554267
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 17 Jan 2025 19:28:05 GMT
comments.css
cdn.vuukle.com/widgets/ Frame A619 		38 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/widgets/comments.css
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/widgets/index.html?version=3.32.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
781702c1783e6e4274fe36a5d88989019e9737fa6893cf57ffeb99f42ab34086

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
cf-cache-status
HIT
age
50591
cf-polished
origSize=39123
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 18 Jan 2024 08:38:12 GMT
server
cloudflare
etag
W/"65a8e374-98d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=10800
cf-ray
847a5918bf7f478e-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
emotes.css
cdn.vuukle.com/widgets/ Frame A0DE 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/widgets/emotes.css
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/widgets/emotes.html?version=3.12.6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81ae95bc2154d20fe364863204defe3e2fb799adcce6c69ebb054962c8462fe0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
cf-cache-status
HIT
age
659630
cf-polished
origSize=8613
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 13 Nov 2023 11:03:21 GMT
server
cloudflare
etag
W/"65520279-21a5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=10800
cf-ray
847a5918cf91478e-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
www-player.css
www.youtube.com/s/player/42a553e1/ Frame 0F6A 		359 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
sffe /
Resource Hash
1515b988fb1fab95f3ba07b215b8fc214e6834106caf76452ad83045ddc73d5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 15:09:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
27140
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47506
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 17 Jan 2025 15:09:34 GMT
prebid3.js
cdn.vuukle.com/static/ 		448 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/static/prebid3.js
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbbc1d6d55e90d54956dd8aa41d8edfb36f72f11125b04cdba0efad8fd875ce7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
cf-cache-status
HIT
age
37651
cf-polished
origSize=608215
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 30 Dec 2023 16:47:33 GMT
server
cloudflare
etag
W/"659049a5-947d7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=43200
cf-ray
847a5918df97478e-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
freedomheadlines.com.json
cdn.vuukle.com/ads/ 		16 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/ads/freedomheadlines.com.json
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48bbdaebf4cd06636120162cde7b0394650efbd4b8b44621ad604a8797b5c9e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 18 Jan 2024 19:52:53 GMT
server
cloudflare
etag
W/"65a98195-3eba"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cf-ray
847a59191d0a0be2-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
alt-svc
h3=":443"; ma=86400
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0F6A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 13:04:06 GMT
x-content-type-options
nosniff
age
34668
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Jan 2025 13:04:06 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0F6A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:38:43 GMT
x-content-type-options
nosniff
age
72191
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Jan 2025 02:38:43 GMT
embed.js
www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/ Frame 0F6A 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
sffe /
Resource Hash
02a5e1455a782d51e1956f435ac8f871ae1ca9a966f7157bbc89119b2badcd45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 08:24:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
137829
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16724
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 16 Jan 2025 08:24:45 GMT
www-embed-player.js
www.youtube.com/s/player/42a553e1/www-embed-player.vflset/ Frame 0F6A 		323 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
sffe /
Resource Hash
9e1bec93b1cd6c4565d9a6df68892a7e77e26899952c274fd37683ca1e30a1fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 08:23:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
51506
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98861
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 17 Jan 2025 08:23:28 GMT
base.js
www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/ Frame 0F6A 		2 MB
771 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
sffe /
Resource Hash
67affdfdc0a39ce3dd1a0ca05ff36a1644c03c314f69c5fbfe38baacb82a9fcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 05:21:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
788873
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 17 Jan 2025 05:21:25 GMT
js
www.googletagmanager.com/gtag/ 		218 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CP4TF595X7&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-32644619-11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2c7d0abe2006e90cdd4bae22fe4577d6b51b047a15402d809da45ea6fd9942a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79505
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 18 Jan 2024 22:41:54 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-32644619-11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 21:16:23 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5131
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 18 Jan 2024 23:16:23 GMT
14729220068684902
decide.dev/lad/ Frame E496 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://decide.dev/lad/14729220068684902?pubid=ld-14729220068684902&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=1560&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=-100779&y=101199&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Requested by
Host: cdn2.decide.dev
URL: https://cdn2.decide.dev/_js/ajs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.139.129 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
129.139.149.34.bc.googleusercontent.com
Software
/
Resource Hash
f670413d2ae1a2ae6adb0f76cf9a23e52e96324d60f3c10658a9bfe558a6513d

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, max-age=0, must-revalidate, no-store
content-length
1342
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:41:54 GMT
via
1.1 google
bq-publish
publish.vuukle.com/ 		23 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://publish.vuukle.com/bq-publish?callback=&{%22action%22:%22view_page%22,%22hashed_email%22:%22$e0a116-e9cc-466b-8470-efe40c2d6a8f%22,%22hostname%22:%2292fd8992-dbb2-4d42-9cc3-1b8101c44b9b%22,%22pubdomain%22:%22freedomheadlines.com%22,%22refDomain%22:%22%22,%22sessionId%22:%2298c084d5-56c5-4a1c-bf26-904e16583390%22,%22version%22:%224.20%22,%22articleImg%22:%22%22,%22articleTitle%22:%22Joran%20van%20der%20Sloot%20Has%20FINALLY%20Confessed%20to%20Killing%20Natalee%20Holloway%22,%22article_id%22:%2228738%22,%22hashed_article_url%22:%22freedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%22,%22referrer%22:%22daniel%22,%22tags%22:%22%22,%22browser%22:%22Chrome%22,%22device%22:%22Desktop%22,%22os%22:%22Windows%22,%22isArticleBrandSafe%22:null}&_=1489139930741
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e048c40d8f9514215463c38eab9f4dcabba00d3fff7e0e40e01a465cf11a53a5
Security Headers
Name Value
X-Xss-Protection 1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
cf-ray
847a591999aa6b41-DFW
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
213794966
fundingchoicesmessages.google.com/i/ 		182 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/213794966?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
b3fc66f8e3c510bebdb3b75d0ada46f0100cb6c75bd35d84940711ee397fbc25
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FoFxns9sYMoGluCngB0t0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
content-security-policy
script-src 'report-sample' 'nonce-FoFxns9sYMoGluCngB0t0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
174 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CP4TF595X7&gtm=45je41a0v9116368575&_p=1705617713585&gcd=11l1l1l1l1&dma=0&cid=837548684.1705617714&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1705617714&sct=1&seg=0&dl=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&dt=Joran%20van%20der%20Sloot%20Has%20FINALLY%20Confessed%20to%20Killing%20Natalee%20Holloway%20%E2%80%93%20Freedom%20Headlines%20%7C%20Top%20Political%20News%20USA%20%7C%20USA%20Politics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1921
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CP4TF595X7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:54 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
freedomheadlines.com.json
cdn.vuukle.com/ads/ 		16 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/ads/freedomheadlines.com.json
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48bbdaebf4cd06636120162cde7b0394650efbd4b8b44621ad604a8797b5c9e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 18 Jan 2024 19:52:53 GMT
server
cloudflare
etag
W/"65a98195-3eba"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cf-ray
847a591bbeb30be2-DFW
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
alt-svc
h3=":443"; ma=86400
id
googleads.g.doubleclick.net/pagead/ Frame 0F6A
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Server
142.250.64.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s31-in-f2.1e100.net
Software
cafe /
Resource Hash
755eae1acb974fbb030fa699b6ad79fb46a89571cc1906a513e9061bf4f0b92f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 18 Jan 2024 22:41:54 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 0F6A 		29 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/42a553e1/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.41.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f6.1e100.net
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:29:37 GMT
x-content-type-options
nosniff
age
737
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Jan 2024 22:44:37 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1339295233&t=pageview&_s=1&dl=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&ul=en-us&de=UTF-8&dt=Joran%20van%20der%20Sloot%20Has%20FINALLY%20Confessed%20to%20Killing%20Natalee%20Holloway%20%E2%80%93%20Freedom%20Headlines%20%7C%20Top%20Political%20News%20USA%20%7C%20USA%20Politics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=331990341&gjid=175253165&cid=837548684.1705617714&tid=UA-32644619-11&_gid=1879440753.1705617715&_r=1&gtm=457e41a0&gcd=11l1l1l1l1&dma=0&jsscut=1&z=459417409
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc.js
stats.g.doubleclick.net/ Frame 1042 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: decide.dev
URL: https://decide.dev/lad/14305626872558694?pubid=ld-9377-335&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=780&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=220&y=2321.21875&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://decide.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 21:30:15 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4299
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17093
expires
Thu, 18 Jan 2024 23:30:15 GMT
dc.js
stats.g.doubleclick.net/ Frame E496 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: decide.dev
URL: https://decide.dev/lad/14729220068684902?pubid=ld-14729220068684902&pubo=https%3A%2F%2Ffreedomheadlines.com&rid=&width=1560&path=%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&x=-100779&y=101199&utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://decide.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 21:30:15 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4299
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17093
expires
Thu, 18 Jan 2024 23:30:15 GMT
widget_v3.js
cdn.whizzco.com/scripts/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.whizzco.com/scripts/widget/widget_v3.js
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d8562efd8364015edd8080e72d8bd98f0a92019058f15df14e03f9951e01876

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
via
1.1 5f97742663b008cb887bd33fb14e6260.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
DFW57-P6
age
918
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 05 Mar 2023 13:26:38 GMT
server
cloudflare
etag
W/"af75195749ffac29c536aae88fdbda39"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MT4Pvos8Umu%2BgaIKhXDmwXZzhCIWTodsiH726dK%2Fid1vmlihdgBjAqXahRBfJLuV9CPFcnqGyf2D9Z8UOBfxpVULbHgkTSYc%2FSRHBouPA1gPflIY03EJj%2FpOokLavCuJXZU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
847a591c794e4630-DFW
x-amz-cf-id
z9DMbLIjuIB-DqK6kviKVQ6pxNv894Ul7MIaG_C4iqu-vmBprJdmTQ==
priority
u=3,i=?0
delivery.js
assets.revcontent.com/master/ 		162 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/delivery.js
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-14.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6e439f4364dd180567c3cecd035b4910b8ed12c462a13c8c325fa45449f8d5d1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 21:58:54 GMT
content-encoding
gzip
via
1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 21:58:45 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P8
age
2581
x-amz-server-side-encryption
AES256
etag
W/"ea3d76277a470a831440d6bd67973fbe"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
gPNO05Oo6kIKgfq5JRhCRKul_aXE6yqmnprKX6nldvPThdiLPqu-BA==
tshow
api.whizzco.com/dtracking/v1/ 		15 B
474 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxihRINgYXa3KDNb76w2qrXYxk9ZTYqi6zjFbaCGehA%2Fiq%2B0V1OpT5mvbhd1%2Bu1FogZG6IgFore02U24kFUlZrOhZ6Eoy4IchUlPwQVlMGcqiVbHJOa6sbl%2BMYNr7mcckcU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
cf-ray
847a591d2d364864-DFW
alt-svc
h3=":443"; ma=86400
content-length
15
priority
u=1,i
tshow
api.whizzco.com/dtracking/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847a591c7915aa63-DFW
content-length
0
date
Thu, 18 Jan 2024 22:41:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pOJTUYmHzi3wNSurf9dNLiNjxcog0UEvd67o4iDM9Y0Ks%2FE%2FDTIx9cChcaNQtGWQ%2B5Y9B%2F18RV%2FG96LNC4bA0fygEnqUxbKMG%2FRQ55Brw19apm%2FpF22jTm7U9YoMx4HOOVw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
remote.js
www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/ Frame 0F6A 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
sffe /
Resource Hash
14d90feab5eabf643296bd61103dfed004a3c3dbbfd362826153123eb560df4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 07:11:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
55824
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33706
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 05:15:15 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 17 Jan 2025 07:11:30 GMT
Ds_pDKslpu-iWcXddHrDyyVH9ulM38tH3FG5TexbKIk.js
www.google.com/js/th/ Frame 0F6A 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/Ds_pDKslpu-iWcXddHrDyyVH9ulM38tH3FG5TexbKIk.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f4.1e100.net
Software
sffe /
Resource Hash
0ecfe90cab25a6efa259c5dd747ac3cb2547f6e94cdfcb47dc51b94dec5b2889
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 17:10:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
19858
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19790
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 17 Jan 2025 17:10:56 GMT
maxresdefault.webp
i.ytimg.com/vi_webp/YARYJ8U1jio/ Frame 0F6A 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi_webp/YARYJ8U1jio/maxresdefault.webp
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f22.1e100.net
Software
sffe /
Resource Hash
6c11304601c5bd5f6485384584517afd63d643d6cdb5036a926c78a8d2deec31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
x-content-type-options
nosniff
server
sffe
etag
"1697656887"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46572
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 19 Jan 2024 00:41:54 GMT
truncated
/ Frame 0F6A 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
g0JJrJrZUWEz1GkP3Xn36TQzCw1nvJ_QbeWF6XVbmYC2HBXQ9qk8QGoSPtTAEGCbu5703N_Ljw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 0F6A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/g0JJrJrZUWEz1GkP3Xn36TQzCw1nvJ_QbeWF6XVbmYC2HBXQ9qk8QGoSPtTAEGCbu5703N_Ljw=s68-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f1.1e100.net
Software
fife /
Resource Hash
5640ec4d504112656d62cc972bb647b1d9b54a23d0d99f0c15d4ffece44b9f7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:00:54 GMT
x-content-type-options
nosniff
age
13260
content-disposition
inline;filename="channels4_profile.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3161
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 19 Jan 2024 19:00:54 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-32644619-11&cid=837548684.1705617714&jid=331990341&gjid=175253165&_gid=1879440753.1705617715&_u=YADAAUAAAAAAACAAI~&z=1402396564
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 18 Jan 2024 22:41:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
image-freedomheadlines.com-30058
image.vuukle.com/ Frame A619 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30058
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df0d225f794cf05b6a73c8444d990d9c94843d7fedf9315852616e06c3fbe853

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
338051
cf-polished
origSize=7398
x-guploader-uploadid
ABPtcPoWzlfnsE2sc4fNmEf5IghBk4_BoYLRejp6EWzy_4v1OTvpRF6jJv_dVtI50d5orcuy58w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
7306
cf-bgj
imgq:100,h2pri
last-modified
Mon, 15 Jan 2024 00:19:25 GMT
server
cloudflare
etag
"1f0fd7cb32b964c9c86dd5ec986ba271"
vary
Accept-Encoding
x-goog-generation
1705277965227358
content-type
image/jpeg
x-goog-hash
crc32c=GC28NQ==, md5=Hw/XyzK5ZMnIbdXsmGuicQ==
cache-control
public, max-age=31536000
x-goog-stored-content-length
7398
accept-ranges
bytes
cf-ray
847a591e6ab32863-DFW
expires
Mon, 15 Jan 2024 01:47:43 GMT
truncated
/ Frame A619 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed01ba1fa7ade62e77ee0032423f982b85c5707b040d71188ed88e716fd8cbd0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
image-freedomheadlines.com-30007
image.vuukle.com/ Frame A619 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30007
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48fe012e18f060c43ea6a92d8a17992cd0d091f8b0879480c825d039c02e1456

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
508281
cf-polished
origSize=12693
x-guploader-uploadid
ABPtcPp2CphFXDlTmbE99W9XIIwET3LvH88_HUHf-xmtF7nbyAknnbluX2bw3NsbEEJ7nLNaBA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
12018
cf-bgj
imgq:100,h2pri
last-modified
Sat, 13 Jan 2024 01:30:15 GMT
server
cloudflare
etag
"6cc8aa34635cc7a88811eeeff5e047ec"
vary
Accept-Encoding
x-goog-generation
1705109415049994
content-type
image/jpeg
x-goog-hash
crc32c=1JgDmg==, md5=bMiqNGNcx6iIEe7v9eBH7A==
cache-control
public, max-age=31536000
x-goog-stored-content-length
12693
accept-ranges
bytes
cf-ray
847a591e6ab22863-DFW
expires
Sat, 13 Jan 2024 02:30:33 GMT
truncated
/ Frame A619 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3cd72707a6eb0ba2f481bf98476ada929d93c3cc1ccf2fa702f4e237ddbea113

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
image-freedomheadlines.com-30082
image.vuukle.com/ Frame A619 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30082
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
463c0d07fa326559d1eb549d5d6169a020791e5f20e7488be3556b093c5e9963

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
277364
cf-polished
origSize=14841
x-guploader-uploadid
ABPtcPr77KaT7bj4kw5pAzcdwayyBDuRIu0XM0SD9p5ncT4m7396JxR1UxNWVygnm-UY_wEGdag
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
14247
cf-bgj
imgq:100,h2pri
last-modified
Mon, 15 Jan 2024 16:28:43 GMT
server
cloudflare
etag
"c075c209a0a132fb0d2f2cecd19d173a"
vary
Accept-Encoding
x-goog-generation
1705336123975840
content-type
image/jpeg
x-goog-hash
crc32c=rd7fyg==, md5=wHXCCaChMvsNLyzs0Z0XOg==
cache-control
public, max-age=31536000
x-goog-stored-content-length
14841
accept-ranges
bytes
cf-ray
847a591e6aac2863-DFW
expires
Mon, 15 Jan 2024 18:00:32 GMT
truncated
/ Frame A619 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a440db4a7ca252d08987e6cfd770e55127e13080c9bc856147ee03bfb250845a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
image-freedomheadlines.com-30112
image.vuukle.com/ Frame A619 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30112
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d47d8023fc6a7ad0bd469632de7b89b993aff76636d3f8730c348a93070311bd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
174143
cf-polished
origSize=14279
x-guploader-uploadid
ABPtcPoDpFMEPQ7yQ4UjKWq8HaYHiUgdYo0wHZN7qQL5A8IKgxtI0ulOYzNyp7ACSln81_yTbCE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
13693
cf-bgj
imgq:100,h2pri
last-modified
Tue, 16 Jan 2024 22:16:13 GMT
server
cloudflare
etag
"82526e9f9f7522301f576020034c031f"
vary
Accept-Encoding
x-goog-generation
1705443373113221
content-type
image/jpeg
x-goog-hash
crc32c=R3sbKw==, md5=glJun591IjAfV2AgA0wDHw==
cache-control
public, max-age=31536000
x-goog-stored-content-length
14279
accept-ranges
bytes
cf-ray
847a591e6aaf2863-DFW
expires
Tue, 16 Jan 2024 23:19:31 GMT
image-freedomheadlines.com-30063
image.vuukle.com/ Frame A619 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30063
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ae9f922e527414cba298757a844d652517d38448217ba3c9f48b64d5c441be3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
352655
cf-polished
origSize=9098
x-guploader-uploadid
ABPtcPp9JSvDWGMFohSUyLlHSTYehMsyotPgVbJ5K3ShcFwREfXJBzPOHVKfw1fnGHfk-qvvpcs
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
8924
cf-bgj
imgq:100,h2pri
last-modified
Sun, 14 Jan 2024 19:42:17 GMT
server
cloudflare
etag
"911be9bd833c3a6bcbc80f9a9873d960"
vary
Accept-Encoding
x-goog-generation
1705261337219948
content-type
image/jpeg
x-goog-hash
crc32c=Z2LqyQ==, md5=kRvpvYM8OmvLyA+amHPZYA==
cache-control
public, max-age=31536000
x-goog-stored-content-length
9098
accept-ranges
bytes
cf-ray
847a591e6ab42863-DFW
expires
Sun, 14 Jan 2024 20:55:55 GMT
image-freedomheadlines.com-30241
image.vuukle.com/ Frame A619 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30241
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ed5b6eba825051575d9f77fcd91e16392253f7c632a92c78da67c83c1e9e838

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:54 GMT
cf-cache-status
HIT
age
10943
cf-polished
origFmt=png, origSize=48534
x-guploader-uploadid
ABPtcPruDExUV4adS7ZmjvZCIfAWPb2Eu-Ss15fuedeusCXZp9Y7oruznZVOimgsZJJ0G3_XEeaqlFzTwQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="image-freedomheadlines.webp"
alt-svc
h3=":443"; ma=86400
content-length
30532
cf-bgj
imgq:100,h2pri
last-modified
Thu, 18 Jan 2024 14:39:51 GMT
server
cloudflare
etag
"90fa8c10a5d279835be969a1d3fc6ffe"
vary
Accept
x-goog-generation
1705588791436411
content-type
image/webp
x-goog-hash
crc32c=6Bvwcw==, md5=kPqMEKXSeYNb6Wmh0/xv/g==
cache-control
public, max-age=31536000
x-goog-stored-content-length
48534
accept-ranges
bytes
cf-ray
847a591e6ab52863-DFW
expires
Thu, 18 Jan 2024 19:40:46 GMT
truncated
/ Frame A619 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1c7910e18cb0252957c7e629b54d6fd7a90f7de6b3ac599ba4f1f8331313e92

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
image-freedomheadlines.com-30185
image.vuukle.com/ Frame A619 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30185
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb0fa587fd1e8cf52e1e067a947e07f295672e789627e5ea7a585ab152ef92bf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cf-cache-status
HIT
age
97127
cf-polished
origSize=11179
x-guploader-uploadid
ABPtcPq7LRB0LvbvkEIareUCVtOEqqJKOEVIAHavPsNY9wQJoJw_XUudpUHbEDYOeI3OEebUcNcDMDLwUA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
10800
cf-bgj
imgq:100,h2pri
last-modified
Wed, 17 Jan 2024 19:29:16 GMT
server
cloudflare
etag
"26e50f07bcaad717e273a730b4549fb2"
vary
Accept-Encoding
x-goog-generation
1705519756031372
content-type
image/jpeg
x-goog-hash
crc32c=dvwNoQ==, md5=JuUPB7yq1xfic6cwtFSfsg==
cache-control
public, max-age=31536000
x-goog-stored-content-length
11179
accept-ranges
bytes
cf-ray
847a591ebee8478e-DFW
expires
Wed, 17 Jan 2024 20:43:08 GMT
image-freedomheadlines.com-30177
image.vuukle.com/ Frame A619 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30177
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04f2f8d661ea280ea4615e35b5b8f387af59bbb9d13d31071297d3223eb78ef8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cf-cache-status
HIT
age
23666
cf-polished
origSize=12944
x-guploader-uploadid
ABPtcPqmmnb1PxAzLykTLKoLfRKB-HolSokjAim38fpO2UE6jcN7Fr8CGlRJEKOTR6gPIyjgFQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
12491
cf-bgj
imgq:100,h2pri
last-modified
Thu, 18 Jan 2024 15:58:37 GMT
server
cloudflare
etag
"8ca41c1ce1711834065e90872ef57e0b"
vary
Accept-Encoding
x-goog-generation
1705593517512252
content-type
image/jpeg
x-goog-hash
crc32c=4M1UVA==, md5=jKQcHOFxGDQGXpCHLvV+Cw==
cache-control
public, max-age=31536000
x-goog-stored-content-length
12944
accept-ranges
bytes
cf-ray
847a591ebeeb478e-DFW
expires
Thu, 18 Jan 2024 17:07:29 GMT
image-freedomheadlines.com-30028
image.vuukle.com/ Frame A619 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30028
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14fc8927fb0cd2dc795fcd8b74b3fae018e3a56765a9acfb928032415cb2c2f3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cf-cache-status
HIT
age
508693
cf-polished
origSize=6863
x-guploader-uploadid
ABPtcPrz4KUHFbraLgnYnBV4oq6Da2XBggJ4HRVDf__PpyAxb1MV1P8HVteUVnYtEjZQCf1FsPp3e0_92g
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
6818
cf-bgj
imgq:100,h2pri
last-modified
Sat, 13 Jan 2024 01:23:12 GMT
server
cloudflare
etag
"849ccdec4324d27df0c8b77acb676866"
vary
Accept-Encoding
x-goog-generation
1705108991999188
content-type
image/jpeg
x-goog-hash
crc32c=joQJZQ==, md5=hJzN7EMk0n3wyLd6y2doZg==
cache-control
public, max-age=31536000
x-goog-stored-content-length
6863
accept-ranges
bytes
cf-ray
847a591ebeec478e-DFW
expires
Sat, 13 Jan 2024 02:23:42 GMT
image-freedomheadlines.com-30001
image.vuukle.com/ Frame A619 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.vuukle.com/image-freedomheadlines.com-30001
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.60.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b01b5edc12693727ddd2bb5706ec199da3555540edb3623479b87948c46215bf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cf-cache-status
HIT
age
447561
cf-polished
origSize=9753
x-guploader-uploadid
ABPtcPqwiW472Uy_hVEB6scZVJgs4oE-skB70lidTWqNAFdaG3IFOCCXFgTILLsK-Wtn5RF78Ms
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
9430
cf-bgj
imgq:100,h2pri
last-modified
Sat, 13 Jan 2024 17:15:26 GMT
server
cloudflare
etag
"cae866853eec8eabd4b343ed47809d44"
vary
Accept-Encoding
x-goog-generation
1705166126113975
content-type
image/jpeg
x-goog-hash
crc32c=RVttyA==, md5=yuhmhT7sjqvUs0PtR4CdRA==
cache-control
public, max-age=31536000
x-goog-stored-content-length
9753
accept-ranges
bytes
cf-ray
847a591eceee478e-DFW
expires
Sat, 13 Jan 2024 18:35:29 GMT
truncated
/ Frame A0DE 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3cd72707a6eb0ba2f481bf98476ada929d93c3cc1ccf2fa702f4e237ddbea113

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame A0DE 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed01ba1fa7ade62e77ee0032423f982b85c5707b040d71188ed88e716fd8cbd0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame A0DE 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1c7910e18cb0252957c7e629b54d6fd7a90f7de6b3ac599ba4f1f8331313e92

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame A0DE 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a440db4a7ca252d08987e6cfd770e55127e13080c9bc856147ee03bfb250845a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame A0DE 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8da847aa621361c3472c2283b8702e5d25119305aa98931fd18dc43831daaef3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame A0DE 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f96efa3bffc086940d1a9675afe64d0e6544d8b82fdfa6a4c8e7cd3c7793a382

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.vuukle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/svg+xml
rtads
api.whizzco.com/demand/v1/ 		501 B
716 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe1c73472d14ad0fc168adc0de2e8dc8f4cb9a4b8f6a8f4e9a814a5d27abdb57

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jjv%2FEtXdDiJ0ll65i6PZ3SgyI%2BjSWLGQtQSsnKp5Ff7fGMITlPQs5k0HYXXukLrvLfyn0nEQnDD8t72384P8ZR%2BLQFMetcdayfsCSlghhltpi3eVuKfWABXhjMuAHfDnf6E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
cf-ray
847a591f3e214630-DFW
alt-svc
h3=":443"; ma=86400
priority
u=1,i
rtads
api.whizzco.com/demand/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/demand/v1/rtads
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847a591e7e1f4864-DFW
content-length
0
date
Thu, 18 Jan 2024 22:41:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NlzEEsoi8ND1VrkrMAjs75EDsskPVH6zzhbWJwZw9pscQdCUV37e2RSXslynQ2Ho%2Fnk0zhKasLxZHhb4wU6xK1qjVBSdE%2FWW%2B4gsZKMQx%2FYL2QNrhuy7WwA7v7cuIKhtHI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
AGSKWxVkmUIXPRk6Is5GMrrbk8pCEkLWRJ8Imxr95l_nB_JTcgjL09PXHtP0KjP8PwWhF2JYNXRYuRefKh2WuOuHLq4ZRHXQ0yoiF6ZO1o4GG9DHoby6nvc_Re4qwlr5KOZbwxkCXpkjEw==
fundingchoicesmessages.google.com/f/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVkmUIXPRk6Is5GMrrbk8pCEkLWRJ8Imxr95l_nB_JTcgjL09PXHtP0KjP8PwWhF2JYNXRYuRefKh2WuOuHLq4ZRHXQ0yoiF6ZO1o4GG9DHoby6nvc_Re4qwlr5KOZbwxkCXpkjEw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjE3NzE0LDk4MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9mcmVlZG9taGVhZGxpbmVzLmNvbS9mcmVlZG9tLXdpcmUvam9yYW4tdmFuLWRlci1zbG9vdC1oYXMtZmluYWxseS1jb25mZXNzZWQtdG8ta2lsbGluZy1uYXRhbGVlLWhvbGxvd2F5LyIsbnVsbCxbWzgsIkxJcWM0MUJKNWEwIl0sWzksImVuLVVTIl0sWzE5LCIyIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
9e812589bf04240fb7e6e2695ed1c3213154e5a4ec5a9ce96e9d399643a1ed5f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FbHgUPgsxCQul2lU0i2USg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-security-policy
script-src 'report-sample' 'nonce-FbHgUPgsxCQul2lU0i2USg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
esp.js
cdn.id5-sync.com/api/1.0/ 		114 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.52.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 11:20:59 GMT
server
cloudflare
x-amz-request-id
WRMHT4VPT02PFAH0
age
252
etag
W/"3732dd6fc229ed015d7d7eddf157953f"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
847a591fca846b9a-DFW
x-amz-id-2
Vqc+MyZBaPk8CnOewleQSbmPQThatJUYa0rHdA8TKb26w2hgbc4L9AG8i39KGzTKoEUwctLiCzE=
uid2SecureSignal.js
cdn.prod.uidapi.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.164.111.190 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-111-190.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id
KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date
Thu, 18 Jan 2024 14:22:48 GMT
Via
1.1 86a640712a72b4264f1681744fa48612.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
JFK50-P6
Age
29948
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
2776
Last-Modified
Thu, 19 Oct 2023 06:40:11 GMT
Server
AmazonS3
ETag
"a3a9a9ee8e72db69d54e805f0586c651"
Content-Type
text/javascript
Accept-Ranges
bytes
X-Amz-Cf-Id
iWlhUtVQhGljqaPzzL0cbgDypg412Ix3ODZQdA0KLWAly3GNxqKTeg==
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 		732 B
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.229 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 18 Jan 2024 22:41:55 GMT
x-content-type-options
nosniff
content-encoding
br
age
10832
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
439
x-served-by
cache-fra-eddf8230042-FRA, cache-dfw-kdal2120119-DFW
x-jsd-version-type
branch
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-34.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 14:32:33 GMT
content-encoding
gzip
via
1.1 77c1752e5c6dfb050c6304b9d473a1e2.cloudfront.net (CloudFront)
last-modified
Wed, 06 Sep 2023 15:56:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
29363
etag
W/"e073e71ed7a44e6f9cdd72904fda5940"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
QF7Ic12QGJvTHUvw7IaJ48ICLxru1EPguMSPEmnOCVwCe8XUn0_EUA==
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 03 Aug 2023 03:28:51 GMT
server
Google Frontend
etag
fc4e6bfe266081c4873c6f08c8298e5c
content-type
text/javascript; charset=utf-8
x-cloud-trace-context
add330451f28de4780f426efd619d205
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1207
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 05 Jan 2024 13:16:44 GMT
content-encoding
gzip
age
1157111
x-guploader-uploadid
ABPtcPqcIvjMdnye_2AmXJpAmiRFK7JI14jkN2A-xumvFe_-0qbKBckfwgX39ZpKBmjQoJUho_35gZ_-jbprVVYusHO6EA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Sat, 04 Jan 2025 13:16:44 GMT
ob.js
cdn-ima.33across.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 20 Dec 2023 19:21:40 GMT
server
cloudflare
age
95790
etag
W/"65833ec4-2d18"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
847a591fcc033abb-DFW
expires
Sun, 21 Jan 2024 22:41:55 GMT
publishertag.ids.js
static.criteo.net/js/ld/ 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
3dd103ba888c627706f31656287652d5fceb9ef7a7099eec5a07aac2f7d397dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 10 Jan 2024 15:13:35 GMT
server
nginx
etag
W/"659eb41f-a585"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 19 Jan 2024 22:41:55 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		7 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3164578883974553&correlator=837973357333946&eid=31079925%2C44807747%2C31079724&output=ldjh&gdfp_req=1&vrg=202401110101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&gpp_sid=-1&iu_parts=23020701155%2CFreedomHeadlines%2CAnchor%2CInterstitial%2CLeaderboard%2CIn-Content-1%2CIn-Content-2%2CIn-Content-3%2CIn-Content-4%2CIn-Content-5%2CIn-Content-6&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7%2C%2F0%2F1%2F8%2C%2F0%2F1%2F9%2C%2F0%2F1%2F10&prev_iu_szs=1x1%2C1x1%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90&ifi=1&didk=1027101085~3112155023~2955458943~1564351762~3681264867~3462200777~1876308405~3127559167~4172343989&sfv=1-0-40&ists=384&fas=1%2C8%2C0%2C0%2C0%2C0%2C0%2C0%2C0&fsapi=128&sc=1&cookie_enabled=1&abxe=1&dt=1705617715021&lmt=1705617715&adxs=-9%2C-9%2C-9%2C220%2C220%2C-9%2C-9%2C220%2C-9&adys=-9%2C-9%2C-9%2C486%2C757%2C-9%2C-9%2C2505%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C-1%7C0%7C0%7C-1%7C-1%7C1%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&oid=2&tos=~~~~~~~~&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&vis=1&psz=0x-1%7C0x-1%7C0x-1%7C780x0%7C780x0%7C0x-1%7C0x-1%7C780x0%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C780x0%7C780x0%7C0x-1%7C0x-1%7C780x0%7C0x-1&fws=2%2C2%2C2%2C4%2C4%2C2%2C2%2C4%2C2&ohw=0%2C0%2C0%2C1600%2C1600%2C0%2C0%2C1600%2C0&ga_vid=837548684.1705617714&ga_sid=1705617715&ga_hid=1339295233&ga_fc=true&dlt=1705617713291&idt=948&adks=4226562798%2C3375205104%2C3545489242%2C1869983195%2C3340313678%2C2110955564%2C3332767076%2C2984975214%2C3253828981&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
29680f3d12b0484955ab9425f0b978ec61f9a64fbbdbc756ca7e45b4681ca642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1007
x-xss-protection
0
google-lineitem-id
-2,-2,-2,-2,-2,-2,-2,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-2,-2,-2,-2,-2,-2,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1455 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f1.1e100.net
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 22:41:55 GMT
expires
Fri, 17 Jan 2025 22:41:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl_page_level_ads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
f3971f682e1cdd324bc639f47ea2efc1e4cd4188f55efe418e3ccfceec44dbf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 09:01:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
49253
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13834
x-xss-protection
0
server
cafe
etag
9405266704092491736
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 17 Jan 2025 09:01:02 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 0F6A 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/42a553e1/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Jan 2024 22:41:55 GMT
pwt.js
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 		222 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6b30722487e92833baf8f01d6b2d2fed4e459d7cd42dc81ac1a80d8d08b9450e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
last-modified
Sat, 29 Apr 2023 00:25:40 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=43465
accept-ranges
bytes
content-length
68444
expires
Fri, 19 Jan 2024 10:46:20 GMT
generate_204
www.youtube.com/ Frame 0F6A 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?4WaD0g
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
0718ad3a-0b2c-415c-9131-c46be31a6dc2
player.ex.co/player/ 		456 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a5bcc092fab290ba62aa4f82c83a5ef25e53ce360882af83944cf06358a99c6c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 22:41:55 GMT
via
1.1 varnish, 1.1 varnish
age
41994
x-cache
HIT, HIT
content-length
156603
x-served-by
cache-iad-kcgs7200169-IAD, cache-dfw-kdfw8210174-DFW
server
nginx
x-timer
S1705617715.362096,VS0,VE3
etag
W/"71f2b-GOSY3sqUdJQqUl7xOS13LadZIzQ"
access-control-max-age
600
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
vary
Accept-Encoding, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
2, 1
tshow
api.whizzco.com/dtracking/v1/ 		15 B
440 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Requested by
Host: cdn.whizzco.com
URL: https://cdn.whizzco.com/scripts/widget/widget_v3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1773%2FQt6Y6HwWCm9dZq9pYqsZ6saQJc5U%2B3j9jC94DfZBkbyFyi8BFFy6wOSYbC5COnzDo3O6BGIMd7wpWmVH6NZ2Fktg2F9CBtqS7YuOJswMNFVgkHtqpD6VQR1AU%2F%2BhQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
cf-ray
847a592118024864-DFW
alt-svc
h3=":443"; ma=86400
content-length
15
priority
u=1,i
tshow
api.whizzco.com/dtracking/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.whizzco.com/dtracking/v1/tshow
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.206.35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847a59206f874864-DFW
content-length
0
date
Thu, 18 Jan 2024 22:41:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ySHW7pOALax2LmDQa6bdIPdbafiFTZP%2FmxfP1IB9ktHITS%2FFEBpZLM8p5%2FOUjJ1OYB7lUAqNa54rtGD6Fgmu4dzG7PqWkjLJk9zHaAz7lWdjcIqJb5BeYazOE5BkU8E22Mg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dspark...
  • https://oajs.openx.net/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dspark...
85 B
194 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&rid=esp&cc=1
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
5052032099c114913bb64896052604428eedcf584f7d6bd677cd27436dcd7795

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-yFiFzXsgnVO1VdHV4y4crU4+YUk"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Thu, 18 Jan 2024 22:41:55 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://freedomheadlines.com
location
/esp?url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
increment
id5-sync.com/api/esp/ 		0
236 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
map
bcp.crwdcntrl.net/6/ 		235 B
695 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.104.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-104-25.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
204e7f617860ea26e8c11b387721b4e4f03f30dbf4ad7ca50267aed046b18866

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:55 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache
x-server
10.40.7.244
access-control-allow-credentials
true
content-length
235
expires
0
cast_sender.js
www.gstatic.com/eureka/clank/120/ Frame 0F6A 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/120/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 11:42:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39589
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14705
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 15:04:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 19 Jan 2024 11:42:06 GMT
pd
google-bidout-d.openx.net/w/1.0/ Frame 85D6 		725 B
870 B 		Document
General
Check archive.org
Download Go to
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
a003085f09e6d62f80750649e6343aafeb3ceaca5637bc123be5df468b6d9683

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
453
content-type
text/html
date
Thu, 18 Jan 2024 22:41:55 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
config
player.ex.co/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://player.ex.co/config?sfid=0010J00002G2BxCQAV
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7d97e296a99b99180897bbf9760f13f1946dcfe526c02cd57593ce6c8906ebe2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 22:41:55 GMT
via
1.1 varnish, 1.1 varnish
age
0
x-cache
MISS, HIT
content-length
1705
x-served-by
cache-iad-kiad7000027-IAD, cache-dfw-kdal2120054-DFW
server
nginx
x-timer
S1705617716.745356,VS0,VE72
etag
W/"7d1-0wB3yZiC4SETHjfjHmVNH2O1ljo"
access-control-max-age
600
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
vary
x-pb-domain
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
0, 1
/
trends.revcontent.com/api/demand/ 		54 B
318 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/demand/?w=137741&gdpr=0&gdpr_consent=undefined&us_privacy=1---
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.204.251.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-251-132.compute-1.amazonaws.com
Software
envoy /
Resource Hash
47b726fd18aa3355c7f0277952419c5e1b33d3347ee2e4eff5e9b9be73040549
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rc-region
us-east-1a
date
Thu, 18 Jan 2024 22:41:55 GMT
strict-transport-security
max-age=931536000; includeSubDomains
server
envoy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
content-length
54
sync
trends.revcontent.com/ 		0
0
d47e2efc-cfd0-e31f-c8ef-b0505d30ed0f
pr-bh.ybp.yahoo.com/sync/openx/ Frame 85D6 		43 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/d47e2efc-cfd0-e31f-c8ef-b0505d30ed0f?gdpr=0
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.107.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-107-34.compute-1.amazonaws.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame 85D6
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6&dcc=t
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Jan 2024 22:41:56 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
QXZ4W20148JHR62526VF
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Jan 2024 22:41:56 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
TYJZMB21KR22TSPNGNGM
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=186f34c5-43d6-caac-3936-2432ca54eba6&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 85D6
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0
  • https://match.adsrvr.org/track/cmb/openx?oxid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0&gdpr_consent=
43 B
240 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0&gdpr_consent=
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=40b948b8-5f7c-7156-f938-a6a5a2672046&gdpr=0&gdpr_consent=
date
Thu, 18 Jan 2024 22:41:56 GMT
server
Kestrel
content-length
335
pixel
cm.g.doubleclick.net/ Frame 85D6 		170 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmNkNjliNzItOTYwYi0yZmYyLWVjZDgtZmMxYzY4ODVlZTI2
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 85D6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO_RTZ6ylF5nEK0PexU8pBw&google_cver=1
43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO_RTZ6ylF5nEK0PexU8pBw&google_cver=1
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO_RTZ6ylF5nEK0PexU8pBw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
events
collector.ex.co/main/ 		17 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
css2
fonts.googleapis.com/ 		2 KB
681 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f10.1e100.net
Software
ESF /
Resource Hash
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 18 Jan 2024 22:41:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 18 Jan 2024 22:05:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Jan 2024 22:41:55 GMT
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.webp
mcd.ex.co/video/upload/w_800,so_4/v1490095101/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mcd.ex.co/video/upload/w_800,so_4/v1490095101/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.webp
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
06ebe1954427c09d4400e7e77e9c651b2eb3953e798ba97971d536f4bb398c89

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:56 GMT
Cache-Tag
502941132783428480281542933415069772301,473281262405526930053610213462331028430,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Disposition
inline; filename="landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.webp"
Connection
keep-alive
Content-Length
14352
X-Served-By
cache-lga21926-LGA
Last-Modified
Mon, 13 Feb 2023 08:42:01 GMT
Server
cloudinary
X-Timer
S1692208188.633880,VS0,VE99
ETag
"cea3d109186db580c1bb2c32d1905228"
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31551967
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
player.js
cdn.ex.co/player/ap/4.15.2-bb7ceca/ 		325 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0b082ede4d105526180b502ff5c84fba34bdb9217e70ae611d25f8d4410a5877

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
content-length
91059
last-modified
Wed, 17 Jan 2024 08:44:12 GMT
server
AmazonS3
etag
"006e29724e0cf50491c750b51898fbce"
vary
Accept-Encoding
access-control-max-age
86400
access-control-allow-methods
GET,POST
access-control-allow-origin
*
content-type
application/javascript
cache-control
must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 25 Jan 2024 22:41:56 GMT
inline
fundingchoicesmessages.google.com/f/AGSKWxVDM4EuACsQ9MBkH8JMvzcpI_c5Hcal5HywRA_P5jit0wzZQ7eJ5VAXvNplJWGG7iDwL-TXpnwR0sn_sU4nw5g8z5_fLfw390Zm72RSdzZezkUUWorMS34josDhj8kjaFjxu7mgHJeU4BlO-vYea9B94FxKw... 		54 B
107 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVDM4EuACsQ9MBkH8JMvzcpI_c5Hcal5HywRA_P5jit0wzZQ7eJ5VAXvNplJWGG7iDwL-TXpnwR0sn_sU4nw5g8z5_fLfw390Zm72RSdzZezkUUWorMS34josDhj8kjaFjxu7mgHJeU4BlO-vYea9B94FxKwGHazzE9i0ty-HNNAhCcX3k_-1DeesSv/_/ad/inline??adversion=/banimpress./adfile./supernorthroomad.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMykiRoNlXxpNjyKSui2lVj5QN6bXQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
2be8ff376b20c71bb0d5d3ec9e6b4fe36ad9684651fb6d353d703cf7840db992
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-efF677PhWaNoa3l49FPrJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:55 GMT
content-security-policy
script-src 'report-sample' 'nonce-efF677PhWaNoa3l49FPrJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
rum.js
pagead2.googlesyndication.com/pagead/js/ 		65 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMykiRoNlXxpNjyKSui2lVj5QN6bXQ/m=ad_blocking_detection_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
cafe /
Resource Hash
2f6bea46c546f8965429c8793da815b8aa488ea358656607513811e6220f4583
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:23:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
1123
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24615
x-xss-protection
0
server
cafe
etag
10902498161188913397
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 18 Jan 2024 23:23:13 GMT
AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CIdgzMnLY1HLZtkc713vog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-CIdgzMnLY1HLZtkc713vog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
api-errors
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/api-errors
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

x-rc-region
us-east-1a
access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:56 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
server
envoy
vary
Origin
api-errors
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/api-errors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://freedomheadlines.com
content-length
0
date
Thu, 18 Jan 2024 22:41:56 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
6
x-rc-region
us-east-1a
/
trends.revcontent.com/api/delivery/ 		39 KB
20 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=137741&width=1600&gdpr=0&gdpr_consent=undefined&us_privacy=1---&rev_allow_cookies=0&site_url=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F%3Futm_medium%3Demail%26utm_source%3Dsparkpost%26utm_campaign%3Dregular&icr_url=&va=0&user_uuid=undefined&time=1705617716023&up=pc&bn=chrome&bv=120&widget_width=780&style_id=0&an=false
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.204.251.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-251-132.compute-1.amazonaws.com
Software
envoy /
Resource Hash
28878eb7074078b62facd8b811b866277738a3a95d5d326f71e7415eeed6c5b5
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rc-region
us-east-1a
date
Thu, 18 Jan 2024 22:41:56 GMT
strict-transport-security
max-age=931536000; includeSubDomains
content-encoding
gzip
server
envoy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
125
AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wo-E5lxcRaXlWUdlCJs7Zw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-wo-E5lxcRaXlWUdlCJs7Zw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CzKn74vtuskpJeqG6U52pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-CzKn74vtuskpJeqG6U52pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUYFfPte6vpwfMA36K-hzyUkNtcxfjHYlfeQzRbHIi5tuXB57qE_UABbMSR7kWl4_YwqjKAhcIdQaJfIfv598Wt8FHL4LM4yuADE0w4E8CEMxuyqVgVqCvelDuRqpaw7VLLcpqsuQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-SovoJ9faGy2s76xaHOJvHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-SovoJ9faGy2s76xaHOJvHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVzqB9abfcr6Rgm_xyzYBwZpipjc1ARYWNqahZc4MWZu9z_lP5PaxFYAvvtWKfq3CEWTtx2Jm3IfXs-mjdYCDD99br5ZSbWSa-PkA3CEO3HTElLBOKspsyYoVwB5l9VVJYlltVrmw==
fundingchoicesmessages.google.com/f/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVzqB9abfcr6Rgm_xyzYBwZpipjc1ARYWNqahZc4MWZu9z_lP5PaxFYAvvtWKfq3CEWTtx2Jm3IfXs-mjdYCDD99br5ZSbWSa-PkA3CEO3HTElLBOKspsyYoVwB5l9VVJYlltVrmw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjE3NzE2LDIyNTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vZnJlZWRvbWhlYWRsaW5lcy5jb20vZnJlZWRvbS13aXJlL2pvcmFuLXZhbi1kZXItc2xvb3QtaGFzLWZpbmFsbHktY29uZmVzc2VkLXRvLWtpbGxpbmctbmF0YWxlZS1ob2xsb3dheS8iLG51bGwsW1s4LCJMSXFjNDFCSjVhMCJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e65fd353f9c30580c6ff1cd9041a09104229d819fda6937e8dc6b6c43111aaac
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4CsGFq-UtX1VSMRFeCSomA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-4CsGFq-UtX1VSMRFeCSomA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
impression
trends.revcontent.com/event/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trends.revcontent.com/event/impression
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-rc-region
us-east-1a
date
Thu, 18 Jan 2024 22:41:56 GMT
strict-transport-security
max-age=931536000; includeSubDomains
server
envoy
vary
Origin
access-control-allow-origin
https://freedomheadlines.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
brandWidget~feedWidget.delivery.js
assets.revcontent.com/master/ 		65 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/brandWidget~feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-14.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b814c8ae9e7f69027025f94e86c5cb363fcad9e3aa8037264756ebb6ea9b2dcc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 21:58:54 GMT
content-encoding
gzip
via
1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 21:58:45 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P8
age
2583
x-amz-server-side-encryption
AES256
etag
W/"5c39e5eaccb99cd368db2d83b6734fda"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
S0ZAdL8FP8CFANAsdvHvXIM3DeZLo2DHz-0ld0uQJo-_x0dTzi3zmQ==
defaultWidget~feedWidget.delivery.js
assets.revcontent.com/master/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-14.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90de9677946cdd4a4ebe716bb66bc32334d831cccdbcc08cdb1f45c6ccd740f0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 18:50:18 GMT
content-encoding
gzip
via
1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 21:58:46 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P8
age
13899
x-amz-server-side-encryption
AES256
etag
W/"9e34ac7391612bee652333d6b7b04ce9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
yZ6ESi4wISq1hMjAPqDq5vv05BqfwTxbLzEaIkKl6ML7ydEiSk0mxg==
feedWidget.delivery.js
assets.revcontent.com/master/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.revcontent.com/master/feedWidget.delivery.js
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-14.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20be76da594eb57fc3e1df6da75b13f951baef9c62bf03fe5c359958005c9560

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 10:19:20 GMT
content-encoding
br
via
1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 21:58:45 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P8
age
44557
x-amz-server-side-encryption
AES256
etag
W/"d6fb1a87f8ef251b746846b658decdd4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=60
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
aQDq0cZbsT0jd6wH1aDPAmE3dhSQs6vSh-lonL3sn7K2B3vS_NavzA==
/
img.revcontent.com/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-4.ewr53.r.cloudfront.net
Software
envoy /
Resource Hash
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-rc-region
us-east-1a
date
Tue, 03 Oct 2023 17:55:57 GMT
via
1.1 4c18e6ed879a674305cb5156731cf396.cloudfront.net (CloudFront)
last-modified
Thu, 01 Jun 2023 15:43:57 GMT
server
envoy
x-amz-cf-pop
EWR53-C1
age
9261959
etag
"a798d6ed9b193888fbc8a4a5bd7b51c236f8aa33"
x-cache
Hit from cloudfront
content-type
image/png
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400
content-length
1351
x-amz-cf-id
FRGuXsCPZuVEWABYPvNmZ-P1hl7D2mCF1qUAOsI-b6C1nAugwzleQw==
cookie_sync.html
cdn.ex.co/sync/0.0.1-7abf705/ Frame A833 		399 B
621 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.ex.co/sync/0.0.1-7abf705/cookie_sync.html?network=368531133%2C1841615463&gdpr=0&gdpr_consent=
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
82456a999e1a765cd03fac635e93544b0eded4a493db45cd8c7173c8d8ffb245

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
false
access-control-allow-headers
*
access-control-allow-methods
GET,POST
access-control-allow-origin
*
access-control-max-age
86400
cache-control
must-revalidate, proxy-revalidate, max-age=51239, s-maxage=31536000
content-encoding
gzip
content-length
269
content-type
text/html;charset=utf-8
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
"c0ea3371cad482736b0000f33ed6816b"
last-modified
Tue, 19 Dec 2023 08:56:00 GMT
server
AmazonS3
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
player.js
p.channelexco.com/player/ 		30 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.channelexco.com/player/player.js?pv=117.59&p=779297768&cb=b03708a2-53e6-4c39-a8e7-1c136da281ba&d=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&schain=1.0%2C1%21playbuzz.com%2C0010J00002G2BxCQAV%2C1%2C%2C%2Cfreedomheadlines.com&w=780&h=438.8&asr=1&impDetail=1&auction=1&auctionFast=5&publisherType=publisher&gdpr=-GPV_GDPR-&gdpr_consent=-GPV_GDPR_CONSENT-&us_privacy=-GPV_US_PRIVACY-&rv=true&sid=&sid2=default&sid4=4.15.2-bb7ceca&utm_source=sparkpost&utm_medium=email&utm_campaign=regular&pub=1&pageLoadUid=3d0017b1-0131-4cba-b6f5-2e8fecd1f371
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.210.193.205 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
openresty /
Resource Hash
1b051025107bd8dd0fe85bb8d27fbb6c12a5649a0ca7266a0db85ddb32885674

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
application/x-javascript
date
Thu, 18 Jan 2024 22:41:56 GMT
cache-control
no-cache
content-encoding
gzip
server
openresty
vary
Accept-Encoding
expires
Thu, 18 Jan 2024 22:41:55 GMT
d
gpv.ex.co/player/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gpv.ex.co/player/d?v=2&b={%22pageLoadUid%22:%223d0017b1-%C4%933%C4%974cba-b6f5-2e8fecd1f371%22,%22country%C4%8D%22US%C4%B2%22browser%C4%BCch%C5%83me%C5%80os%C4%BCwind%C5%84%C5%91%C4%B3networkI%C4%8C%C4%8E1841615463%C5%80hu%C4%8D%C4%B9ue%C4%B3p%C4%BC77929%C5%B868%C5%80%C5%A2%22https://free%C5%96mhe%C4%88l%C5%94es.%C4%B5m%C6%8A%C6%8C%C6%8Eom-%C5%93%C6%8C/j%C5%9Ean-v%C6%A6-d%C5%87-sloot-has-f%C5%94ally-%C4%B5n%C4%A9s%C5%86d-to-ki%C6%BC%C5%94g-nat%C6%BB%C6%8D%C6%B4o%C6%BC%C5%84ay/%C5%80u%C5%86r%C5%A1%C4%BCgs%C5%94boqy2%C5%901q78%C5%88}
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.180.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-180-7.compute-1.amazonaws.com
Software
/
Resource Hash
57c388e1f280c17152d9d721e92b4cd26021a6b748522def46e9bf1e649d9581
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
etag
W/"69f-c72YFM8rEpLu6EluFqqxXQ"
access-control-max-age
600
access-control-allow-methods
GET, POST, PUT, DELETE, PATCH
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Accept, Authorization, Content-Type
content-length
1695
AGSKWxUeYjR1q0BwWOacf8SUQJusuoKKWwkk7E0WiyB3Mn2YcT8zJ4kj08NZuY_xJZOuw-IRFp2alVko3u9Ea0d4iV5cNJa47aZe1wvigzKhgfSKudPPEGNi4-1okowImaTqD5OecGj5rg==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUeYjR1q0BwWOacf8SUQJusuoKKWwkk7E0WiyB3Mn2YcT8zJ4kj08NZuY_xJZOuw-IRFp2alVko3u9Ea0d4iV5cNJa47aZe1wvigzKhgfSKudPPEGNi4-1okowImaTqD5OecGj5rg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjE3NzE2LDM4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vZnJlZWRvbWhlYWRsaW5lcy5jb20vZnJlZWRvbS13aXJlL2pvcmFuLXZhbi1kZXItc2xvb3QtaGFzLWZpbmFsbHktY29uZmVzc2VkLXRvLWtpbGxpbmctbmF0YWxlZS1ob2xsb3dheS8iLG51bGwsW1s4LCJMSXFjNDFCSjVhMCJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
ef5110fbb2c72acc0c8c1bc500b13b31d528da8a523ce5e6a6ee308ade156f13
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-pohoFYlqTG5XsUy_mE9kLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-pohoFYlqTG5XsUy_mE9kLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
659d4d0252ff46-50864648.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/659d4d0252ff46-50864648.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
1a8ee54f97cc61ebbec9b6ce400c7d755677a01dcdf8c17fc2a739835265326b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Tue, 16 Jan 2024 16:45:39 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
194177
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4668
last-modified
Tue, 09 Jan 2024 16:21:07 GMT
server
cloudflare
etag
"46c36cdb06c5a40004a1d9e939c6bacf"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
842e2662c81282d2-IAD
timing-allow-origin
*
x-amz-cf-id
AJZYEE_n7C4NJXW5BNX-9A7_U2SsLK9ZM6fiXsxuwu5LKvfZxwNYqQ==
64e384f25e04c9-37125463.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/64e384f25e04c9-37125463.jpeg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
cd4ebc8c4a299dd4095709026fb23d4ee23de8d1648e2b2e0d0a2f4386ab28d4
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 15:08:01 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
459235
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4267
last-modified
Mon, 21 Aug 2023 16:49:16 GMT
server
Cloudinary
etag
"a2b0d086b13263d44fefd988781838f0"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
pmSzJNdg6kuLk08lOkkvZb0ffaH-BSC2MACeUdSvpFupbiUbjRHQ1A==
65a500126851e6-27896943.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/65a500126851e6-27896943.jpeg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
1b2092c98fc8132c1a9618b3e3e4cfd587e45789b4cf01c2c16b3a6fcf593089
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 11:12:15 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
214181
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
5609
last-modified
Tue, 16 Jan 2024 08:41:23 GMT
server
cloudflare
etag
"6a456c699fcb2e57b5c648e5bf07eb52"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
8465ec20f88681b5-IAD
timing-allow-origin
*
x-amz-cf-id
JiaJFQdD_8H_T2ct1ZhpZzMiCD3OEC6_5KT6ZuBay-qnMKZvo3RirA==
6579d6f4565af2-12493894.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6579d6f4565af2-12493894.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
cb2dcf4e9e693d9f8cb33e3fa19afe06eb05ba50e70c4162fd209208fb3b79bf
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 23:22:32 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
429564
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
16415
last-modified
Thu, 14 Dec 2023 01:16:42 GMT
server
Cloudinary
etag
"2187f9e41e25fde20b4035f1d62065fc"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
H4PH73r3_Jg0JFj7hS-ZIM6hBQc_xKvRor1P2YpQadM3yeGo6DcJ7g==
6596d7f9e323c8-16185970.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6596d7f9e323c8-16185970.jpeg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
051ff2c7a80f592f34663d11c60865179351ba8df11772a44c2822bb7f60a1f8
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Fri, 12 Jan 2024 03:20:11 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
588105
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
12858
last-modified
Fri, 05 Jan 2024 02:43:03 GMT
server
cloudflare
etag
"d288dc27957681adfb2f7865b9d1cb28"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
840889d3bd2f3892-IAD
timing-allow-origin
*
x-amz-cf-id
Z1Ywto2YG1MIR97gAPfBCWc1rbKJCn9yOCR63Cr08LOya4JlsKx6mw==
65981d20cd2002-91225595.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/65981d20cd2002-91225595.jpeg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
6bd4af85780fa5fabb7b54a54d919b7aa881203b2dc7eaf421ec627b67cd76fb
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Fri, 12 Jan 2024 18:01:58 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
535198
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
11379
last-modified
Fri, 05 Jan 2024 17:50:44 GMT
server
cloudflare
etag
"3175fb79670b191c4395f250476b8c45"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
840da119fa6772f2-IAD
timing-allow-origin
*
x-amz-cf-id
BCWx3U0LbUyb49HyNlNEQ1p637miBOB6ujBblKxMS7NPYTyZ6Yjiwg==
659d1bd4785114-07451948.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/659d1bd4785114-07451948.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
e14d84b66514f3e387ba804d7249faf212b3d676cf6d595f99300a635515e1ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Wed, 17 Jan 2024 11:50:05 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
125511
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
8576
last-modified
Tue, 09 Jan 2024 16:56:53 GMT
server
cloudflare
etag
"04366b46fefcd851e3d1384cb13a5de5"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
8434af8848f01316-IAD
timing-allow-origin
*
x-amz-cf-id
Nb6_Q3YWtCbSWvoNy8NMee5or6WsQq0fUb74nS-vPntmEbGzuFvS_w==
6548ba4e574d78-48688773.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6548ba4e574d78-48688773.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
2fd5d0a1742dcc77b965ec5031ee5bc206f158c48e75afa1386c8007565ecc02
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Tue, 16 Jan 2024 04:44:44 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
237445
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
10705
last-modified
Tue, 07 Nov 2023 01:08:25 GMT
server
Cloudinary
etag
"08729cfc07931b8dd474b5914897daf3"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
DSVOW_wuSbpbw5VEAm8Frua9MkPc-d0ATa-YIoay7uY9zzjX2QSEgQ==
65a4bf4043f995-70230487.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/65a4bf4043f995-70230487.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
b4a9ed30e869b6036d41fc1964115318ba148557ea9fc485c1d94b7ffc5a72e9
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 15 Jan 2024 12:52:34 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
294562
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
10385
last-modified
Mon, 15 Jan 2024 12:42:18 GMT
server
Cloudinary
etag
"5aeff1138c97544c33aae7e45d25810c"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
eZA16DpeNfGFL6aLOEa1mj8i8PjA3Wqrmrb6fNqyaXEhS5JrWOyH1A==
659be9a234b370-24054616.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/659be9a234b370-24054616.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
fde85a2bab49992e33850ddc8958074b9d1ae8a9d4388a2ec073eb27747589b3
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Tue, 16 Jan 2024 04:32:54 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
238142
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
18957
last-modified
Mon, 08 Jan 2024 22:19:34 GMT
server
Cloudinary
etag
"638fbf90df525542fef240789eaed7bc"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
vBeh91YTOxtIuVT_W9YBJ9HuhvKL96AVsM4Qx-c4Hjo-Hvuf3hz-Jw==
6591a4acc18a77-50651550.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6591a4acc18a77-50651550.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
f0e6c99cc3fe333dfe465a34c1526b2b72dac4016783c14d034c1252ca257aa1
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 23:05:56 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
603360
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
5475
last-modified
Tue, 02 Jan 2024 12:12:38 GMT
server
Cloudinary
etag
"c8b609114636a13781e64aa0d81b7a0c"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ScgPADbw5eBnvHhdXQjXRGmf3liGEr-FmaTvpJVy4zZuP8AsKD_qvA==
6593ec3d70e8d2-52515122.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6593ec3d70e8d2-52515122.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
0e7b2d2de7e5c12e8d9337a1cf61ccb53a434bac2b474d0b858e1456b6a4ef86
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 16:31:44 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
195012
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4658
last-modified
Tue, 02 Jan 2024 16:49:08 GMT
server
Cloudinary
etag
"37ff6fe9cb890b3b3f328d9a75706d06"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
jeJQo7Q2ia6qX2XNFMYOvwp5E3ag7EQLtvbPYFZobPAyil5sHdVSLg==
6593ed19efaba7-07900435.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/6593ed19efaba7-07900435.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
347bef3a408caea133a2cab4a74f8837bad5f8a69d89599a270b28815b5627d0
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Wed, 17 Jan 2024 12:59:16 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
121360
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4879
last-modified
Tue, 02 Jan 2024 11:25:00 GMT
server
Cloudinary
etag
"13567d0e85f63b08c07098e0248d52e9"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
LsA7Oz3WudW39GPU6rJ9DeyOEmfu1QW6NYQrF-hRO5Z2VZ5Ys6liLg==
659da08a7aa8b8-99157132.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/659da08a7aa8b8-99157132.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
c75b26487e9486c3c2dc651a007d81b38e8d0387ff997b7137a97e7e4d8ee709
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Wed, 17 Jan 2024 16:01:37 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
110419
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
3798
x-request-id
37b751bc3078598bb25f943cc5bd25e5
last-modified
Tue, 09 Jan 2024 20:56:31 GMT
server
cloudflare
etag
"4fbbf2d6c89ab395276b98fe18de400b"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
84362287cb3781c9-IAD
timing-allow-origin
*
x-amz-cf-id
0j7MvG5wQy78LeWt_hh5lKiRd8Cw19gj8ikADUOJTfWRys9xEFvFnw==
e63f1d83abb2029c87cb64f6b1524974.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_212,w_425,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/e63f1d83abb2029c87cb64f6b1524974.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
807f83c9ee9e5bb9f66254462ea1f6ecdb423d85851e8a1f3904f6e6155950cf
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Tue, 16 Jan 2024 14:04:57 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
203819
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
6074
last-modified
Thu, 31 Aug 2023 23:49:54 GMT
server
cloudflare
etag
"2bcef7e46cdf8790e75418447841652c"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
842d3b78db275af3-IAD
timing-allow-origin
*
x-amz-cf-id
CdjPw1M7z-2iC5OSKFbC_ZKKo07sX1O9rl0a_wlh7-BGqOu3kWv49w==
658f35c95228b7-96590340.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/658f35c95228b7-96590340.jpg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
3bfbec8a4a65c6b11fe48b208e234a867f9bf7c355d482f7d30c004f736d2ddb
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=604800
date
Thu, 18 Jan 2024 09:34:48 GMT
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
47228
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
6125
last-modified
Fri, 29 Dec 2023 23:14:15 GMT
server
Cloudinary
etag
"6b16ab1683d5d0a58937787f8923f2b0"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
FnfY3mOxUWovI9eKXfNcOzw226qRaHwpOIM0Q9Ro5f-rdPt7u10Otg==
7f4a9997989855d437946701925d6aea.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/7f4a9997989855d437946701925d6aea.jpeg
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
850f74b71aecf690004e531fd82e551493ba9ed765f83c5eaf9eba665f929e5b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 01:11:21 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
509435
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
14418
last-modified
Sat, 09 Dec 2023 19:44:13 GMT
server
cloudflare
etag
"cb42310a7c72990b3bd891da61cd768e"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
8449c3c828673ae0-IAD
timing-allow-origin
*
x-amz-cf-id
fEsbHjAXtQAse80DjLd_OqOGtS28owcmQDDOOLSbONPA14Smag8P-g==
4dd4b00310746ff8f6bbf2301d35502b.png
images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_auto:eco,h_162,w_325,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/4dd4b00310746ff8f6bbf2301d35502b.png
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-39.jfk52.r.cloudfront.net
Software
cloudflare /
Resource Hash
5754942a6afdf33b9acf468813221d553799441d56aa660913667492c58f0ebb
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 18:50:50 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
via
1.1 071f5fea9cc276d1769e252ea33022fa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
186666
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
8227
last-modified
Sat, 25 Nov 2023 05:00:58 GMT
server
cloudflare
etag
"51cbcfafece72ae01f936c81aaa031ee"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, max-age=604800
accept-ranges
bytes
cf-ray
84688be2bed62036-IAD
timing-allow-origin
*
x-amz-cf-id
9ayW3qhU4jfzPHG7VGUjltcIKMVyknwRC6skMOtM4Rim4mLqweEXxA==
sync-2435d567.js
cdn.ex.co/sync/0.0.1-7abf705/ Frame A833 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/cookie_sync.html?network=368531133%2C1841615463&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8bf2c5d28ba5403debe4799fb6519d1541ce1f17e900acf33557b56f766f2a8a

Request headers

Referer
https://cdn.ex.co/sync/0.0.1-7abf705/cookie_sync.html?network=368531133%2C1841615463&gdpr=0&gdpr_consent=
Origin
https://cdn.ex.co
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
content-length
2918
last-modified
Tue, 19 Dec 2023 08:56:00 GMT
server
AmazonS3
etag
"b21713c7c85a6c6949322d5c2a99a056"
vary
Accept-Encoding
access-control-max-age
86400
access-control-allow-methods
GET,POST
access-control-allow-origin
*
content-type
application/javascript
cache-control
must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 25 Jan 2024 22:41:56 GMT
AGSKWxX0OUhupf4eLSDNs2ZjX26cmKtlHw2qbqGYTy6j6kfj6hQ9HGGSirFG5Px2EuvofJS9PEv7mqkuOqW-ksONW09oIdB-7qdav8FNQmvG4Q2sz11XJg7DHBGLulCJzG2-oj9gPO_FSQ==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxX0OUhupf4eLSDNs2ZjX26cmKtlHw2qbqGYTy6j6kfj6hQ9HGGSirFG5Px2EuvofJS9PEv7mqkuOqW-ksONW09oIdB-7qdav8FNQmvG4Q2sz11XJg7DHBGLulCJzG2-oj9gPO_FSQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjE3NzE2LDU4NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9mcmVlZG9taGVhZGxpbmVzLmNvbS9mcmVlZG9tLXdpcmUvam9yYW4tdmFuLWRlci1zbG9vdC1oYXMtZmluYWxseS1jb25mZXNzZWQtdG8ta2lsbGluZy1uYXRhbGVlLWhvbGxvd2F5LyIsbnVsbCxbWzgsIkxJcWM0MUJKNWEwIl0sWzksImVuLVVTIl0sWzE5LCIyIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
43cc7d61fc61850687d21c7ade6f23c51f6798d21882a1821151a6d2accf417f
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-S21xWj5Dnn-vXM_c1fGx8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-S21xWj5Dnn-vXM_c1fGx8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
cookie_sync
sync.ex.co/v1/ Frame A833 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sync.ex.co/v1/cookie_sync?network=368531133%2C1841615463&gdpr=0&gdpr_consent=
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
ec4b9eafb0647fb378c36a118ee0265ca915d9186968c6221e7d515e6b513515

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.ex.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
https://cdn.ex.co
date
Thu, 18 Jan 2024 22:41:56 GMT
access-control-allow-credentials
true
content-length
1770
vary
Origin
content-type
application/json
AGSKWxUzlLJLVANC956bEuuuwGjdsbKoNBGTp9W32xyVGAgaLozVhdC7t4vo3y5XsHKRvc6g3GxxCcWWtXK-iLE1_B9EXJ9q0BmGZU9-_z8_wvj6zrwCeSv2NXzz2WQZdYalPOfzTgIDDw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUzlLJLVANC956bEuuuwGjdsbKoNBGTp9W32xyVGAgaLozVhdC7t4vo3y5XsHKRvc6g3GxxCcWWtXK-iLE1_B9EXJ9q0BmGZU9-_z8_wvj6zrwCeSv2NXzz2WQZdYalPOfzTgIDDw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMwgqDkzAh6CC5ELYNPvsJo4CceONQ/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6OTj06RTfZ4zI2sI5z9RRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-security-policy
script-src 'report-sample' 'nonce-6OTj06RTfZ4zI2sI5z9RRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
log_event
www.youtube.com/youtubei/v1/ Frame 0F6A 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/42a553e1/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f14.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
X-Goog-Request-Time
1705617716744
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
X-YouTube-Client-Version
1.20240116.01.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
Cgs4MTNESWtQOVVxTSix0qatBjIKCgJVUxIEGgAgbg%3D%3D
X-YouTube-Ad-Signals
dt=1705617714376&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C780%2C439&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
page-view
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://freedomheadlines.com
content-length
0
date
Thu, 18 Jan 2024 22:41:56 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
2
x-rc-region
us-east-1a
widget-loaded
yeet.revcontent.com/yeet/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freedomheadlines.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://freedomheadlines.com
content-length
0
date
Thu, 18 Jan 2024 22:41:56 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time
2
x-rc-region
us-east-1a
page-view
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/page-view
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

x-rc-region
us-east-1a
access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:56 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
server
envoy
vary
Origin
widget-loaded
yeet.revcontent.com/yeet/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by
Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.218.163.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-163-194.compute-1.amazonaws.com
Software
envoy /
Resource Hash

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

x-rc-region
us-east-1a
access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:56 GMT
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
server
envoy
vary
Origin
hls.min.js
cdn.ex.co/player/hls/1.4.10-exco/ 		267 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
97fb107f26dfa81080591d1afd85f1f5a9b681a91b98f22e65ad6b2111766fbe

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
content-length
82759
last-modified
Tue, 31 Oct 2023 13:17:42 GMT
server
AmazonS3
etag
"60aaafdd4d62415ba39125b40f38575c"
vary
Accept-Encoding
access-control-max-age
86400
access-control-allow-methods
GET,POST
access-control-allow-origin
*
content-type
application/javascript
cache-control
max-age=604800
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 25 Jan 2024 22:41:56 GMT
starti
s-02.channelexco.com/ppx/ 		0
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-02.channelexco.com/ppx/starti?sid=&domain=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2Fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2F&se=26a5210c-cec1-497d-a016-7b9468512add&pv=117.59&dd=freedomheadlines.com&gpvck=v022842696__780x438______DEF__nil__401&sa=shd&s=0.0&p=779297768&cb=1705617716833
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.210.193.205 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
server
openresty
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
ac
www9.smartadserver.com/
Redirect Chain
  • https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5BCB%5D&pgdomain=https%3A%2F%2Ffreedomheadlines.com%2Ffreedom-wire%2...
  • https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5bCB%5d&pgdomain=https%3a%2f%2ffreedomheadlines.com%2ffreedom-wire%2...
129 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5bCB%5d&pgdomain=https%3a%2f%2ffreedomheadlines.com%2ffreedom-wire%2fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2f&vph=438&vpw=780&gdpr_consent=&us_privacy=&schain=1.0%2c1!playbuzz.com%2c0010J00002G2BxCQAV%2c1%2c%2c%2cfreedomheadlines.com&gdpr=0&cklb=1
Requested by
Host: freedomheadlines.com
URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular
Protocol
HTTP/1.1
Server
147.135.119.115 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip115.ip-147-135-119.us
Software
/
Resource Hash
41d511bcd8511da9cb1f673d030c44fbadb09271c96e4fbb40bfa306572dcca3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://freedomheadlines.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:56 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://freedomheadlines.com
location
https://www9.smartadserver.com/ac?siteid=218209&pgid=1426227&fmtid=63953&ab=1&tgt=&oc=1&out=vast4&ps=1&pb=0&visit=S&vcn=s&tmstp=%5bCB%5d&pgdomain=https%3a%2f%2ffreedomheadlines.com%2ffreedom-wire%2fjoran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway%2f&vph=438&vpw=780&gdpr_consent=&us_privacy=&schain=1.0%2c1!playbuzz.com%2c0010J00002G2BxCQAV%2c1%2c%2c%2cfreedomheadlines.com&gdpr=0&cklb=1
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-length
0
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:56 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
expb.js
cdn.ex.co/player/pb/2.4.0/ Frame 034B 		591 KB
196 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ex.co/player/pb/2.4.0/expb.js
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
40b56b106e3ca36cd66a7fd7558f9ebfb83b6368cc296a57505becdc2a8cc940

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:56 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
content-length
200048
last-modified
Mon, 08 Jan 2024 09:20:04 GMT
server
AmazonS3
etag
"2521af7c09dc033c042767affaabf227"
vary
Accept-Encoding
access-control-max-age
86400
access-control-allow-methods
GET,POST
access-control-allow-origin
*
content-type
application/javascript
cache-control
must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 25 Jan 2024 22:41:56 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8F9E 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://cdn.ex.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=130585
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 18 Jan 2024 22:41:56 GMT
expires
Sat, 20 Jan 2024 10:58:21 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
mcd.ex.co/video/upload/sp_hd/v1490095101/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/sp_hd/v1490095101/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
a56f5f7194ef81e280190cdf70a6d1289942afaf52231e7900474b312f5c48cf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,394554537382471183304184472313687845759,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Connection
keep-alive
Content-Length
1127
X-Served-By
cache-bwi5061-BWI
Last-Modified
Wed, 09 Jun 2021 12:31:44 GMT
Server
cloudinary
X-Timer
S1638940479.929676,VS0,VE104
ETag
"43c49c5a38361beb99c8bf3dd60047f4"
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=29417661
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
/
sync.ex.co/v1/setuid/sovrn/ Frame A833
Redirect Chain
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fsovrn%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fsovrn%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true
  • https://sync.ex.co/v1/setuid/sovrn/?gdpr=0&gdpr_consent=&uid=IA6RjLZH62qOOr39SEerjNv2
86 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid/sovrn/?gdpr=0&gdpr_consent=&uid=IA6RjLZH62qOOr39SEerjNv2
Protocol
H2
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.ex.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
date
Thu, 18 Jan 2024 22:41:57 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png

Redirect headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://sync.ex.co/v1/setuid/sovrn/?gdpr=0&gdpr_consent=&uid=IA6RjLZH62qOOr39SEerjNv2
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3dca1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame 8F9E 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87749914&p=158554&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2dc141d13c1e52e5b36981f6bad02945d4cd497022a210548b912ce92ce69916

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
mcd.ex.co/video/upload/c_limit,w_320,h_240,vc_h264:baseline:3.0,br_192k/v1600072622/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_320,h_240,vc_h264:baseline:3.0,br_192k/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
363a2228f397c87b3aeb0e7fc9926e5438c3de511242c5849d0da3d2c76037fd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,484104238383510269782950376486441993307,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Connection
keep-alive
Content-Length
1890
X-Served-By
cache-wdc5553-WDC
Last-Modified
Wed, 09 Jun 2021 12:31:21 GMT
Server
cloudinary
X-Timer
S1638943640.481049,VS0,VE1
ETag
"e3a4d3e4cf55264cd80d76705e1125b3"
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31285649
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
1
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401110101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
cafe /
Resource Hash
7000aefc850f656c476c83d3c83adae38e1d8114e1e65c991d41c7eec7cb3372
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12204
x-xss-protection
0
shim.gif
creatives.sascdn.com/ 		43 B
388 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creatives.sascdn.com/shim.gif
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.44.201.212 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-201-212.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:58 GMT
Last-Modified
Fri, 17 Aug 2018 12:23:00 GMT
Server
AkamaiNetStorage
ETag
"221d8352905f2c38b3cb2bd191d630b0:1534508580"
Content-Type
image/gif
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Fri, 17 Jan 2025 22:41:58 GMT
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_320,h_240,vc_h264:baseline:3.0,br_192k/v1600072622/ 		88 KB
89 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_320,h_240,vc_h264:baseline:3.0,br_192k/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
f164b39a16618e24f0fd121a274768bc24760f8778d4a3b5457a5e03ddd0c53f

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=0-90239

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,201691703795562271966273117828695354966,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 0-90239/1475048
Connection
keep-alive
Content-Length
90240
X-Served-By
cache-wdc5558-WDC
Last-Modified
Wed, 09 Jun 2021 07:23:15 GMT
Server
cloudinary
X-Timer
S1638943722.002762,VS0,VE0
ETag
"bc1d05ae5b7f824a9cd6a30d8f4abbc9"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31285652
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
1
dcm
s.amazon-adsystem.com/ Frame 3736 		43 B
855 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&redir=true&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Thu, 18 Jan 2024 22:41:57 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
FQ97VP6GWH45H38W7VK2
Pug
simage2.pubmatic.com/AdServer/ Frame FF17
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=c95b564a-b652-11ee-b03b-f81da172816e
42 B
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=c95b564a-b652-11ee-b03b-f81da172816e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, proxy-revalidate
content-length
0
content-type
image/gif
date
Thu, 18 Jan 2024 22:41:57 GMT
expires
Thu, 23 Sep 2004 17:42:04 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=c95b564a-b652-11ee-b03b-f81da172816e
p3p
CP="NOI OTC OTP OUR NOR"
pragma
no-cache
server
Cowboy
x-realserver-nx
lga-delivery-10
Pug
simage2.pubmatic.com/AdServer/ Frame 76C1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2246955529131902645&gdpr=0&gdpr_consent=
42 B
218 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2246955529131902645&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
access-control-allow-origin
*
an-x-request-uuid
8a66924e-6cfd-43e2-b820-1fe8779858d2
cache-control
no-store, no-cache, private
content-length
0
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
expires
Sat, 15 Nov 2008 16:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2246955529131902645&gdpr=0&gdpr_consent=
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma
no-cache
server
nginx/1.23.4
x-proxy-origin
185.189.25.153; 185.189.25.153; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection
0
Pug
image2.pubmatic.com/AdServer/ Frame C13D
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBdXlVN0xVMUlBQUJPUjRNNzFrZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&b...
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?ev=AAAuyU7LU1IAABOR4M71kg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_cur...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAAuyU7LU1IAABOR4M71kg&pid=558502&do=add&gd...
  • https://rtb-csync.smartadserver.com/redir?partneruserid=AAAuyU7LU1IAABOR4M71kg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=1806854147396276484&gdpr=0&gdpr_consent=
  • https://sync.technoratimedia.com/services?uid=AAAuyU7LU1IAABOR4M71kg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D1806854147396276484%26gdpr%3D0%...
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D1B7FE8AF12AF48F7809D41D081310265%26att%3D1%26pid%3D82%26cb%3Dhttps%...
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D1B7FE8AF12AF48F7809D41D081310265%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F...
  • https://sync.technoratimedia.com/services?srv=cs&nuid=1B7FE8AF12AF48F7809D41D081310265&att=1&pid=82&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D18068541473962...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&userid=1806854147396276484&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAuyU7LU1IAABOR4M71kg&gdpr=0&gdpr_consent=
42 B
278 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAuyU7LU1IAABOR4M71kg&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Thu, 18 Jan 2024 22:42:00 GMT
Server
gunicorn
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAuyU7LU1IAABOR4M71kg&gdpr=0&gdpr_consent=
strict-transport-security
max-age=2592000; includeSubDomains
b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 63F0
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
85 B
236 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZampNQAPg-i5dwBH
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
85
content-type
image/png
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-dfw-kdal2120081-DFW
x-timer
S1705617718.535454,VS0,VE33

Redirect headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
0
date
Thu, 18 Jan 2024 22:41:57 GMT
location
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZampNQAPg-i5dwBH
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-dfw-kdal2120081-DFW
x-timer
S1705617717.451217,VS0,VE33
141
match.deepintent.com/usersync/ Frame C1D0 		0
339 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 Ashburn, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-length
0
content-type
image/gif
date
Thu, 18 Jan 2024 22:41:56 GMT
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server
a
Pug
simage2.pubmatic.com/AdServer/ Frame 743A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=2ca39820-f504-4b9e-953f-6109e8cc0014&ssp=pubmatic&expires=30&user_group=5&bsw_param=0ecda7a8-55a0-4b14-affd-9a977bd5df6a
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
1 B
186 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Thu, 18 Jan 2024 22:41:58 GMT
Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Server
nginx
Pug
image2.pubmatic.com/AdServer/ Frame 8DB5
Redirect Chain
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
42 B
416 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
date
Thu, 18 Jan 2024 22:41:57 GMT
expires
Fri, 04 Aug 1978 12:00:00 GMT
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma
no-cache
strict-transport-security
max-age=86400
Pug
simage2.pubmatic.com/AdServer/ Frame D92E
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:FaQkITiQ1RqB5b5&gdpr=0&gdpr_consent=
42 B
221 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:FaQkITiQ1RqB5b5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Thu, 18 Jan 2024 22:41:57 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:FaQkITiQ1RqB5b5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0fd4e2e36fcc7aacc@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame B9B5
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZlYai8prWFlG630TIH-Z7bm9GZk&gdpr=0&gdpr_consent=
42 B
299 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZlYai8prWFlG630TIH-Z7bm9GZk&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
188
Content-Type
text/html; charset=utf-8
Date
Thu, 18 Jan 2024 22:41:57 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=ZlYai8prWFlG630TIH-Z7bm9GZk&gdpr=0&gdpr_consent=
pbmtc.gif
beacon.lynx.cognitivlabs.com/ Frame 8A67
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=53599fab-154f-443b-ab92-320a9156b7cc&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
42 B
491 B 		Document
General
Check archive.org
Download Go to
Full URL
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.250.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-250-139.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Length
42
Content-Type
image/gif
Date
Thu, 18 Jan 2024 22:41:59 GMT
Server
Kestrel

Redirect headers

cache-control
no-store, no-cache, private
date
Thu, 18 Jan 2024 22:41:58 GMT
location
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
usersync.aspx
dis.criteo.com/dis/ Frame B102 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 22:41:56 GMT
expires
Thu, 18 Jan 2024 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
479062
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
Pug
image2.pubmatic.com/AdServer/ Frame 23D9
Redirect Chain
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336248539659481
42 B
194 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336248539659481
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Content-Length
0
Date
Thu, 18 Jan 2024 22:41:57 GMT
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336248539659481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
pubmatic
ad.mrtnsvr.com/sync/ Frame 68DD 		0
0
i.match
a.tribalfusion.com/ Frame E808 		0
0
/
csync.loopme.me/ Frame 2BBF 		0
0
sync
t.adx.opera.com/pub/ Frame 68E1 		0
0
/
sync.ex.co/v1/setuid/pubmatic/ Frame C88D 		0
298 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.ex.co/v1/setuid/pubmatic/?gdpr=0&gdpr_consent=&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
content-length
0
content-type
text/html
date
Thu, 18 Jan 2024 22:41:57 GMT
vary
Origin
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8F9E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bMC8Wu5JQvWMRH0-PlVpvA%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol
H2
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
content-encoding
gzip
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=130584
accept-ranges
bytes
content-length
5622
expires
Sat, 20 Jan 2024 10:58:21 GMT

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 8F9E
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%2C%2C
95 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%2C%2C
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&ttd_puid=852891db-c997-4193-8176-cdd6376d8a0b%2C%2C
date
Thu, 18 Jan 2024 22:41:57 GMT
server
Kestrel
content-length
359
FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3A...
us01.z.antigena.com/l/ Frame 8F9E 		0
0
xuid
eb2.3lift.com/ Frame 8F9E
Redirect Chain
  • https://eb2.3lift.com/xuid?mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=7976&xuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Pug
image2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkNDMEJDNUEtRUU0OS00MkY1LThDNDQtN0QzRTNFNTU2OUJD&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECpKLamR0jcid5GxZdfYEHo&google_cver=1
42 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECpKLamR0jcid5GxZdfYEHo&google_cver=1
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:56 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECpKLamR0jcid5GxZdfYEHo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:FB40634400C047BB9055353B18FFBA2E
42 B
525 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:FB40634400C047BB9055353B18FFBA2E
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:59 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Thu, 18 Jan 2024 22:42:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:FB40634400C047BB9055353B18FFBA2E
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Wed, 17 Jan 2024 22:42:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&gdpr=0&gdpr_consent=
42 B
542 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&gdpr=0&gdpr_consent=
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:56 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&gdpr=0&gdpr_consent=
date
Thu, 18 Jan 2024 22:41:57 GMT
server
Kestrel
content-length
355
6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 8F9E 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.107.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-107-34.compute-1.amazonaws.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
sync
ups.analytics.yahoo.com/ups/58292/ Frame 8F9E 		0
0
generic
sync.ipredictive.com/d/sync/cookie/ Frame 8F9E 		0
0
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=725f098eb4b04a2&is_secure=true&networkId=17100&version=1&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACHL_Tl-PvxgMDCItTAAAAAAA&expiration=1705704118&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&...
42 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACHL_Tl-PvxgMDCItTAAAAAAA&expiration=1705704118&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&is_secure=true&gdpr_consent=&gdpr=0
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:58 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:58 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACHL_Tl-PvxgMDCItTAAAAAAA&expiration=1705704118&nuid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&is_secure=true&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8F9E 		0
0
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 8F9E 		0
0
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9011907017921379196&gdpr=0&gdpr_consent=&us_privacy=
1 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9011907017921379196&gdpr=0&gdpr_consent=&us_privacy=
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:41:59 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9011907017921379196&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sn.ashx
pmp.mxptint.net/ Frame 8F9E
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R33645_10F80E176_8005853E&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Protocol
HTTP/1.1
Server
38.98.69.175 North Bergen, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-388622518; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Expires
-1
Pragma
no-cache
Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=-388622518; includeSubDomains
Content-Length
43
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent=&tc=1
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&pi=pubmatic&gdpr=0&gdpr_consent=&tc=1
42 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&pi=pubmatic&gdpr=0&gdpr_consent=&tc=1
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:41:58 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&pi=pubmatic&gdpr=0&gdpr_consent=&tc=1
pragma
no-cache
date
Thu, 18 Jan 2024 22:41:58 GMT, Thu, 18 Jan 2024 22:41:58 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
events
e.channelexco.com/ 		0
247 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://e.channelexco.com/events
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.82.15.162 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:58 GMT
access-control-request-method
GET, POST
server
openresty
access-control-allow-methods
GET, POST
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
access-control-allow-credentials
true
access-control-allow-headers
*
sync
ssbsync-global.smartadserver.com/api/ Frame 74BD 		731 B
833 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.83.76.100 Los Angeles, United States, ASN395954 (LEASEWEB-USA-LAX, US),
Reverse DNS
Software
/
Resource Hash
805b509e1c968f54f8aa72197e8ac4505a2b482179e18694ba4531484b884b61

Request headers

Referer
https://cdn.ex.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-length
731
content-type
text/html
date
Thu, 18 Jan 2024 22:41:57 GMT
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
e72d0734bc15008c6d89a4087da5ebcc55a739654f70ef857645a4f000304ff7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,242129432464203716531710096271398543033,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Connection
keep-alive
Content-Length
1907
X-Served-By
cache-wdc5536-WDC
Last-Modified
Thu, 03 Jun 2021 22:37:57 GMT
Server
cloudinary
X-Timer
S1638946186.274676,VS0,VE1
ETag
"ff6f024870a329205eb2e3121dfccff3"
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=29886015
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
1
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401110101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f1.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Jan 2024 22:41:57 GMT
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		134 KB
134 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
da62720b7c3e8d6eef182fb69b2002926da8512532e6de9a1de0396a71a02413

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=0-136863

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 0-136863/2254684
Connection
keep-alive
Content-Length
136864
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646908
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0F74 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f1.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
24565
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 15:52:32 GMT
expires
Fri, 17 Jan 2025 15:52:32 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 2B6A 		829 B
989 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f4.1e100.net
Software
GSE /
Resource Hash
53317bcb3fd7bc9d1d832cc881eaad61de20861386cb89117555c288d8d155be
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-p2XknEg5WiKxZ307op6fFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://freedomheadlines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-p2XknEg5WiKxZ307op6fFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 22:41:57 GMT
expires
Thu, 18 Jan 2024 22:41:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
a7c67a1f-7da9-407a-92d6-90ed63bded04
https://freedomheadlines.com/ 		267 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://freedomheadlines.com/a7c67a1f-7da9-407a-92d6-90ed63bded04
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1042d1b60174a99afa3cbafdeec59701e6930ee129d5a837b7001538df09414d

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length
273447
Content-Type
text/javascript
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame 0F74 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 16:19:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
22971
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 17 Jan 2025 16:19:06 GMT
/
sync.ex.co/v1/setuid/smartadserver/ Frame 74BD 		86 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid/smartadserver/?gdpr=0&gdpr_consent=&uid=1806854147396276484
Requested by
Host: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssbsync-global.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
date
Thu, 18 Jan 2024 22:41:57 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png
/
rtb-csync.smartadserver.com/redir/ Frame 74BD
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=smartadserver
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=ZlYai8prWFlG630TIH-Z7bm9GZk&user_group=1&ssp=smartadserver&gdpr=0
  • https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Protocol
HTTP/1.1
Server
23.105.12.172 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssbsync-global.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location
//rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=0ecda7a8-55a0-4b14-affd-9a977bd5df6a&gdpr=0&gdpr_consent=
Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
p
a.audrte.com/ Frame 74BD
Redirect Chain
  • https://a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aWIycng2MHVTVEJTbk9nY0lKMGl2LXBaUQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZ...
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1MDAzZGliMnJ4NjB1U1RCU25PZ2NJ...
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx...
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZX...
  • https://a.audrte.com/a?adform_uid=1850987600149466198&r=eyJ1IjoiaHR0cHM6Ly9ydGItY3N5bmMuc21hcnRhZHNlcnZlci5jb20vcmVkaXIvP2lzc2lcdTAwM2QxXHUwMDI2cGFydG5lcmlkXHUwMDNkMTQxXHUwMDI2cGFydG5lcnVzZXJpZFx1M...
  • https://rtb-csync.smartadserver.com/redir/?partnerid=141&partneruserid=ib2rx60uSTBSnOgcIJ0iv-pZQ&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991...
  • https://a.audrte.com/match?uid=1806854147396276484&p=M501991648&r=https%3A%2F%2Fa.audrte.com%2Fp%3F&gdpr=0&gdpr_consent=
  • https://a.audrte.com/p?
68 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p?
Requested by
Host: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Protocol
HTTP/1.1
Server
54.74.215.17 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-215-17.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssbsync-global.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:59 GMT
Server
nginx/1.22.1
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 18 Jan 2024 22:41:59 GMT
Server
nginx/1.22.1
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Location
https://a.audrte.com/p?
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
/
rtb-csync.smartadserver.com/redir/ Frame 74BD
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%4...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=965ae27b-298b-41c8-9bb5-1386f964b712&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=965ae27b-298b-41c8-9bb5-1386f964b712&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Protocol
HTTP/1.1
Server
23.105.12.172 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssbsync-global.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=965ae27b-298b-41c8-9bb5-1386f964b712&gdpr=0&gdpr_consent=
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1675945
content-length
0
expires
Thu, 18 Jan 2024 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 74BD
Redirect Chain
  • https://cms.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=JIGviXON_YU_jPiJc4fjhiGB_tE_hPeFK4FPPkVZ
43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=JIGviXON_YU_jPiJc4fjhiGB_tE_hPeFK4FPPkVZ
Requested by
Host: ssbsync-global.smartadserver.com
URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=35&redirectUri=sync.ex.co%2Fv1%2Fsetuid%2Fsmartadserver%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5Bssb_sync_pid%5D
Protocol
HTTP/1.1
Server
23.105.12.172 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssbsync-global.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 18 Jan 2024 22:41:58 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:57 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=80&gdpr=0&partneruserid=JIGviXON_YU_jPiJc4fjhiGB_tE_hPeFK4FPPkVZ
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		180 KB
181 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
555ae5a3cfb7774498b8139e9df89a67012a2be3a4fc006f6b5344c40cb1ea48

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=136864-321291

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 136864-321291/2254684
Connection
keep-alive
Content-Length
184428
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646908
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 2B6A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401110101&jk=3164578883974553&rc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		178 KB
179 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
339b41625108f486487a4fa13a28ae08ae3c4b5fd19b14cdc66bcfd7f64b649e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=321292-503463

Response headers

Date
Thu, 18 Jan 2024 22:41:57 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 321292-503463/2254684
Connection
keep-alive
Content-Length
182172
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646908
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
generate_204
tpc.googlesyndication.com/ Frame 0F74 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?pObVAw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f1.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:57 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		126 KB
126 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
57fb05bfeedfe63b705167cf837b458e0ab58c2c29c4a973903f293b39d90df4

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=503464-632055

Response headers

Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 503464-632055/2254684
Connection
keep-alive
Content-Length
128592
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646907
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		139 KB
140 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
14b57337b1e5726f57241ce5552c41ae99db90e7037e0d8e9afab69681cd9f2e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=632056-774371

Response headers

Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 632056-774371/2254684
Connection
keep-alive
Content-Length
142316
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646907
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/ 		117 KB
118 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_640,h_360,vc_h264:baseline:3.0,br_2m/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.ts
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
c254f18a6b35e9d5707cb7e64ae9ecc7da944a5e0b7cbc954dd455f11489c168

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range
bytes=774372-893939

Response headers

Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Tag
502941132783428480281542933415069772301,233322687990412021556170905870126409175,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Content-Range
bytes 774372-893939/2254684
Connection
keep-alive
Content-Length
119568
X-Served-By
cache-iad-kiad7000145-IAD
Last-Modified
Mon, 09 Oct 2023 07:19:13 GMT
Server
cloudinary
Surrogate-Reporting
width=640,height=360,abps=36781,fps=25.0,du=61.301,vc="h264",bytes=2254684
X-Timer
S1700412050.930782,VS0,VE358
ETag
"d0acd8965bbf5aae1010871c52bdd929"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30646907
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
mcd.ex.co/video/upload/c_limit,w_480,h_270,vc_h264:baseline:3.0,br_800k/v1600072622/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcd.ex.co/video/upload/c_limit,w_480,h_270,vc_h264:baseline:3.0,br_800k/v1600072622/landscaped687b3b1-f6a9-47a1-bc7d-ab4d3a1da017_1600072453318.m3u8
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/hls/1.4.10-exco/hls.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-80.deploy.static.akamaitechnologies.com
Software
cloudinary /
Resource Hash
66ea107d118b1b3df1a171897b0856a9dc8095854221a9345e360588063b4560

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:41:58 GMT
Cache-Tag
502941132783428480281542933415069772301,367740830352960595415805974629789749672,c8ca5d8e4a43f8ef61d39b48fd5ffa31
Connection
keep-alive
Content-Length
1898
X-Served-By
cache-wdc5553-WDC
Last-Modified
Tue, 08 Jun 2021 12:48:19 GMT
Server
cloudinary
X-Timer
S1638943641.320886,VS0,VE119
ETag
"8e79bd0c564573ae09a73296fcab7df8"
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31285673
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
0
csi
csi.gstatic.com/ 		0
234 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lrjsr0n0&ctx=0&met.9=1.16m~2.1do&met.3=112.2wp_1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:58 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401110101&jk=3164578883974553&bg=!HR6lHlHNAAa8BdJLnAU7ADQBe5WfOErwQurlQmzHi4nOeog8_vfHgnJO13tCEaLrd2gOvm-IKRJ4a3ZnjxUSNCTRyjEiAgAAAHNSAAAAA2gBBwoANFpLvaSD0WDIwz0Bh9r8wIfdkFGfZR7Zv52DYaON3DSMUmSKaeB6Y9RmYgnIgm_L-XFAbjqZAsZCoRA2TDm0-vV30K9Di5Q1GWSKv0E0HjuU6vP0A2o9qYJWifNRCVkNFIMlPF2OK-q3g87zs-CzFFqvsgrpK6xx4WLsEsnH7fVGAYRNucACypFaMI7Od5HkHkm2wWXhwUFdKbApaMJ5_KiAdtafHDYOUeyrY0OK474VrYBRmaIHILABiTsuxKFzvOokvJFQwsR1xR_XwMhvL21JSGEV1YiSHlNSNdBwFlRlHPDPAxdmqibymOtgf58ElFJ2lyN9mXKGnYcoCu76WiSpD1uJv7a2PSV8G97tWQ-QmZOX-jGjUDV4wKn0RxzhEM8p8ewS7-tpnpF2qWufEu_H3I6v79wy33IcrZQQ2mnm0cHoB5Tc_c5IXgiL74IAIUjruoJULHaXiwyMl-a9iRcj_0Fp2iL-Y53Bujx0srgPo7q8IoeyOBVQQuRY_W4h6FlBjawWEykXrnC7G0t8zsCpLmUyHxFYZLBCp2pnGHa__AwuuIGevED5w00mpPzSszEAM4Kk-58gXjHG4VntFGUeG1386mMbJpuJsZOuJKFN4PvktvySnD-W0XUpPyFelIBiF-y8Cylj-B7C8R8prp4SxOMGZG2Pboosksa1ysd66bRF6HtxU3Y6iLoWa8G5hFd9pb1-WiK373vd94c4qoCRGsrO8B6Ob3PgrtuU9qD6wnPtTtCoDHmRs6sIhXTk8tslfqfyryZmOrNn947rtvZTdklh023Uvqr8BFuIe_1dEaIcTAHEyw5NgkXjyFGM2jd0JigVf_Gskb1sQKifVpDVMnLwzed3e9jELbcjSGaIizQHjeyc10MzW-sBgL0A9fBGZXvCwk4ZZ2VZ89A7ePzF3Fa_t7IhGLcpky_sg3gQ6P0fwi2bb2Vy43f4mRG7auvcK5Bp6tlj_Ae6IWBAxpDJBzRI4Bc52iTSCQEoCwMbUCaSpp-rf7k6NGw1-A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
events
collector.ex.co/main/ 		17 B
154 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector.ex.co/main/events
Requested by
Host: player.ex.co
URL: https://player.ex.co/player/0718ad3a-0b2c-415c-9131-c46be31a6dc2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.101.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-101-115.compute-1.amazonaws.com
Software
/
Resource Hash
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 22:41:58 GMT
etag
W/"11-MaL8I3MaqLPWbOrdrabTmSWS9PM"
content-length
17
content-type
application/json; charset=utf-8
SPug
simage4.pubmatic.com/AdServer/ Frame 8F9E 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158554&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:41:58 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
usermatch
ssum-sec.casalemedia.com/ Frame 7DFA
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=190719&cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
2 KB
849 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c66788062e6b8840eac1f62d4afca5489208790f38f113899dc758a389344728

Request headers

Referer
https://cdn.ex.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
847a593d0b286c25-DFW
content-encoding
br
content-type
text/html
date
Thu, 18 Jan 2024 22:41:59 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5DOgvZCZN%2FbPIyctiByIg%2F6PatWyunCGxt7HElvD961zuwb11vHwonFzAwvpXaKGjeGfO5yOZ%2Fkn%2BezJdLFrspzg2bon7xHTsdLb%2Bsr3A2KPgKEyZGgoXx3zBwhBDu%2BmLdhnol4WLJF1w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
847a593c5a596c25-DFW
content-length
0
date
Thu, 18 Jan 2024 22:41:59 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ni%2FWh7FhuznsQOCzeNfR4WF7NBF0yTIgPKhJMg2P2ltELaFWv2kHG2LtXUM7vi4jciaTRtglmI%2BdNf7Vg4qyhD8S9G3G%2B5YuEFMvMfOGrMo6zJscexkXPCbibBOU5ffX1iRAXNno%2BlTq8g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
envelope
lexicon.33across.com/v1/ Frame 034B
Redirect Chain
  • https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1---
  • https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1---&b=1&g=V3X1K6gbU89Ez0zQnzTgtT7k7JzLY0vgKdDPKgOXC%2FI%3D
42 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1---&b=1&g=V3X1K6gbU89Ez0zQnzTgtT7k7JzLY0vgKdDPKgOXC%2FI%3D
Protocol
H2
Server
35.244.193.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freedomheadlines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 22:42:00 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Thu, 18 Jan 2024 22:41:59 GMT
via
1.1 google
referrer-policy
unsafe-url
vary
origin
access-control-allow-origin
https://freedomheadlines.com
location
https://lexicon.33across.com/v1/envelope?pid=0015a00003EkOH8AAN&gdpr=0&src=pbjs&ver=8.27.0&coppa=0&us_privacy=1---&b=1&g=V3X1K6gbU89Ez0zQnzTgtT7k7JzLY0vgKdDPKgOXC%2FI%3D
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
id5-sync.com/api/config/ Frame 034B 		136 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
22cd820b748bdabf96448ca563642ddc782ba91756d5428113a23392839752ef
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ Frame 034B 		0
282 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=13963
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:42:00 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
rid
match.adsrvr.org/track/ Frame 034B 		108 B
737 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=343asog&fmt=json
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
338aea7bea95f307a94c4158b365a3f46144a02c4ab5126b91b4d9c8329ad9d9

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 18 Jan 2024 22:41:59 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Sat, 17 Feb 2024 22:41:59 GMT
prebidvideo
ads.yieldmo.com/exchange/ Frame 034B 		0
327 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebidvideo
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.104.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-104-11.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
auction
rtb.ex.co/openrtb2/ Frame 034B 		306 B
459 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.ex.co/openrtb2/auction
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.140.64 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
d64da3deeffbcb956f3942f2ba471dd97af4d1e1fdca63af9fdd9e4581958722

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:42:02 GMT
access-control-allow-credentials
true
content-length
306
vary
Origin
content-type
application/json
v1
prg.smartadserver.com/prebid/ Frame 034B 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.115 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip115.ip-147-135-119.us
Software
/
Resource Hash
1166b6abcc8fdfbfb231e37cad341e1ef566083374f0bf4018e143694fd795cb

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:59 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://freedomheadlines.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/ Frame 034B 		353 B
656 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUB64530
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
6f49aa5d321aeddbed517c309b906cf25f85808311c04a2786ef9b2a8d04390e

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:59 GMT
content-encoding
gzip
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://freedomheadlines.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 18 Jan 2024 22:42:00 GMT
pbjs
htlb.casalemedia.com/openrtb/ Frame 034B 		36 B
512 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=624104
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe059ec25f9d80744f7e33d432cb54d5e7642642cec0489d2cac9aaf744798c0

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCGvzWpY7TlHN9CfuC974pCbY8oCzNRmgvQEh2rAOZGxirpQilKy8nyPYgwcpcbGLrBw%2BWyk1hJm9EBVALKRoUgGFsZ4cL1DuEGF0BFwrXYDE4BnVTtreop4cFsFtz6H6UJnKjii"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://freedomheadlines.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
847a593d9bcf6c25-DFW
alt-svc
h3=":443"; ma=86400
content-length
36
expires
0
rum
dsum-sec.casalemedia.com/ Frame 7DFA
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&expiration=1708209719&gdpr=0&gdpr_consent=
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&expiration=1708209719&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Di0BozEVEm0WH9fbc21sIf9cwwS1bE72jvqw8S8r8YGzTnBXEZgc0ft1IgKr1Os8%2FPIftSe1gRnlvDkZpLc6tmz%2F6ohGtXEhZ9gvy8uv7ESAG8fFCuPa6BPxRTp0bPazC2M1xAnS2RMEXw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
847a593e4ccb6c25-DFW
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=0f1e84a8-ad36-4acf-8754-852e04c3fc7a&expiration=1708209719&gdpr=0&gdpr_consent=
date
Thu, 18 Jan 2024 22:41:59 GMT
server
Kestrel
content-length
323
usermatchredir
ssum-sec.casalemedia.com/ Frame 7DFA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZampN6SvVkHTzb-mzC2DMAAACiYAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESED9LVAeV3w38G1F-ifbhRmA&google_cver=1
43 B
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESED9LVAeV3w38G1F-ifbhRmA&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8vcEuqKDJ93TekBv4I%2FsjydV2ReboIbUPTpfzBF24G7bk3rkr32lyVhH8AhnPOCaCtpIhnCdT22wJ7AesfL5lt3Y0dagLC02Hgc3AJ0JfNXyiHPJbTv98EJTUE2R55Bxh6M%2FRYlnabpEyA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
847a593e4cba6c6c-DFW
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:41:59 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESED9LVAeV3w38G1F-ifbhRmA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
28292
i6.liadm.com/s/ Frame 7DFA
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZampN6SvVkHTzb.mzC2DMAAA%262598&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZampN6SvVkHTzb.mzC2DMAAA%262598&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=5e690679251e43538f575460d67ffb1d
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA
43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
HTTP/1.1
Server
3.233.89.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-89-241.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:42:00 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-wN4CZw0L0Kypup7EZCrd-MghTsxZe80ze59jFA
Date
Thu, 18 Jan 2024 22:42:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
dcm
s.amazon-adsystem.com/ Frame 7DFA 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZampN6SvVkHTzb-mzC2DMAAACiYAAAAB&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Jan 2024 22:41:59 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
M8SF5DGW20XA0DPMM89P
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 7DFA
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=997336248539659481
43 B
327 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=997336248539659481
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjrSeFqyBOrqi7MyMIo6hKlZewJTS%2FCdNkFnTRL%2F2jQr%2BrKANWsAGw4ZHgJhSwMNxIREVVHQ1OnqK52efxiiYEtSV7N9RwNSaEeZ5ilr6PiAPUlZVxTEcEsC7S9ao4vDQ6EVNkd2hNpGhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
847a593e4cd06c25-DFW
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=997336248539659481
Date
Thu, 18 Jan 2024 22:41:59 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
user-registering
ads.stickyadstv.com/ Frame 7DFA 		43 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZampN6SvVkHTzb-mzC2DMAAACiYAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.251.28.233 Secaucus, United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Jan 2024 22:42:00 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1705617720236007-147
demconf.jpg
dpm.demdex.net/ Frame 7DFA
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598
42 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H2
Server
44.224.76.14 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-224-76-14.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

dcs
dcs-prod-usw2-1-v050-02d7541de.edge-usw2.demdex.com 1 ms
pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
2mgnS8JvRQw=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-usw2-2-v050-004bce71a.edge-usw2.demdex.com 0 ms
pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
K399QuOgTns=
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=ZampN6SvVkHTzb.mzC2DMAAA%262598
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
crum
dsum-sec.casalemedia.com/ Frame 7DFA
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=FaQkITiQ1RqB5b5
43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=FaQkITiQ1RqB5b5
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHAWlU%2Ba6gg4Vs1uzTZOHAdCWztPgHmJjwbRI3RqgxQpBdOJREsb%2BNlYS3jzCr2WUTTe5VzUMkrBtwl1973w5YbfKe%2FTpCV8bzPMeZRFhkBfNNLb%2BpqYZdfONHeyRKJ9vKZ8gL3oWzoSFA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
847a593e4cd26c25-DFW
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 18 Jan 2024 22:41:59 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0ae1277a8d4e1a5b2@us-east-1b@dxedge-app-us-east-1-prod-asg
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=FaQkITiQ1RqB5b5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
/
sync.ex.co/v1/setuid/ix/ Frame 7DFA 		86 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid/ix/?gdpr=0&gdpr_consent=&uid=ZampN6SvVkHTzb.mzC2DMAAA%262598
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fix%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D&s=190719&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
date
Thu, 18 Jan 2024 22:41:59 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png
v1
lb.eu-1-id5-sync.com/lb/ Frame 034B 		33 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.116 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533567.ip-162-19-138.eu
Software
/
Resource Hash
4c8299d96b9d3b00f11ecf0c978b313bb00244b24c928d8f7e01785dc9b4d465
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:41:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame 8F9E 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=18822873&p=158554&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2096c04c28dd9976399b7d18ae9cc35c5441f72a3cd0ff98ce80a97d0482046f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 18 Jan 2024 22:41:59 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame 87ED
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=878557539485
42 B
233 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=878557539485
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=878557539485
Pug
simage2.pubmatic.com/AdServer/ Frame 1F3A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019&gdpr=0&gdpr_consent=
42 B
209 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Thu, 18 Jan 2024 22:42:00 GMT
Expires
Thu, 18 Jan 2024 22:41:59 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1237 600843f master ord ord-pixel-x35 config_version:"410"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019&gdpr=0&gdpr_consent=
Pug
image2.pubmatic.com/AdServer/ Frame C7BA
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=53L4xdR7DOODFVT8OampZQ
42 B
229 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=53L4xdR7DOODFVT8OampZQ
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cache-control
no-store
content-length
153
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:42:01 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=53L4xdR7DOODFVT8OampZQ
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame AB48
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1705617720480
  • https://ad.turn.com/r/cs?pid=45&rndcb=6540955050
  • https://sync.1rx.io/usersync/turn/8939849423883451260?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
42 B
333 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-type
text/html
date
Thu, 18 Jan 2024 22:42:01 GMT
etag
RX4dc61e2cd27944cd8bd753abe8e271c9005
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
cm
ipac.ctnsnet.com/int/ Frame 16D4 		43 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
173.193.186.35.bc.googleusercontent.com
Software
Apache-Coyote/1.1 /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Thu, 18 Jan 2024 22:42:01 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="NOI DSP COR NID CUR OUR NOR"
pragma
no-cache
server
Apache-Coyote/1.1
via
1.1 google
pub
matching.truffle.bid/sync/ Frame 888E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.88.86.2 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.2.86.88.23.clients.your-server.de
Software
nginx/1.23.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Date
Thu, 18 Jan 2024 22:42:01 GMT
Server
nginx/1.23.1
Strict-Transport-Security
max-age=15768000
cookiesync
core.iprom.net/ Frame 5484 		43 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Thu, 18 Jan 2024 22:42:01 GMT
Vary
Accept-Encoding
X-adserver-worker
ragnarok-aec5d33c3eab@version_1.582
X-core-time
1ms
X-server-arch
v2
Pug
simage2.pubmatic.com/AdServer/ Frame 2B69
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7589041201645427175&uid=Q758904120164542...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7589041201645427175
42 B
95 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7589041201645427175
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
max-age=76432
Connection
keep-alive
Content-Length
154
Content-Type
text/html
Date
Thu, 18 Jan 2024 22:42:01 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7589041201645427175
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
Apache/2.4.6 (CentOS)
Vary
Accept-Encoding
X-Powered-By
PHP/7.3.33
Pug
simage2.pubmatic.com/AdServer/ Frame B946
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:3F754998CF3743FA8F63CF72A8B27320&gdpr=0&gdpr_consent=
1 B
53 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:3F754998CF3743FA8F63CF72A8B27320&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
142
content-type
text/html
date
Thu, 18 Jan 2024 22:42:00 GMT
expires
Wed, 17 Jan 2024 22:42:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:3F754998CF3743FA8F63CF72A8B27320&gdpr=0&gdpr_consent=
server
openresty
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
/
sync.ex.co/v1/setuid/pubmatic/ Frame 97C2 		0
522 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.ex.co/v1/setuid/pubmatic/?gdpr=0&gdpr_consent=&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
content-length
0
content-type
text/html
date
Thu, 18 Jan 2024 22:42:00 GMT
vary
Origin
insync
thrtle.com/ Frame 8F9E
Redirect Chain
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&vxii_pid=12&vxii_pid1=10067&vxii_rcid=0b3d3ec3-6de4-4497-a3ea-1d3ee0b76d68
43 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&vxii_pid=12&vxii_pid1=10067&vxii_rcid=0b3d3ec3-6de4-4497-a3ea-1d3ee0b76d68
Protocol
H2
Server
34.224.254.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-254-163.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p
CP="NOI OUR BUS UNI COM NAV"
date
Thu, 18 Jan 2024 22:42:00 GMT
content-length
43
content-type
image/gif

Redirect headers

location
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&vxii_pid=12&vxii_pid1=10067&vxii_rcid=0b3d3ec3-6de4-4497-a3ea-1d3ee0b76d68
date
Thu, 18 Jan 2024 22:42:00 GMT
content-type
text/html; charset=utf-8
content-length
211
p3p
CP="NOI OUR BUS UNI COM NAV"
sd
us-u.openx.net/w/1.0/ Frame 8F9E 		43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=540245193&val=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
Martin
crb.kargo.com/api/v1/dsync/ Frame 8F9E 		43 B
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crb.kargo.com/api/v1/dsync/Martin?exid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.90.34.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-34-250.compute-1.amazonaws.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:01 GMT
x-accel-expires
0
vary
Origin
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 UTC
sync
sync.bfmio.com/ Frame 8F9E 		0
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.bfmio.com/sync?pid=187&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.2.244.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-2-244-166.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Connection
keep-alive
Date
Thu, 18 Jan 2024 22:42:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1850987600149466198
42 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1850987600149466198
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:00 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1850987600149466198
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 8F9E
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d37748e-a3f3-4cfd-bc2b-b5b85ce47022&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d37748e-a3f3-4cfd-bc2b-b5b85ce47022&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Thu, 18 Jan 2024 22:42:02 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:3d37748e-a3f3-4cfd-bc2b-b5b85ce47022&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Thu, 18 Jan 2024 22:42:02 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
1235.json
id5-sync.com/g/v2/ Frame 034B 		663 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/1235.json
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/pb/2.4.0/expb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
4b91232ec72d916f36c0aa2861a3458d0361584ddd5022c2e90bda40aa10b401
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://freedomheadlines.com
date
Thu, 18 Jan 2024 22:42:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
p3p
CP="CAO PSA OUR"
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
usync.html
eus.rubiconproject.com/ Frame 2C78
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17136_2&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.106 -, , ASN (),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.ex.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 18 Jan 2024 22:42:02 GMT
ETag
"280524-119-60b38417c4040"
Last-Modified
Tue, 28 Nov 2023 15:41:45 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 18 Jan 2024 22:42:00 GMT
location
https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
server
AkamaiGHost
events
e.channelexco.com/ 		0
246 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://e.channelexco.com/events
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/player/ap/4.15.2-bb7ceca/player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.82.15.162 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://freedomheadlines.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 22:42:01 GMT
access-control-request-method
GET, POST
server
openresty
access-control-allow-methods
GET, POST
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
access-control-allow-credentials
true
access-control-allow-headers
*
SPug
simage4.pubmatic.com/AdServer/ Frame 8F9E 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158554&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158554&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fpubmatic%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 11:31:37 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
usync.js
eus.rubiconproject.com/ Frame 2C78 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.106 -, , ASN (),
Reverse DNS
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
bf897171eb2f7d845f83229e66e4a223713b9fc519cd54b4ee374aa5f7ce08b3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17136_2&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 22:42:02 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jan 2024 01:28:47 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10042
Connection
keep-alive
Content-Length
10964
Expires
Fri, 19 Jan 2024 01:29:24 GMT
/
sync.ex.co/v1/setuid/openx/ Frame A833
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=f0686912-7fb3-48f6-be19-4d168ad880c0&r=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fopenx%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D
  • https://sync.ex.co/v1/setuid/openx/?gdpr=0&gdpr_consent=&uid=001f97c9-3046-48f2-8afc-604f4a5663d1
86 B
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid/openx/?gdpr=0&gdpr_consent=&uid=001f97c9-3046-48f2-8afc-604f4a5663d1
Protocol
H2
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.ex.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
date
Thu, 18 Jan 2024 22:42:02 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png

Redirect headers

date
Thu, 18 Jan 2024 22:42:02 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://sync.ex.co/v1/setuid/openx/?gdpr=0&gdpr_consent=&uid=001f97c9-3046-48f2-8afc-604f4a5663d1
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
sync.ex.co/v1/setuid/unruly/ Frame A833
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Funruly%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%5BRX_UUID%5D
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7880916620
  • https://sync.1rx.io/usersync/tradedesk/0f1e84a8-ad36-4acf-8754-852e04c3fc7a
  • https://sync.targeting.unrulymedia.com/csync/RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005?redir=https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Funruly%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3DRX-4dc61e2c-d2...
  • https://sync.ex.co/v1/setuid/unruly/?gdpr=0&gdpr_consent=&uid=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
86 B
790 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid/unruly/?gdpr=0&gdpr_consent=&uid=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
Protocol
H2
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cdn.ex.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
date
Thu, 18 Jan 2024 22:42:03 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png

Redirect headers

location
https://sync.ex.co/v1/setuid/unruly/?gdpr=0&gdpr_consent=&uid=RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
date
Thu, 18 Jan 2024 22:42:02 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX4dc61e2cd27944cd8bd753abe8e271c9005
content-type
text/html
khaos.json
token.rubiconproject.com/ Frame 2C78 		0
0
setuid
sync.ex.co/v1/ Frame 9600
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3684&gdpr=0&gdpr_consent=
  • https://sync.ex.co/v1/setuid?bidder=freewheel&gdpr=0&gdpr_consent=&uid=275fc58f48298b1878e277fd4cab9678
86 B
869 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.ex.co/v1/setuid?bidder=freewheel&gdpr=0&gdpr_consent=&uid=275fc58f48298b1878e277fd4cab9678
Requested by
Host: cdn.ex.co
URL: https://cdn.ex.co/sync/0.0.1-7abf705/sync-2435d567.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.38.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-38-184.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cdn.ex.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
content-length
86
content-type
image/png
date
Thu, 18 Jan 2024 22:42:03 GMT
vary
Origin

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Date
Thu, 18 Jan 2024 22:42:03 GMT
Location
https://sync.ex.co/v1/setuid?bidder=freewheel&gdpr=0&gdpr_consent=&uid=275fc58f48298b1878e277fd4cab9678
Pragma
no-cache
Server
nginx
x-sticky-vk
1705617723144033-164
getuid
secure.adnxs.com/ Frame A833 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
users.api.jeeng.com
URL
https://users.api.jeeng.com/users/domains/mO6DXK83XA/sdk/
Domain
www.youtube.com
URL
https://www.youtube.com/embed/YARYJ8U1jio?feature=oembed
Domain
trends.revcontent.com
URL
https://trends.revcontent.com/sync?gdpr=0&gdpr_consent=undefined&us_privacy=1---
Domain
ad.mrtnsvr.com
URL
https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent=
Domain
a.tribalfusion.com
URL
https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Domain
csync.loopme.me
URL
https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
Domain
t.adx.opera.com
URL
https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
Domain
us01.z.antigena.com
URL
https://us01.z.antigena.com/l/FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3AWUAJgUx%206CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&rnd=RND
Domain
ups.analytics.yahoo.com
URL
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC&redir=true&gdpr=0&gdpr_consent=
Domain
sync.ipredictive.com
URL
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent=
Domain
pixel-sync.sitescout.com
URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Domain
rtb.adentifi.com
URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Domain
token.rubiconproject.com
URL
https://token.rubiconproject.com/khaos.json?us_privacy=1---
Domain
secure.adnxs.com
URL
https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.ex.co%2Fv1%2Fsetuid%2Fappnexus%2F%3Fgdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID

Verdicts & Comments Add Verdict or Comment

269 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| _wpemojiSettings undefined| $ function| jQuery object| googletag function| gtag object| dataLayer object| ldAdInit object| VUUKLE_CONFIG function| Swiper function| PhotoSwipe function| PhotoSwipeUI_Default string| fotoramaVersion object| ajax_var function| sticky_sidebar object| mejsL10n object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer object| _wpmejsSettings object| wp object| addComment object| twemoji function| w_event function| createElementFromHTML function| stripScripts function| generateID function| shouldExclude function| checkScriptHead function| observe_mutation function| getCpcPrediction string| metaName function| $lvpl function| vuukleLogin function| newVuukleWidgets object| webpackChunk function| addVuukleCookieConsentListener function| changeVuukleWidgetsTheme function| sendResponseGroupsToQuizzly number| VUUKLE_PLATFORM function| removeVuukleWidgets function| generateVuukleAds function| vuukleAuthUser object| _ldAdIdMap object| _ldStickyConfig object| ggeac object| google_tag_data object| google_js_reporting_queue object| vuukleAdConfiguration object| google_tag_manager object| _vuukleGeo string| GoogleAnalyticsObject function| ga boolean| _ldStickyRendered undefined| google_measure_js_timing object| google_reactive_ads_global_state object| gaGlobal function| vuukleLoader object| vuuklehbChunk object| vuuklehb object| vuukleConsole object| vuukleSlots boolean| _VuukleDebug object| vuuklePlayerComponent number| vuukleLoaded object| gaplugins object| gaData string| contentURL string| no_script_tag object| data function| getLoadVuukleSettings string| _vuukleIabtopic string| _vuukleArticleBrandSafe object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| MzI0YWQ4Nzc3YWIyYWE3NmxvYWRlcl9qcw== string| MzI0YWQ4Nzc3YWIyYWE3NmNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady function| __uspapi object| __uspapiManager boolean| __uspapiPostMessageReady object| __gppEventListeners function| __gpp object| __gppManager boolean| __gppPostMessageReady number| google_unique_id object| _vuukleConfig object| wpJsonRciWidget object| ua_result object| revcontent function| renderRCWidget object| pbjs object| regeneratorRuntime object| ox_esp object| _33across object| __uid2SecureSignalProvider object| __uid2 function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_oa object| sync16589_xa object| sync16589_ya function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_J function| sync16589_K function| sync16589_L function| sync16589_la function| sync16589_ma function| sync16589_na function| sync16589_M function| sync16589_N function| sync16589_pa function| sync16589_O function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_P function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_wa function| sync16589_Q function| sync16589_R function| sync16589_za function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_Aa function| sync16589_W function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Ea function| sync16589_Ba function| sync16589_1 function| sync16589_Da function| sync16589_Ca function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Ga function| sync16589_Ha function| sync16589_Ja function| sync16589_Fa function| sync16589_7 function| sync16589_Ia function| sync16589_La function| sync16589_Ka function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_Pa function| sync16589_$ function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa function| sync16589_Ta object| lotame_sync_16589 object| criteo_pubtag object| criteo_identitytag_148 object| Criteo object| Criteo_identitytag_148 function| __vuukleCb2ee33018 object| owpbjsChunk object| owpbjs object| PWT function| dspCriteoRTUSCallback function| dspCMCallback object| STREAM_CONFIGS string| STREAM_ID object| __EXCO string| __EXCO_INTEGRATION_TYPE object| wpJsonpExCoStreamSdk function| setImmediate function| clearImmediate string| pbPageIdentifier boolean| fdf2b556-bebe-49f0-beae-44f4b57527b5 number| google_srt object| _google_rum_ns_ object| wpJsonpExCoAdPlayer object| CEDATO_API object| CEDATO_TAG function| Hls object| ADAGIO object| invibes undefined| google_rum_values object| GoogleGcLKhOms object| google_image_requests

158 Cookies

Domain/Path Name / Value
freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway Name: exco-uid
Value: gsinboqy2os1q78r
i.liadm.com/s Name: _li_ss
Value: ChMKBgjdARCAFwoJCP____8HEIoX
.youtube.com/ Name: YSC
Value: e61ziDatXsA
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 813DIkP9UqM
freedomheadlines.com/ Name: uid-s
Value: 0e0a116-e9cc-466b-8470-efe40c2d6a8f
freedomheadlines.com/ Name: vuukle_geo_region
Value: {%22country_code%22:%22US%22%2C%22region%22:%22Texas%22%2C%22os%22:%22Windows%22%2C%22device%22:%22Desktop%22%2C%22browser%22:%22Chrome%22}
freedomheadlines.com/ Name: vsid
Value: 98c084d5-56c5-4a1c-bf26-904e16583390
.freedomheadlines.com/ Name: _ga_CP4TF595X7
Value: GS1.1.1705617714.1.0.1705617714.0.0.0
.freedomheadlines.com/ Name: _ga
Value: GA1.2.837548684.1705617714
.freedomheadlines.com/ Name: _gid
Value: GA1.2.1879440753.1705617715
.freedomheadlines.com/ Name: _gat_gtag_UA_32644619_11
Value: 1
.openx.net/ Name: i
Value: 931577e1-f6fb-4ea1-a3ee-6e4dc64013bb|1705617715
freedomheadlines.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 4b91299fda9ab2bfb3b26ece5d958b34
.freedomheadlines.com/ Name: _cc_id
Value: 4b91299fda9ab2bfb3b26ece5d958b34
.freedomheadlines.com/ Name: panoramaId_expiry
Value: 1706222515563
.freedomheadlines.com/ Name: panoramaId
Value: 981bad5d31ae0bc5b64eb45dade1185ca02cc29657e43d185d2c1f9086b0e0cc
.freedomheadlines.com/ Name: panoramaIdType
Value: panoDevice
.openx.net/ Name: pd
Value: v2|1705617715|vMgavPkWgy
.freedomheadlines.com/ Name: __gads
Value: ID=005cf8cd39d76ba4:T=1705617715:RT=1705617715:S=ALNI_MbU7rtTbYnHoJ5NupAs8k6NxA3Ubg
.freedomheadlines.com/ Name: __gpi
Value: UID=00000a0842b3bf97:T=1705617715:RT=1705617715:S=ALNI_MZi3mrGd3mpN8jQzyMn6QKtFqGM0w
.adsrvr.org/ Name: TDID
Value: 0f1e84a8-ad36-4acf-8754-852e04c3fc7a
.yahoo.com/ Name: A3
Value: d=AQABBDSpqWUCEL719TKz2PSkmtOv8FtmiB8FEgEBAQH6qmWzZQAAAAAA_eMAAA&S=AQAAAm8SOLUJdO_pQTe5YCpUuWs
.doubleclick.net/ Name: IDE
Value: AHWqTUlsZhqkOXOE_kNZhf5o-wCI4fKGvqNOyEYMWwhHIVuavzJwylM2bY7iuRo0Q3w
.amazon-adsystem.com/ Name: ad-id
Value: Aw6dpfoUFkcZu9hhR1xf01o
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.openx.net/ Name: univ_id
Value: 537072971|0f1e84a8-ad36-4acf-8754-852e04c3fc7a|1705617716148615
.freedomheadlines.com/ Name: FCNEC
Value: %5B%5B%22AKsRol8MVLpWthF4IZlEbwHAUKA-1mf_Et77CCZcc5h1Gl0hHCC2enhuPCT-PBk6yKj64e8JdasavNGb3qzK6Pj4Ex_M9Emd9p6tmfLu438qsLUMS-FLmQh0OnYozh7zyaLIIdlQX7VrNI-Da9wFsIE3mNlkpWIkfQ%3D%3D%22%5D%5D
.ex.co/ Name: exco-uid
Value: 2e3430392e303330
.smartadserver.com/ Name: TestIfCookie
Value: ok
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16999%3b%24o%3d11100
.smartadserver.com/ Name: pid
Value: 1806854147396276484
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1314513856%3B%24ql%3DUnknown%3B%24qt%3D152_0_0t%3B%24dma%3D508%3B%24qo%3D6&c=1&l&lo&lt=638412145171731530&o=1
.smartadserver.com/ Name: sasd
Value: %24qc%3D1314513856%3B%24ql%3DUnknown%3B%24qt%3D152_0_0t%3B%24dma%3D508%3B%24qo%3D6
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
.lijit.com/ Name: ljt_reader
Value: IA6RjLZH62qOOr39SEerjNv2
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZampNQAPg-i5dwBH
.tapad.com/ Name: TapAd_TS
Value: 1705617717484
.tapad.com/ Name: TapAd_DID
Value: 852891db-c997-4193-8176-cdd6376d8a0b
.deepintent.com/ Name: CDIUSER
Value: di_1f86fe5de3ee4ce486de1
.deepintent.com/ Name: CDIPARTNERS
Value: %7B%221%22%3A%2220240118%22%7D
.adnxs.com/ Name: uuid2
Value: 2246955529131902645
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSsrQ0NzY2MzKxMDW2NDO1NLEwFOIz1DVxz3E0TYxPKQ5MNgAAGGx1SiQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSsrQ0NzY2MzKxMDW2NDO1NLEwFOIz1DVxz3E0TYxPKQ5MNgAAGGx1SiQAAAA
.quantserve.com/ Name: mc
Value: 65a9a935-869a3-6350a-09595
.bidswitch.net/ Name: tuuid
Value: 0ecda7a8-55a0-4b14-affd-9a977bd5df6a
.bidswitch.net/ Name: c
Value: 1705617717
.bidswitch.net/ Name: tuuid_lu
Value: 1705617717
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-0f1e84a8-ad36-4acf-8754-852e04c3fc7a&KRTB&22918-0f1e84a8-ad36-4acf-8754-852e04c3fc7a&KRTB&22926-0f1e84a8-ad36-4acf-8754-852e04c3fc7a&KRTB&23031-0f1e84a8-ad36-4acf-8754-852e04c3fc7a
.adnxs.com/ Name: XANDR_PANID
Value: PmQNwsmkzP0ZIFnRsxF4dVIjZwr1SWHkZDYGq9I8_U0KEpZiYewY1-ctBPIts5KUKTnto85b-6OnCGEyJQBK25L6e0Rv0yEvrw7WrIBi9uA.
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-997336248539659481
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESECpKLamR0jcid5GxZdfYEHo&KRTB&23025-CAESECpKLamR0jcid5GxZdfYEHo&KRTB&23386-CAESECpKLamR0jcid5GxZdfYEHo
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-66561a8b-ca6b-5859-46eb-7d13207f99ed.CXq1%2Fg1ifo%2BSy%2BneqX%2BqOLndtx57qtLAz5TnZI%2FPtyY
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-66561a8b-ca6b-5859-46eb-7d13207f99ed.CXq1%2Fg1ifo%2BSy%2BneqX%2BqOLndtx57qtLAz5TnZI%2FPtyY
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AZlYai8prWFlG630TIH-Z7bm9GZk.Bs8EGe067XatGLIlRwNymuc%2Bm02BbKQEt%2BM3ua3UFhY
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AZlYai8prWFlG630TIH-Z7bm9GZk.Bs8EGe067XatGLIlRwNymuc%2Bm02BbKQEt%2BM3ua3UFhY
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIEXWECCxGiDxBvIsPPyBKNSBFiYd5Mq9PFZiv9MkTRVMEHwYBCC10qatBjABOgQ7vvenQgThiEo4.gOw1I9KmTPEcXH69whCkjvpX8McugXsl7ZiWlsqcGS8
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIEXWECCxGiDxBvIsPPyBKNSBFiYd5Mq9PFZiv9MkTRVMEHwYBCC10qatBjABOgQ7vvenQgThiEo4.gOw1I9KmTPEcXH69whCkjvpX8McugXsl7ZiWlsqcGS8
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR&KRTB&19420-4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR&KRTB&22979-4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR&KRTB&23462-4bnB07a1k9_6tJbTtr-N3OS5kIv6vJnf7rkAY6MR
.w55c.net/ Name: wfivefivec
Value: FaQkITiQ1RqB5b5
.bidr.io/ Name: bito
Value: AAAuyU7LU1IAABOR4M71kg
.bidr.io/ Name: bitoIsSecure
Value: ok
.adgrx.com/ Name: ADGRX_UID
Value: c95b564a-b652-11ee-b03b-f81da172816e
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-2246955529131902645&KRTB&23339-2246955529131902645
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-ZlYai8prWFlG630TIH-Z7bm9GZk&KRTB&23334-ZlYai8prWFlG630TIH-Z7bm9GZk&KRTB&23417-ZlYai8prWFlG630TIH-Z7bm9GZk&KRTB&23426-ZlYai8prWFlG630TIH-Z7bm9GZk
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!454
.w55c.net/ Name: matchpubmatic
Value: 5
.3lift.com/ Name: tluid
Value: 4221016891384414336901
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:FaQkITiQ1RqB5b5&KRTB&23421-uid:FaQkITiQ1RqB5b5
.criteo.com/ Name: uid
Value: 965ae27b-298b-41c8-9bb5-1386f964b712
.quantserve.com/ Name: d
Value: EJ8BEgH3KvijCP_8EA
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-c95b564a-b652-11ee-b03b-f81da172816e&KRTB&23275-c95b564a-b652-11ee-b03b-f81da172816e
.creative-serving.com/ Name: tuuid
Value: 2ca39820-f504-4b9e-953f-6109e8cc0014
.creative-serving.com/ Name: c
Value: 1705617718
.creative-serving.com/ Name: tuuid_lu
Value: 1705617718
.contextweb.com/ Name: V
Value: U2jzxMI8Fyqu
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1p75|7dN.0.AAAuyU7LU1IAABOR4M71kg
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 134e7ff2e99498c0
.mxptint.net/ Name: mxpim
Value: R33645_10F80E176_8005853E.1.000000000000000065A9A936
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R33645_10F80E176_8005853E&KRTB&23092-R33645_10F80E176_8005853E
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-0ecda7a8-55a0-4b14-affd-9a977bd5df6a
.audrte.com/ Name: arcki2
Value: ib2rx60uSTBSnOgcIJ0iv-pZQ!20220908!1705617718360!ip#185.189.25.153
.creativecdn.com/ Name: u
Value: OAsW3NR2fWymd0uy4Sxe
.creativecdn.com/ Name: g
Value: OAsW3NR2fWymd0uy4Sxe_1705617718533
.creativecdn.com/ Name: ts
Value: 1705617718
.audrte.com/ Name: arcki2_ddp2
Value: ib2rx60uSTBSnOgcIJ0iv-pZQ!20220908!1705617718615
.pubmatic.com/ Name: KRTBCOOKIE_632
Value: 23041-0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&KRTB&23047-0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&KRTB&23234-0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU&KRTB&23361-0rOKkf8zewbIWMaHGsonfG7zc7atdsJtJaKFZxBo4JU
.dotomi.com/ Name: DotomiTest
Value: 725f098eb4b04a2
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-53599fab-154f-443b-ab92-320a9156b7cc&KRTB&23340-53599fab-154f-443b-ab92-320a9156b7cc&KRTB&23498-53599fab-154f-443b-ab92-320a9156b7cc
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAACHL_Tl-PvxgMDCItTAAAAAAA&KRTB&22713-AAACHL_Tl-PvxgMDCItTAAAAAAA&KRTB&22715-AAACHL_Tl-PvxgMDCItTAAAAAAA&KRTB&23519-AAACHL_Tl-PvxgMDCItTAAAAAAA
.adform.net/ Name: uid
Value: 1850987600149466198
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 94b88049-0bc6-42cb-85ef-2dcc9b53acc7
beacon.lynx.cognitivlabs.com/ Name: ss
Value: %2BBeO4XFQ9a5g4woiCH%2BYTHDWbSroAuAE2KGBvfaPmydxPFro908EmztNkXZNUaW1DmwGsTpfetawFMKGLCPPIA%3D%3D
.audrte.com/ Name: arcki2_adform
Value: 1850987600149466198!20220908!1705617719103
.smartadserver.com/ Name: csync
Value: 31:0ecda7a8-55a0-4b14-affd-9a977bd5df6a|141:ib2rx60uSTBSnOgcIJ0iv-pZQ
.audrte.com/ Name: arcki2_smart
Value: 1806854147396276484!20220908!1705617719347
.pubmatic.com/ Name: SPugT
Value: 1705617718
.technoratimedia.com/ Name: tads_uidp_73
Value: AAAuyU7LU1IAABOR4M71kg
.technoratimedia.com/ Name: tads_uid
Value: 1B7FE8AF12AF48F7809D41D081310265
.technoratimedia.com/ Name: tads_uid_cd
Value: 20240118224159+0000
.technoratimedia.com/ Name: tads_zora
Value: 2
.casalemedia.com/ Name: CMPS
Value: 2598
freedomheadlines.com/ Name: _lr_retry_request
Value: true
freedomheadlines.com/ Name: _lr_env_src_ats
Value: false
.casalemedia.com/ Name: CMID
Value: ZampN6SvVkHTzb.mzC2DMAAA
.casalemedia.com/ Name: CMPRO
Value: 2598
freedomheadlines.com/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%220f1e84a8-ad36-4acf-8754-852e04c3fc7a%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222023-12-18T22%3A41%3A59%22%7D
freedomheadlines.com/ Name: pbjs-unifiedid_cst
Value: TyylLI8srA%3D%3D
.technoratimedia.com/ Name: tads_uidp_82
Value: ZampN43nfS6Klc-x.-wgKQAA&2473
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwii7OXalqDMPBAFEhQKBXRhcGFkEgsI1Pic3ZagzDwQBRIVCgZjYXNhbGUSCwiijLXzlqDMPBAFGAEgAigCMgsI7O6fiq2gzDwQBTgBWgV0YXBhZGAC
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_9vEyGtobmBqZmhubmhuamr0C4lvaWluAAAu4A4VIAAAAA
.w55c.net/ Name: matchcasale
Value: 5
.casalemedia.com/ Name: receive-cookie-deprecation
Value: 1
.33across.com/ Name: check
Value: true
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAAuyU7LU1IAABOR4M71kg
.ads.pubmatic.com/ Name: KCCH
Value: YES
.yieldmo.com/ Name: yieldmo_id
Value: VE7xeeekkxedxySmXEIy%7C1705536000000%7C0
.liadm.com/ Name: lidid
Value: 5e690679-251e-4353-8f57-5460d67ffb1d
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.pubmatic.com/ Name: pi
Value: 158554:4
.pubmatic.com/ Name: DPSync3
Value: 1706745600%3A201_262_261_260_259_263%7C1705622400%3A248%7C1706140800%3A265
.pubmatic.com/ Name: SyncRTB3
Value: 1706745600%3A220_104_5_71_240_48_214_178_96_21_233_250_249_13_165_46_8_56_238_234_3_99_243_266_7_81_166_22_231_176_264_54_55%7C1706400000%3A63%7C1710720000%3A69%7C1706140800%3A38_223_15_2%7C1708128000%3A224%7C1706832000%3A35
.ads.stickyadstv.com/ Name: UID
Value: 275fc58f48298b1878e277fd4cab9678
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZampN6SvVkHTzb-mzC2DMAAACiYAAAAB
.demdex.net/ Name: demdex
Value: 48096277166791893760697941682064961591
.smartadserver.com/ Name: vs
Value: 218209=5810321&342899=5810322
.ex.co/ Name: exco-uids
Value: {"ix":{"UID":"ZampN6SvVkHTzb.mzC2DMAAA\u00262598","Expire":"2024-01-25T22:41:59.972025978Z"},"pubmatic":{"UID":"6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC","Expire":"2024-01-25T22:42:00.325610599Z"},"smartadserver":{"UID":"1806854147396276484","Expire":"2024-01-25T22:41:57.82330546Z"},"sovrn":{"UID":"IA6RjLZH62qOOr39SEerjNv2","Expire":"2024-01-25T22:41:57.469627318Z"}}
.dpm.demdex.net/ Name: dpm
Value: 48096277166791893760697941682064961591
.acuityplatform.com/ Name: auid
Value: 878557539485
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBRkdXUCOumGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUZHV1Ajro90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.simpli.fi/ Name: suid
Value: FB40634400C047BB9055353B18FFBA2E
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-878557539485&KRTB&23428-878557539485
.owneriq.net/ Name: p2
Value: pmc
.owneriq.net/ Name: si
Value: Q7589041201645427175P
.owneriq.net/ Name: pmc
Value: 1
.bfmio.com/ Name: __187_cid
Value: 6CC0BC5A-EE49-42F5-8C44-7D3E3E5569BC
.bfmio.com/ Name: __io_cid
Value: e2463f10e84b5df0a6fde85b392e7b4b4c69b533
.thrtle.com/ Name: mc
Value: eyJpZCI6IjBiM2QzZWMzLTZkZTQtNDQ5Ny1hM2VhLTFkM2VlMGI3NmQ2OCIsImwiOjE3MDU2MTc3MjA1NDUsInQiOjF9
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:FB40634400C047BB9055353B18FFBA2E&KRTB&23486-uid:FB40634400C047BB9055353B18FFBA2E&KRTB&23489-uid:FB40634400C047BB9055353B18FFBA2E&KRTB&23539-uid:FB40634400C047BB9055353B18FFBA2E
.mathtag.com/ Name: uuid
Value: a82a65a9-a939-4a00-98e0-4dc8d2f55019
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-1850987600149466198&KRTB&23263-1850987600149466198&KRTB&23481-1850987600149466198
.turn.com/ Name: uid
Value: 9011907017921379196
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:a82a65a9-a939-4a00-98e0-4dc8d2f55019
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005%22%2C%22nxtrdr%22%3Afalse%7D
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-9011907017921379196&KRTB&23150-9011907017921379196&KRTB&23527-9011907017921379196
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005%22%7D
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005&KRTB&17107-RX-4dc61e2c-d279-44cd-8bd7-53abe8e271c9-005
.id5-sync.com/ Name: 3pi
Value:
.id5-sync.com/ Name: id5
Value: 8eff0e2b-8ca3-7035-aedb-850c59396960#1705617721153#1
.ctnsnet.com/ Name: cid_873b5ff9ff9549eabfea40898acd06e9
Value: 1
.kargo.com/ Name: ktcid
Value: 112f1f7a-1aff-0dc1-5b61-6fa084c6efe1
.c.appier.net/ Name: _auid
Value: 53L4xdR7DOODFVT8OampZQ
.pubmatic.com/ Name: KRTBCOOKIE_904
Value: 23554-53L4xdR7DOODFVT8OampZQ&KRTB&23557-53L4xdR7DOODFVT8OampZQ
.pubmatic.com/ Name: PugT
Value: 1705617720

2 Console Messages

Source Level URL
Text
other warning URL: https://freedomheadlines.com/freedom-wire/joran-van-der-sloot-has-finally-confessed-to-killing-natalee-holloway/?utm_medium=email&utm_source=sparkpost&utm_campaign=regular(Line 350)
Message:
Unrecognized feature: 'web-share'.
network error URL: https://users.api.jeeng.com/users/domains/mO6DXK83XA/sdk/
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

73b190e1d2c24c05bb2346bbe692900c.safeframe.googlesyndication.com
a.audrte.com
a.tribalfusion.com
ad.mrtnsvr.com
ad.turn.com
ads.creative-serving.com
ads.pubmatic.com
ads.stickyadstv.com
ads.yieldmo.com
ap.lijit.com
api.rlcdn.com
api.vuukle.com
api.whizzco.com
assets.revcontent.com
bcp.crwdcntrl.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
c1.adform.net
cdn-ima.33across.com
cdn.ex.co
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn.vuukle.com
cdn.whizzco.com
cdn1.lockerdomecdn.com
cdn2.decide.dev
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
collector.ex.co
core.iprom.net
crb.kargo.com
creativecdn.com
creatives.sascdn.com
csi.gstatic.com
csync.loopme.me
decide.dev
dis.criteo.com
dmp.adform.net
dpm.demdex.net
dsum-sec.casalemedia.com
e.channelexco.com
eb2.3lift.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freedomheadlines.com
fundingchoicesmessages.google.com
gocm.c.appier.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
gpv.ex.co
htlb.casalemedia.com
i.liadm.com
i.ytimg.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
image.vuukle.com
image2.pubmatic.com
image6.pubmatic.com
images.revcontent.com
img.revcontent.com
invstatic101.creativecdn.com
ipac.ctnsnet.com
lb.eu-1-id5-sync.com
lexicon.33across.com
mailz.leafybranch.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
matching.truffle.bid
mcd.ex.co
oa.openxcdn.net
oajs.openx.net
p.channelexco.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.tapad.com
player.ex.co
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
prebid.media.net
prg.smartadserver.com
publish.vuukle.com
pubmatic-match.dotomi.com
px.owneriq.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.ex.co
s-02.channelexco.com
s.amazon-adsystem.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync-global.smartadserver.com
ssum-sec.casalemedia.com
static.criteo.net
static.doubleclick.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.bfmio.com
sync.ex.co
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.adx.opera.com
tags.crwdcntrl.net
thrtle.com
token.rubiconproject.com
tpc.googlesyndication.com
trends.revcontent.com
u.openx.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
us01.z.antigena.com
users.api.jeeng.com
vuukle.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
www9.smartadserver.com
x.bidswitch.net
yeet.revcontent.com
yt3.ggpht.com
a.tribalfusion.com
ad.mrtnsvr.com
csync.loopme.me
pixel-sync.sitescout.com
rtb.adentifi.com
secure.adnxs.com
sync.ipredictive.com
t.adx.opera.com
token.rubiconproject.com
trends.revcontent.com
ups.analytics.yahoo.com
us01.z.antigena.com
users.api.jeeng.com
www.youtube.com
104.18.36.155
104.21.34.120
104.22.52.86
104.22.60.168
104.66.251.81
108.138.128.34
13.225.63.4
13.226.34.98
13.35.93.14
141.95.98.65
142.250.64.98
142.250.65.214
142.250.65.225
142.250.72.104
142.250.72.98
142.250.80.46
142.250.80.98
142.251.163.155
142.251.32.100
142.251.32.97
142.251.35.162
142.251.40.142
142.251.40.163
142.251.40.234
142.251.41.6
147.135.119.115
151.101.129.229
151.101.130.132
151.101.194.49
162.19.138.116
162.210.193.205
162.248.18.37
172.104.64.149
172.64.152.89
172.64.206.35
172.64.207.35
172.67.22.149
18.164.111.190
18.173.132.31
18.238.55.39
185.167.164.39
185.184.8.90
192.184.68.134
193.122.128.135
195.5.165.20
198.148.27.131
199.38.167.130
216.200.232.249
216.239.32.178
216.239.32.3
23.1.200.83
23.105.12.172
23.41.168.202
23.44.201.212
23.48.224.80
23.56.163.106
23.82.15.162
23.83.76.100
23.88.86.2
3.224.101.115
3.233.89.241
34.102.146.192
34.111.113.62
34.120.107.143
34.120.155.137
34.120.63.153
34.149.139.129
34.150.170.96
34.192.38.184
34.197.104.11
34.206.180.7
34.224.254.163
34.231.250.139
34.96.70.87
35.186.193.173
35.211.178.172
35.244.159.8
35.244.193.51
38.91.45.7
38.98.69.175
44.213.227.236
44.218.163.194
44.224.76.14
45.79.14.235
50.116.194.21
50.16.140.64
52.2.244.166
52.201.104.25
52.204.251.132
52.223.22.214
52.223.40.198
52.44.241.230
52.46.128.147
52.5.107.34
54.157.227.4
54.175.110.69
54.209.243.229
54.74.215.17
54.90.34.250
63.251.28.233
63.251.86.51
64.227.64.62
68.67.178.10
69.194.240.13
69.90.254.78
72.251.229.176
74.119.119.131
74.119.119.150
8.18.45.105
8.28.7.81
8.28.7.84
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02a5e1455a782d51e1956f435ac8f871ae1ca9a966f7157bbc89119b2badcd45
04f2f8d661ea280ea4615e35b5b8f387af59bbb9d13d31071297d3223eb78ef8
051ff2c7a80f592f34663d11c60865179351ba8df11772a44c2822bb7f60a1f8
06ebe1954427c09d4400e7e77e9c651b2eb3953e798ba97971d536f4bb398c89
0b082ede4d105526180b502ff5c84fba34bdb9217e70ae611d25f8d4410a5877
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e7b2d2de7e5c12e8d9337a1cf61ccb53a434bac2b474d0b858e1456b6a4ef86
0ecfe90cab25a6efa259c5dd747ac3cb2547f6e94cdfcb47dc51b94dec5b2889
1042d1b60174a99afa3cbafdeec59701e6930ee129d5a837b7001538df09414d
1166b6abcc8fdfbfb231e37cad341e1ef566083374f0bf4018e143694fd795cb
14b57337b1e5726f57241ce5552c41ae99db90e7037e0d8e9afab69681cd9f2e
14d90feab5eabf643296bd61103dfed004a3c3dbbfd362826153123eb560df4b
14fc8927fb0cd2dc795fcd8b74b3fae018e3a56765a9acfb928032415cb2c2f3
1515b988fb1fab95f3ba07b215b8fc214e6834106caf76452ad83045ddc73d5e
180220e5b01f290e31e00bde65adcf5961c14b16c1e67ce7de09f2a0fc5f819c
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a8ee54f97cc61ebbec9b6ce400c7d755677a01dcdf8c17fc2a739835265326b
1b051025107bd8dd0fe85bb8d27fbb6c12a5649a0ca7266a0db85ddb32885674
1b2092c98fc8132c1a9618b3e3e4cfd587e45789b4cf01c2c16b3a6fcf593089
1fd8cd5e62cb436fafbaf01a449d1b5ba096b076e2e62b97414913f75c49e3a8
204e7f617860ea26e8c11b387721b4e4f03f30dbf4ad7ca50267aed046b18866
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
2096c04c28dd9976399b7d18ae9cc35c5441f72a3cd0ff98ce80a97d0482046f
20be76da594eb57fc3e1df6da75b13f951baef9c62bf03fe5c359958005c9560
20f279f4c90be846c4e1b445b2310ccc90648c0b9d57f2210a32acbdd9a2bbdc
22cd820b748bdabf96448ca563642ddc782ba91756d5428113a23392839752ef
253ce4a3cb84db5cb5505c8843c26aebe9d5e4c1bfbd36496e75c5f1964295b2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28878eb7074078b62facd8b811b866277738a3a95d5d326f71e7415eeed6c5b5
29680f3d12b0484955ab9425f0b978ec61f9a64fbbdbc756ca7e45b4681ca642
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bcf7c31dad5a7352c5b9750d4e991939473441aef5d9ea22c036a47df0e1dca
2be8ff376b20c71bb0d5d3ec9e6b4fe36ad9684651fb6d353d703cf7840db992
2c7d0abe2006e90cdd4bae22fe4577d6b51b047a15402d809da45ea6fd9942a4
2dc141d13c1e52e5b36981f6bad02945d4cd497022a210548b912ce92ce69916
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2f6bea46c546f8965429c8793da815b8aa488ea358656607513811e6220f4583
2fd5d0a1742dcc77b965ec5031ee5bc206f158c48e75afa1386c8007565ecc02
338aea7bea95f307a94c4158b365a3f46144a02c4ab5126b91b4d9c8329ad9d9
339b41625108f486487a4fa13a28ae08ae3c4b5fd19b14cdc66bcfd7f64b649e
347bef3a408caea133a2cab4a74f8837bad5f8a69d89599a270b28815b5627d0
363a2228f397c87b3aeb0e7fc9926e5438c3de511242c5849d0da3d2c76037fd
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
38387426c03ec7217e618384d562b856ddc86b2bf1385f9d6aef6eee96b38e50
3bfbec8a4a65c6b11fe48b208e234a867f9bf7c355d482f7d30c004f736d2ddb
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3cd72707a6eb0ba2f481bf98476ada929d93c3cc1ccf2fa702f4e237ddbea113
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
3dd103ba888c627706f31656287652d5fceb9ef7a7099eec5a07aac2f7d397dd
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fa2744da5c3369511fa06da73cd7eae7420bc0b9e4a131ae1d6a6294245a159
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40b56b106e3ca36cd66a7fd7558f9ebfb83b6368cc296a57505becdc2a8cc940
41d511bcd8511da9cb1f673d030c44fbadb09271c96e4fbb40bfa306572dcca3
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d
43cc7d61fc61850687d21c7ade6f23c51f6798d21882a1821151a6d2accf417f
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
463c0d07fa326559d1eb549d5d6169a020791e5f20e7488be3556b093c5e9963
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47b726fd18aa3355c7f0277952419c5e1b33d3347ee2e4eff5e9b9be73040549
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48fe012e18f060c43ea6a92d8a17992cd0d091f8b0879480c825d039c02e1456
4b91232ec72d916f36c0aa2861a3458d0361584ddd5022c2e90bda40aa10b401
4c8299d96b9d3b00f11ecf0c978b313bb00244b24c928d8f7e01785dc9b4d465
4d8562efd8364015edd8080e72d8bd98f0a92019058f15df14e03f9951e01876
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5052032099c114913bb64896052604428eedcf584f7d6bd677cd27436dcd7795
5241f0728079864ee5553634ca3a7b18fdd2cffb9bbdf1697ad083d04e31fb48
53317bcb3fd7bc9d1d832cc881eaad61de20861386cb89117555c288d8d155be
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
555ae5a3cfb7774498b8139e9df89a67012a2be3a4fc006f6b5344c40cb1ea48
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5640ec4d504112656d62cc972bb647b1d9b54a23d0d99f0c15d4ffece44b9f7c
565fc1fc4a3adb7bcc85e65403a43d7cf4b781eb7ff9b666b35c8a2669c646dd
571b06d1913de139d860b755ded1b677f7bae6a45ddd2c30393fadc8e8720279
5754942a6afdf33b9acf468813221d553799441d56aa660913667492c58f0ebb
57c388e1f280c17152d9d721e92b4cd26021a6b748522def46e9bf1e649d9581
57fb05bfeedfe63b705167cf837b458e0ab58c2c29c4a973903f293b39d90df4
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
61773d9a3aa1ba14b2f4ea9a8118c619c460c5acbc8770405530cc5ce31ed7e4
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66ea107d118b1b3df1a171897b0856a9dc8095854221a9345e360588063b4560
67affdfdc0a39ce3dd1a0ca05ff36a1644c03c314f69c5fbfe38baacb82a9fcc
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6ae9f922e527414cba298757a844d652517d38448217ba3c9f48b64d5c441be3
6b30722487e92833baf8f01d6b2d2fed4e459d7cd42dc81ac1a80d8d08b9450e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bd4af85780fa5fabb7b54a54d919b7aa881203b2dc7eaf421ec627b67cd76fb
6c11304601c5bd5f6485384584517afd63d643d6cdb5036a926c78a8d2deec31
6e439f4364dd180567c3cecd035b4910b8ed12c462a13c8c325fa45449f8d5d1
6f49aa5d321aeddbed517c309b906cf25f85808311c04a2786ef9b2a8d04390e
7000aefc850f656c476c83d3c83adae38e1d8114e1e65c991d41c7eec7cb3372
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
755eae1acb974fbb030fa699b6ad79fb46a89571cc1906a513e9061bf4f0b92f
76bbe117102ce802cd20b57f9722133d7924bb3395bfe201f8f0b515a81c46dc
781702c1783e6e4274fe36a5d88989019e9737fa6893cf57ffeb99f42ab34086
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d97e296a99b99180897bbf9760f13f1946dcfe526c02cd57593ce6c8906ebe2
7ed5b6eba825051575d9f77fcd91e16392253f7c632a92c78da67c83c1e9e838
7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee
805b509e1c968f54f8aa72197e8ac4505a2b482179e18694ba4531484b884b61
807f83c9ee9e5bb9f66254462ea1f6ecdb423d85851e8a1f3904f6e6155950cf
81ae95bc2154d20fe364863204defe3e2fb799adcce6c69ebb054962c8462fe0
82456a999e1a765cd03fac635e93544b0eded4a493db45cd8c7173c8d8ffb245
850f74b71aecf690004e531fd82e551493ba9ed765f83c5eaf9eba665f929e5b
8730aafbdb6d03c6d4a37f76ebf8d504d5706fbae56686399a4b198981a0b6be
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8bf2c5d28ba5403debe4799fb6519d1541ce1f17e900acf33557b56f766f2a8a
8da847aa621361c3472c2283b8702e5d25119305aa98931fd18dc43831daaef3
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f
90de9677946cdd4a4ebe716bb66bc32334d831cccdbcc08cdb1f45c6ccd740f0
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5
97fb107f26dfa81080591d1afd85f1f5a9b681a91b98f22e65ad6b2111766fbe
9855eb13fad5305d9af9ffef201f3342cfff67a343b5f5365d2c93b051fdd8cf
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e1bec93b1cd6c4565d9a6df68892a7e77e26899952c274fd37683ca1e30a1fd
9e2a5b98c331b38a3a216b1e5a3748adb293a40a4abe48eb57514b5dcaaf2e6a
9e812589bf04240fb7e6e2695ed1c3213154e5a4ec5a9ce96e9d399643a1ed5f
a003085f09e6d62f80750649e6343aafeb3ceaca5637bc123be5df468b6d9683
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1c7910e18cb0252957c7e629b54d6fd7a90f7de6b3ac599ba4f1f8331313e92
a2e99d9f642cf26e56bad3ff3705fd8ab8ea028ffa302405d1642bb7456d796a
a440db4a7ca252d08987e6cfd770e55127e13080c9bc856147ee03bfb250845a
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a56f5f7194ef81e280190cdf70a6d1289942afaf52231e7900474b312f5c48cf
a5bcc092fab290ba62aa4f82c83a5ef25e53ce360882af83944cf06358a99c6c
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
b01b5edc12693727ddd2bb5706ec199da3555540edb3623479b87948c46215bf
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3fc66f8e3c510bebdb3b75d0ada46f0100cb6c75bd35d84940711ee397fbc25
b4a9ed30e869b6036d41fc1964115318ba148557ea9fc485c1d94b7ffc5a72e9
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373
b814c8ae9e7f69027025f94e86c5cb363fcad9e3aa8037264756ebb6ea9b2dcc
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbbc1d6d55e90d54956dd8aa41d8edfb36f72f11125b04cdba0efad8fd875ce7
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdf47e9be1ad651fcad55288d534fbeeba846ce487322a2b8f1f7e0f6dfaab12
bf897171eb2f7d845f83229e66e4a223713b9fc519cd54b4ee374aa5f7ce08b3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c254f18a6b35e9d5707cb7e64ae9ecc7da944a5e0b7cbc954dd455f11489c168
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c66788062e6b8840eac1f62d4afca5489208790f38f113899dc758a389344728
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255
c75b26487e9486c3c2dc651a007d81b38e8d0387ff997b7137a97e7e4d8ee709
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724
c8c9a974575269cafe00639d9210903c393c2da3866c96e7e25ad1cb2d450358
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb2dcf4e9e693d9f8cb33e3fa19afe06eb05ba50e70c4162fd209208fb3b79bf
cba9791585bac9949505c3caafb5fbc19a20868a370ebc3189ebc6294e88fb8b
cd4ebc8c4a299dd4095709026fb23d4ee23de8d1648e2b2e0d0a2f4386ab28d4
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
cebe87559cf861d01e9c6b1cefd38ab1db9e13c8fe316b85a296b6cf220f883e
d47d8023fc6a7ad0bd469632de7b89b993aff76636d3f8730c348a93070311bd
d64da3deeffbcb956f3942f2ba471dd97af4d1e1fdca63af9fdd9e4581958722
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
da62720b7c3e8d6eef182fb69b2002926da8512532e6de9a1de0396a71a02413
dc1cd94515c5f604d88a866461e199bbee75210441dae76316c74cf7dc34e200
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de71777d23d01797b62f19653d92667dcb2bb416c303e28bf18b77bb07250f0e
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df0d225f794cf05b6a73c8444d990d9c94843d7fedf9315852616e06c3fbe853
e048c40d8f9514215463c38eab9f4dcabba00d3fff7e0e40e01a465cf11a53a5
e14d84b66514f3e387ba804d7249faf212b3d676cf6d595f99300a635515e1ba
e1bcf2aae786aa72292ec28f330390b1e324f4c273f9ca993150b5163620d862
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f4f96e32a749a3c07b566aceb9b84a8445c71ca9713a4bfce9b7d28731fc33
e65fd353f9c30580c6ff1cd9041a09104229d819fda6937e8dc6b6c43111aaac
e72d0734bc15008c6d89a4087da5ebcc55a739654f70ef857645a4f000304ff7
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
ec4b9eafb0647fb378c36a118ee0265ca915d9186968c6221e7d515e6b513515
ed01ba1fa7ade62e77ee0032423f982b85c5707b040d71188ed88e716fd8cbd0
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5110fbb2c72acc0c8c1bc500b13b31d528da8a523ce5e6a6ee308ade156f13
f0e6c99cc3fe333dfe465a34c1526b2b72dac4016783c14d034c1252ca257aa1
f164b39a16618e24f0fd121a274768bc24760f8778d4a3b5457a5e03ddd0c53f
f3971f682e1cdd324bc639f47ea2efc1e4cd4188f55efe418e3ccfceec44dbf3
f48bbdaebf4cd06636120162cde7b0394650efbd4b8b44621ad604a8797b5c9e
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f670413d2ae1a2ae6adb0f76cf9a23e52e96324d60f3c10658a9bfe558a6513d
f673a8adc98789a6eca1dd65c67fb782787f2571ba2730bb8c5f69bea7b5bc0f
f6f14681142e16db6027f013840dc46f68cce2f3c5ccf8814d2361d06b5127d8
f96efa3bffc086940d1a9675afe64d0e6544d8b82fdfa6a4c8e7cd3c7793a382
fb0fa587fd1e8cf52e1e067a947e07f295672e789627e5ea7a585ab152ef92bf
fc7c97e7979cbc532c30e18aa190bf91e74584ccbd80a9a2e090efd23e9df02d
fd18cb9a4cbfd06f96f96d89fc8079c87141abdc150a9ee6848e7a80383bcd1e
fde85a2bab49992e33850ddc8958074b9d1ae8a9d4388a2ec073eb27747589b3
fe059ec25f9d80744f7e33d432cb54d5e7642642cec0489d2cac9aaf744798c0
fe1c73472d14ad0fc168adc0de2e8dc8f4cb9a4b8f6a8f4e9a814a5d27abdb57