secure.winred.com Open in urlscan Pro
2606:4700::6813:d359 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nolib.us/2rwn8q
Effective URL:
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-...
Submission: On March 09 via api (March 9th 2024, 10:15:08 pm UTC) from US — Scanned from US

Summary HTTP 167 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 30 IPs in 3 countries across 22 domains to perform 167 HTTP transactions. The main IP is 2606:4700::6813:d359, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 78857.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2024. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	75.2.108.118 75.2.108.118	16509 (AMAZON-02) (AMAZON-02)
1 14	2606:4700::68... 2606:4700::6813:d359	13335 (CLOUDFLAR...) (CLOUDFLARENET)
48	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:247... 2600:9000:247b:9200:0:7d26:ee00:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2607:f8b0:400... 2607:f8b0:4006:80d::2001	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4004:c1d::5c	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	38.70.189.72 38.70.189.72	399647 (RUMBLE) (RUMBLE)
2	198.202.176.201 198.202.176.201	16509 (AMAZON-02) (AMAZON-02)
19	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:fa45	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4004:c06::9d	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1 2	142.250.80.102 142.250.80.102	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81d::2004	15169 (GOOGLE) (GOOGLE)
3	34.212.84.166 34.212.84.166	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
4	104.19.219.90 104.19.219.90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
2	104.19.218.90 104.19.218.90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
167	30

2 75.2.108.118 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ab309889489bfc98b.awsglobalaccelerator.com

nolib.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6813:d359 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.revv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.stripecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:247b:9200:0:7d26:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:80d::2001 (United States)

ASN15169 (GOOGLE, US)

lh7-us.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::5c (Washington, United States)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:820::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.70.189.72 (Toronto, Canada)

ASN399647 (RUMBLE, CA)

a.ads.rmbl.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.202.176.201 (United States)

ASN16509 (AMAZON-02, US)

merchant-ui-api.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

r.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:fa45 (United States)

ASN13335 (CLOUDFLARENET, US)

gtm.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c06::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.102 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f6.1e100.net

9381094.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81d::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.212.84.166 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-84-166.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:806::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.219.90 (None, )

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.218.90 (None, )

ASN13335 (CLOUDFLARENET, US)

newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	stripe.com js.stripe.com — Cisco Umbrella Rank: 1155 merchant-ui-api.stripe.com — Cisco Umbrella Rank: 5082 r.stripe.com — Cisco Umbrella Rank: 2301 m.stripe.com — Cisco Umbrella Rank: 1134 stripe.com — Cisco Umbrella Rank: 846	2 MB
22	google.com pay.google.com — Cisco Umbrella Rank: 2753 www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 148 adservice.google.com — Cisco Umbrella Rank: 92 play.google.com — Cisco Umbrella Rank: 33	423 KB
15	winred.com 1 redirects secure.winred.com — Cisco Umbrella Rank: 78857 gtm.winred.com — Cisco Umbrella Rank: 127398	218 KB
12	googleusercontent.com lh7-us.googleusercontent.com — Cisco Umbrella Rank: 608	3 MB
8	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 84 9381094.fls.doubleclick.net — Cisco Umbrella Rank: 284883 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	5 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	645 KB
6	hcaptcha.com hcaptcha.com — Cisco Umbrella Rank: 5514 newassets.hcaptcha.com — Cisco Umbrella Rank: 6729 api.hcaptcha.com — Cisco Umbrella Rank: 6866	439 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	21 KB
4	gstatic.com www.gstatic.com	102 KB
4	cloudfront.net d35ligi1n5bgzc.cloudfront.net	387 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 374	187 KB
3	stripecdn.com b.stripecdn.com — Cisco Umbrella Rank: 11596	45 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	71 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1243	16 KB
2	nolib.us 2 redirects nolib.us	412 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	269 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 822	722 B
1	t.co t.co — Cisco Umbrella Rank: 674	376 B
1	rmbl.ws a.ads.rmbl.ws — Cisco Umbrella Rank: 51999	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 775	15 KB
1	revv.co app.revv.co — Cisco Umbrella Rank: 282007	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 788	7 KB
167	22

	Domain	Requested by
43	js.stripe.com	secure.winred.com js.stripe.com
17	r.stripe.com	js.stripe.com
13	secure.winred.com	1 redirects secure.winred.com static.cloudflareinsights.com
12	play.google.com	www.gstatic.com
12	lh7-us.googleusercontent.com	secure.winred.com
7	www.googletagmanager.com	secure.winred.com www.googletagmanager.com www.google-analytics.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com secure.winred.com
4	www.gstatic.com	pay.google.com www.gstatic.com
4	www.google.com	secure.winred.com
4	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
4	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	newassets.hcaptcha.com	hcaptcha.com newassets.hcaptcha.com
3	b.stripecdn.com	js.stripe.com b.stripecdn.com
3	m.stripe.com	m.stripe.network
3	pay.google.com	js.stripe.com pay.google.com www.gstatic.com
2	api.hcaptcha.com	newassets.hcaptcha.com
2	analytics.google.com	www.googletagmanager.com
2	stripe.com	js.stripe.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	9381094.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	gtm.winred.com	www.googletagmanager.com
2	merchant-ui-api.stripe.com	js.stripe.com
2	connect.facebook.net	secure.winred.com connect.facebook.net
2	m.stripe.network	js.stripe.com m.stripe.network
2	nolib.us	2 redirects
1	hcaptcha.com	b.stripecdn.com
1	adservice.google.com	9381094.fls.doubleclick.net
1	www.facebook.com	secure.winred.com
1	analytics.twitter.com	secure.winred.com
1	t.co	secure.winred.com
1	a.ads.rmbl.ws	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	app.revv.co	secure.winred.com
1	static.cloudflareinsights.com	secure.winred.com
167	35

This site contains links to these domains. Also see Links.

Domain
txtterms.co
winred.com
www.donaldjtrump.com
cdn.donaldjtrump.com
donaldjtrump.com

Subject Issuer	Validity	Valid
secure.winred.com Cloudflare Inc ECC CA-3	`2024-01-22` - `2024-12-31`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-18` - `2024-03-17`	3 months	crt.sh
a.ads.rmbl.ws R3	`2024-02-14` - `2024-05-14`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2024-03-06` - `2024-06-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-02`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2024-05-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
Frame ID: 372F1DEAA799D52FE685E075DF8DD3F6
Requests: 69 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 501C4DA36C1D2043AA8F581FFEEF6F20
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
Frame ID: 03FE15FBA09120AE7AAEECBDDB73F488
Requests: 16 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
Frame ID: A6CE0B428D5CEDC6980F2F1783018C00
Requests: 10 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
Frame ID: 7B8293F2778FDB995149AEBA711A5985
Requests: 14 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html
Frame ID: 317DD40B569789F6B66C4F1D445157A3
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html
Frame ID: 2890F375CFEBA52D187AA1D0BF27C17A
Requests: 3 HTTP requests in this frame

Frame: https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/main.js
Frame ID: 242C6DD4D06DF9413C7A5922E43B7371
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: AA931BD80E449FD26C57BEC876EAF400
Requests: 5 HTTP requests in this frame

Frame: https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075
Frame ID: C63AF94A46587C8C2EEAFAF35881F8F1
Requests: 2 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: C0F73C8DB6C523EFA87F890B1470B7CE
Requests: 12 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html
Frame ID: 66FA93BB8279A84EA31BE2D5AB29C22B
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html
Frame ID: AA5A4ECC5912EA1CA85114A608B7A0BF
Requests: 4 HTTP requests in this frame

Frame: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com
Frame ID: D864AEA32C0EDB8F39F7C8BCC61871C9
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
Frame ID: 3AFB1591B94DD146BB391E5BA93960A8
Requests: 7 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=ak09m2l7ov
Frame ID: 1C0B351806B8F73DE46BFBDD7B4194E5
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MAGA

Page URL History Show full URLs

http://nolib.us/2rwn8q HTTP 302
https://nolib.us/2rwn8q HTTP 307
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_ca... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

hCaptcha (Security) Expand

Overall confidence: 100%
Detected patterns

https://hcaptcha.com/([\d]+?)/api.js

Page Statistics

167
Requests

99 %
HTTPS

60 %
IPv6

22
Domains

35
Subdomains

30
IPs

3
Countries

7574 kB
Transfer

17956 kB
Size

34
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://txtterms.co/88022-2/
Title: txtterms.co/88022

Search URL Search Domain Scan URL

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://www.donaldjtrump.com/join
Title: Interested in volunteering? Click here to sign up today.

Search URL Search Domain Scan URL

URL: https://cdn.donaldjtrump.com/djtweb24/general/TSA_JFC_Contributor_Form_230217.pdf
Title: Want to donate by mail? Click here to print out a donation form that you can send to our address.

Search URL Search Domain Scan URL

URL: http://donaldjtrump.com/
Title: donaldjtrump.com

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nolib.us/2rwn8q HTTP 302
https://nolib.us/2rwn8q HTTP 307
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/main.js

Request Chain 82

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075 HTTP 302
https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075

167 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/
Redirect Chain

http://nolib.us/2rwn8q
https://nolib.us/2rwn8q
https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075

138 KB
20 KB

294ms
187ms

Document
text/html

2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1511387345c0eb0fde467b28a406925d1c7ca932282f4926895fe01c9921e328

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 861e6bd5ced58dfd-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:00 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-rack-cors: miss; no-origin
x-request-id: 6dcd91c1-35f2-4955-a454-69e8b3dec25c
x-revv-cache: Hit from Revv
x-runtime: 0.087767
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-type: application/octet-stream
date: Sat, 09 Mar 2024 22:15:00 GMT
location: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
server: awselb/2.0

GET
H2 200 / Show response
js.stripe.com/v3/ 605 KB
168 KB 128ms
32ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

78cbe967c1f4e24b0a586fff03fbcd4a98069b27ad23bfe0ef8aef9a9fa22739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 49
x-cache: HIT
content-length: 171169
x-request-id: bf14324b-db85-4713-9e77-20e9915f116e
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "0d82e47134264113b6f556b7b393025a"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 11

GET
H2 200 landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
secure.winred.com/assets/ 219 KB
34 KB 60ms
58ms Stylesheet
text/css 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:00 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: VXwylmd67a2TVXI0SDz2TzW_HEfq_T6n
cf-cache-status: HIT
x-amz-request-id: TBVN3J7H3RVQY8PV
age: 4988
cf-polished: origSize=227667
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xKlaC1NY0gVHQWR69X+OSI3a+cciUZAgHNF9cQb5hmJrTZbhNDxGOYNGNjXTmI1pLaOJkM/zb/E=
cf-bgj: minify
last-modified: Fri, 23 Feb 2024 02:52:51 GMT
server: cloudflare
etag: W/"57df3b6cebff9962c43c29347b45123f"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 861e6bd6f8268dfd-MIA
expires: Sun, 10 Mar 2024 02:15:00 GMT

GET
H2 200 1709921348.css
secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/ 8 KB
2 KB 55ms
54ms Stylesheet
text/css 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/1709921348.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fa3e3c6540600d9350822d57e6844187ffb140e90652b864f6489e18a0cd89a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Sat, 09 Mar 2024 22:15:00 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
age: 101110
cf-polished: origSize=8687
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 72e5e5ca-38c7-4fdf-9a4f-0fdcbd32dd38
x-runtime: 0.042076
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
last-modified: Fri, 08 Mar 2024 18:09:50 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: public, max-age=31556952
cf-ray: 861e6bd6f8278dfd-MIA
expires: Mon, 10 Mar 2025 04:04:12 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 231 KB
76 KB 236ms
96ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

925b617167e4c6e628f86fecb87b7cea4af209e4a9237b123b0bd81076f06000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77224
x-xss-protection: 0

GET
H2 200 application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js Show response
secure.winred.com/assets/ 488 KB
137 KB 70ms
69ms Script
application/javascript 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3bcb4b6ff50975328f38e8553353ce3c0a5bf93a578f9c4d6affc81870c349

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:00 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: 3bK8BvucZTRAbTuPs1lO1vzovxv1fn3N
cf-cache-status: HIT
x-amz-request-id: T5CSACP6ZW1NE144
age: 6391
cf-polished: origSize=499824
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: zKzJUQ8QEQVVi3XP1pLPv0Ghkhjqy29YChcR0yaBwzFGs4qPIaiAzIdIN8wB+frrOJ7Xl7SW3Jc=
cf-bgj: minify
last-modified: Tue, 05 Mar 2024 00:21:32 GMT
server: cloudflare
etag: W/"9aa57484c8a794fd69956b30a12bc89c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 861e6bd6f8298dfd-MIA
expires: Sun, 10 Mar 2024 02:15:00 GMT

GET
H2 200 TRUMP_LOGO_-_WHITE_BOX_%281%29.png
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/826/035/large/ 165 KB
165 KB 226ms
73ms Image
image/png 2600:9000:247b:9200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/826/035/large/TRUMP_LOGO_-_WHITE_BOX_%281%29.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3c2125ebaeb07268bbc110c5f11486686b0d1b756115142dfbfc855cf82ba43

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: yfwN.ggIOaUC6AxHonrapfZVYuxzZd13
date: Fri, 08 Mar 2024 23:39:18 GMT
via: 1.1 e58d56c2f23391dd5609aad3656901ce.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 81344
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 168824
last-modified: Wed, 10 Jan 2024 18:25:23 GMT
server: AmazonS3
etag: "75ce68862b7b84a971e6026ca747a8ba"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: y9PfRi0fPCuDipE3fhNihgW6-bwcvMXgQiU9vsWCRlnITCEajzc6UA==

GET
H2 200 9y7sj8C59UfvGzH4prcdnufUQoBG6b0qovGsORwm8zqjsjLTcND2-UyrgpfDXczHsmRvgtgVQ9MagwEIEhphsudXst6lUttIJW_rjmFqrvKLyDCfHtoKwpDGUtQKmDwXUmKKdPOAAkNV6q0YrS7zarI
lh7-us.googleusercontent.com/ 195 KB
195 KB 209ms
64ms Image
image/gif 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/9y7sj8C59UfvGzH4prcdnufUQoBG6b0qovGsORwm8zqjsjLTcND2-UyrgpfDXczHsmRvgtgVQ9MagwEIEhphsudXst6lUttIJW_rjmFqrvKLyDCfHtoKwpDGUtQKmDwXUmKKdPOAAkNV6q0YrS7zarI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c6118142b959d48f825b11ab7ab9cbb551681de4764b45868f0417817c2243b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:05:02 GMT
x-content-type-options: nosniff
age: 599
content-disposition: inline;filename="Add a heading (8).gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 199477
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 22:05:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 460 KB
102 KB 233ms
93ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e7a525c76ea7d8411d461e008bc972e77483d247a5f98d69913e89bd15b029b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104404
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Mar 2024 22:15:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 318 KB
106 KB 250ms
110ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

26c9072e3ab504f6faaec1e5e8f448d9ff566d92476550ca855aacf865dd2dff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108682
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Mar 2024 22:15:01 GMT

GET
H2 200 a2OSn2pfK5WJs5hzVn1gHI_1GRm1l2SlVacKICrDYFjuN_sJQAAwaYnyhQcDUNGKKbWDM8GLvMbYY4tRxcit3ZMX0AfozEswB8OUGnVLDc5uyt2G5MEdDF5UQ_MGVeX6m50yolLr_i_zU__tG7egpok
lh7-us.googleusercontent.com/ 619 KB
619 KB 143ms
138ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/a2OSn2pfK5WJs5hzVn1gHI_1GRm1l2SlVacKICrDYFjuN_sJQAAwaYnyhQcDUNGKKbWDM8GLvMbYY4tRxcit3ZMX0AfozEswB8OUGnVLDc5uyt2G5MEdDF5UQ_MGVeX6m50yolLr_i_zU__tG7egpok

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f05270c012f1cc9f1e631a07b1d87079e95aa73c95df82eeace0e9daf8e36373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 633364
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 OjPOvST5Rp7L80iPY9ih4pqrPI6_LPK-93a1Nd_3O3sV2xaSn8hjcv_xu-rcEmW-VG7sHsbKkunJ3fdGz9u3gjfUuXzDU1YJl1kBcprtd6aMZVazp-quTJTZNlLUvkkX8OiCF-uFww44j34634uuBDg
lh7-us.googleusercontent.com/ 240 KB
240 KB 131ms
127ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/OjPOvST5Rp7L80iPY9ih4pqrPI6_LPK-93a1Nd_3O3sV2xaSn8hjcv_xu-rcEmW-VG7sHsbKkunJ3fdGz9u3gjfUuXzDU1YJl1kBcprtd6aMZVazp-quTJTZNlLUvkkX8OiCF-uFww44j34634uuBDg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6107b0d3cc386025d24b1e78350469c1e9b51e6611d67fc6b24f2abb181b94c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 245402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 rMU9it31CYtyOH8nGym11AAl0YcF4fdMr8J9OJoL6IfcU4BS4KeiYSjwZEIwN_DnD_d5w3ApLAfs1gG7Xivk-3E8HS4W4OuUl9-1ZVZ1TCmKSm8sjjF2Zc1A2V9sdy3Cei_0ETxqVbbIOte3dDNRwds
lh7-us.googleusercontent.com/ 327 KB
327 KB 119ms
115ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/rMU9it31CYtyOH8nGym11AAl0YcF4fdMr8J9OJoL6IfcU4BS4KeiYSjwZEIwN_DnD_d5w3ApLAfs1gG7Xivk-3E8HS4W4OuUl9-1ZVZ1TCmKSm8sjjF2Zc1A2V9sdy3Cei_0ETxqVbbIOte3dDNRwds

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

be92d9673bff24b4647b2f0f2db11c87a57ba3355e40ebba73da38660179970e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 334819
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 iFnUBa57_9xSq6OUr7sK1_BhCsjidoNgruy4zUELKNFbtFPI8cZkWWMOmCwBoSlXBxd_4MGNCHiwDZNeatZsdXOPdggNfiTL_7xXY402xT6bPYAovbxPzPPMIw-JGl-_prPRQMbShW8128WPsXxkwHo
lh7-us.googleusercontent.com/ 24 KB
24 KB 291ms
287ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/iFnUBa57_9xSq6OUr7sK1_BhCsjidoNgruy4zUELKNFbtFPI8cZkWWMOmCwBoSlXBxd_4MGNCHiwDZNeatZsdXOPdggNfiTL_7xXY402xT6bPYAovbxPzPPMIw-JGl-_prPRQMbShW8128WPsXxkwHo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

335b041a57cb1746b5b1634e9537f532503d6691d825dcfc1b4babba301fc3d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24244
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 s8OmKr-1_NyLGWog4y0LunP9ny_CjUR-YDhYvPjpNC9fcz0wHzUjwv5kkznmOdqKqIGmIIyx1xq4IP_9aKG3GN3dsmSdMZrO6TKIT4SvVgmKKpwl4zo4G-q9FZXwJa0K4dHjGADIEvju7ZS1sfQyG0g
lh7-us.googleusercontent.com/ 324 KB
324 KB 296ms
292ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/s8OmKr-1_NyLGWog4y0LunP9ny_CjUR-YDhYvPjpNC9fcz0wHzUjwv5kkznmOdqKqIGmIIyx1xq4IP_9aKG3GN3dsmSdMZrO6TKIT4SvVgmKKpwl4zo4G-q9FZXwJa0K4dHjGADIEvju7ZS1sfQyG0g

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ff8ecca72ee1ad26b150b7f4ab7b3dc8dbb119fd764e7acbe5dee40f7837a22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 331798
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 imtkbni7BKmYw1pCyOCq31AVhtciPHYQcP1P32D_iNk-iZxIJEn8TzaUyfu0lSSwhc1g7uyUY86hzm-b14JW8e4KkFXo507SiWzW2VavmaIWhq0rb4XifMgiKrry0TE2nBfbffWsxnRZEorxGBiJp_0
lh7-us.googleusercontent.com/ 397 KB
397 KB 299ms
295ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/imtkbni7BKmYw1pCyOCq31AVhtciPHYQcP1P32D_iNk-iZxIJEn8TzaUyfu0lSSwhc1g7uyUY86hzm-b14JW8e4KkFXo507SiWzW2VavmaIWhq0rb4XifMgiKrry0TE2nBfbffWsxnRZEorxGBiJp_0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

063054879eec7d015ae3fbee4997239dd1bd2016456a74987fb57ebc864a1a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 406287
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 cDaTvDYrgcqrpve3u4OMva7WzdJIn3TrB_VxdwoQ0qaKOSAejiPSGT0qtC0cd9VsLlQnlZ2Wb3JCrm1nxIPOnNb5t8g0Sd62Ujrb0SP28JeAd1dceELhbNNSrY7CNpEw43hdWseETDApxXKDhJJIXTw
lh7-us.googleusercontent.com/ 30 KB
30 KB 292ms
288ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/cDaTvDYrgcqrpve3u4OMva7WzdJIn3TrB_VxdwoQ0qaKOSAejiPSGT0qtC0cd9VsLlQnlZ2Wb3JCrm1nxIPOnNb5t8g0Sd62Ujrb0SP28JeAd1dceELhbNNSrY7CNpEw43hdWseETDApxXKDhJJIXTw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8726b07c568b9c0beb4f94f28032b44b05ed250511375c86a1804b2d1db67f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30436
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 G0c8QV4ga1KDaq77Ct-SaBT0dtBlVXyhFBqs0qManIxwIY7FZbzs9C69FoHs-uGXoKG-2ae2AtP4mrA5IuwCN7Gh3q-4_3abnVcmjobaCNZ_rQEbbNxUBz8Hcx0Yn-G60uK3RDuLt5ZTI61md7HPOow
lh7-us.googleusercontent.com/ 299 KB
299 KB 296ms
293ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/G0c8QV4ga1KDaq77Ct-SaBT0dtBlVXyhFBqs0qManIxwIY7FZbzs9C69FoHs-uGXoKG-2ae2AtP4mrA5IuwCN7Gh3q-4_3abnVcmjobaCNZ_rQEbbNxUBz8Hcx0Yn-G60uK3RDuLt5ZTI61md7HPOow

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9a0fea60b23cab2006d139b4934661a679771385be7e2ce011e4797a62bb5199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306187
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 C2MQiCa_bspRAi_c3VcfdZJriKG8Lit2vp8QBTxMEhdEaLmOuffb5Y7Aaz3ScFSCsYU6ojzKjilvwLbuqOb72J5rTGffnhu3akzM6ymr53SljIfBVe3U_SLoNO3LqWqLKnPSMPB02eoKpv-O7GjssWA
lh7-us.googleusercontent.com/ 421 KB
422 KB 294ms
291ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/C2MQiCa_bspRAi_c3VcfdZJriKG8Lit2vp8QBTxMEhdEaLmOuffb5Y7Aaz3ScFSCsYU6ojzKjilvwLbuqOb72J5rTGffnhu3akzM6ymr53SljIfBVe3U_SLoNO3LqWqLKnPSMPB02eoKpv-O7GjssWA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52ff61f8a3c0bc6a5cb3dc91ae468fdee25845bc9863bc943a6b1a6e3cfe371b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 19:06:12 GMT
x-content-type-options: nosniff
age: 11329
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431354
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 19:06:12 GMT

GET
H2 200 bEVmiBAlrMNHqy8pYp6es3R_SGCX0rOh-5MJKw3B6i_L2qlob_wNs8XJaFAhpwwow-ZcPq_qlxb3kEhHRc7wAE1HvyVsoEbb_cj0vm5_mmxCKnsijw0yeSIk30aoo1k6PLKAXCZRaO4oYjE4luuo8qE
lh7-us.googleusercontent.com/ 5 KB
5 KB 293ms
290ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/bEVmiBAlrMNHqy8pYp6es3R_SGCX0rOh-5MJKw3B6i_L2qlob_wNs8XJaFAhpwwow-ZcPq_qlxb3kEhHRc7wAE1HvyVsoEbb_cj0vm5_mmxCKnsijw0yeSIk30aoo1k6PLKAXCZRaO4oYjE4luuo8qE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce483bd57a7d0576c16db84df9cf92b4d94a2c8472f3254dbd2a759704d0fbfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 21:23:57 GMT
x-content-type-options: nosniff
age: 3064
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="_QW1zW-kTCSjbaqIOpuRy5VMvh61fpZv212Q1YCWeOexOYKps9CRhiAxX9Kvvq-lIdKhd_eQcyu6vBuNlCq3u2RFxweb4FxaKIYDq3EaTHdLU2IPQQ2fCV-KVJygrIgkrOcUZ9htsl6GD76yV3Xaut4.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5209
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 21:23:57 GMT

GET
H2 200 XNEQX8J3Hn1Tc1Cekdz69bCfdrh2IUfxO-n_jmYRPw8m0XbfQ8U6r2gs40xCYHpHYIOjHO8UXt1tM0880iBH-lhkpJf_WnI6GRQGSpgV6uggayE25ukLzK4C9WilKq3YZYdrC00FjrewTGXWDIAtoEo
lh7-us.googleusercontent.com/ 195 KB
195 KB 300ms
297ms Image
image/png 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/XNEQX8J3Hn1Tc1Cekdz69bCfdrh2IUfxO-n_jmYRPw8m0XbfQ8U6r2gs40xCYHpHYIOjHO8UXt1tM0880iBH-lhkpJf_WnI6GRQGSpgV6uggayE25ukLzK4C9WilKq3YZYdrC00FjrewTGXWDIAtoEo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b94b05ccc912f4deadb7dffd20326ce301931340c02efcb1e2a80fb55c59c6c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 20:16:43 GMT
x-content-type-options: nosniff
age: 7098
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="DJT_YourRetribution_MMS.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 199926
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 10 Mar 2024 20:16:43 GMT

GET
H2 200 potus_headshot.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/ 22 KB
22 KB 89ms
87ms Image
image/png 2600:9000:247b:9200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/068/512/square/potus_headshot.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: 6HYtNhcBxi6F_uJ2AY87Rc_xOq3TeHoz
date: Sat, 09 Mar 2024 12:25:41 GMT
via: 1.1 e58d56c2f23391dd5609aad3656901ce.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 35361
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 22449
last-modified: Sat, 17 Jul 2021 20:11:51 GMT
server: AmazonS3
etag: "e595f679c10699fedef3c779e864cdd9"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: cZ2VReLpwMU44ThoLrpXDNGsU1-STYDSKiEQfaCrYdj97xmDrFDL4A==

GET
H3 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 59ms
58ms Image
image/webp 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: aJPW9Tz10D0h5EN716h5nNhnc17HLXCv
cf-cache-status: HIT
x-amz-request-id: H0RQ7PT87JHHM25R
age: 85
cf-polished: origFmt=png, origSize=11635
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc: h3=":443"; ma=86400
content-length: 8708
x-amz-id-2: WPExoew1NTTPA6Gm95LnU3wFE0Ol9PWZawnd+DNRGWi5GULSIzmtMjk5us/oJxhNXVIEagyihcQ=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Mar 2024 00:21:38 GMT
server: cloudflare
etag: "972c0cca8d1e490484e89513f902e847"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 861e6bd8de687494-MIA
expires: Sun, 10 Mar 2024 02:15:01 GMT

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
7 KB 62ms
61ms Image
image/svg+xml 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
x-amz-version-id: h6JYfO46CxPHIVbhCFXhjqzuvgXn2_Zk
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: HIT
x-amz-request-id: FTTRQJTTK5NQHRJP
age: 1150
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hxk9T9sCPNwnoYNLOZol+1Th7QaPMXUzcAxcvvhX43jGjqWAkZIW9UDR/4D7m3CLmSjulRrXkAk=
last-modified: Fri, 23 Feb 2024 02:52:53 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 861e6bd8ee6b7494-MIA
expires: Sun, 10 Mar 2024 02:15:01 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 198ms
63ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://secure.winred.com/
Origin: https://secure.winred.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 861e6bd9bc064c30-MIA

GET
H2 200 20210604_save-america_winred-backgrounds_winred-desktop_v2.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/092/966/large/ 197 KB
198 KB 95ms
95ms Image
image/jpeg 2600:9000:247b:9200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/092/966/large/20210604_save-america_winred-backgrounds_winred-desktop_v2.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01hrfjqn55v6bawz2h8820xd5t/1709921348.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:9200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81a6832550bd52d1c44e1e63c2d9137a441dd53d31302c3070000403d032b012

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 00:26:17 GMT
x-amz-version-id: NXb6H3gY_kurDwSBNPY4Z260kpd_Eays
via: 1.1 e58d56c2f23391dd5609aad3656901ce.cloudfront.net (CloudFront)
last-modified: Sun, 18 Jul 2021 21:49:32 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P2
age: 78525
etag: "4652598428898ad578aa5424f8463865"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 202127
x-amz-cf-id: o-zAUO8epXeJdv2ifByN5ZuLQ_FAqyGmlO1u2yrA1_bjHQWpMNKzag==

GET
H3 200 icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
secure.winred.com/assets/ 290 B
817 B 86ms
86ms Image
image/webp 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/assets/landing_page-b5085350195c50801834c19cd56b1cabc8b9ea2b81e3a74f8486f6b3e2ae2898.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: WrwkLH_G_74cFy4BsV1m.aK7V4xDq.yM
cf-cache-status: HIT
x-amz-request-id: JF27YYA3C0766QT7
age: 826
cf-polished: origFmt=png, origSize=560
content-disposition: inline; filename="icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.webp"
alt-svc: h3=":443"; ma=86400
content-length: 290
x-amz-id-2: 3hLESDcHspLcUQbrSAQoEJcM0f58CLsioSFHeEBQw6f8VJmT9GEJTDNWShA2Te5avOYlm5vScWQ=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Mar 2024 00:21:36 GMT
server: cloudflare
etag: "571ee659b7ee9af9291e7dd8176721d5"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 861e6bd8ee727494-MIA
expires: Sun, 10 Mar 2024 02:15:01 GMT

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 501C 200 B
817 B 36ms
36ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2211302
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 576526
x-content-type-options: nosniff
x-request-id: 573cd5ff-f198-4923-8303-8ce02ff8e14a
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 controller-c8bfdd70e62be9f4e611d8b62738f20d.html Show response
js.stripe.com/v3/ Frame 03FE 325 B
736 B 33ms
33ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1bfb181330911e3736a1fe85f14a2ca94b4728ce86887d11e6b4fea110cd1292

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 14
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 188
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "c8bfdd70e62be9f4e611d8b62738f20d"
last-modified: Sat, 09 Mar 2024 02:38:05 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 12
x-content-type-options: nosniff
x-request-id: fc3b134d-5e4e-4b12-a834-0f9c79b62f22
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html Show response
js.stripe.com/v3/ Frame A6CE 798 B
1 KB 33ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

d8424db7d8737b6c35f5996017f01e0d8931bc6fae96222d821489a1e742b723

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 70348
cache-control: max-age=31536000
content-encoding: br
content-length: 360
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "ea4b4f4cc243b3261efc5454ef3aabcd"
last-modified: Sat, 09 Mar 2024 02:38:05 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 4572
x-content-type-options: nosniff
x-request-id: 184f07e1-d9a4-48ce-9625-df6c3ff6237c
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 current_with_info Show response
app.revv.co/api/v3/users/ 162 B
1 KB 210ms
113ms XHR
application/vnd.api+json 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab300f7fbf19d240df62d6f94156dee501e8230741c5dbdc9b8180423af61274

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
x-rack-cors: hit
date: Sat, 09 Mar 2024 22:15:01 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
strict-transport-security: max-age=0; includeSubDomains
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-encoding: br
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
x-rack-cors-original-access-control-expose-headers
alt-svc: h3=":443"; ma=86400
x-request-id: 104bdd47-4bc8-4a42-b36f-b6792f98aa33
x-runtime: 0.010797
server: cloudflare
etag: W/"ab300f7fbf19d240df62d6f94156dee5"
access-control-max-age: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
cf-ray: 861e6bdb2f767436-MIA

GET
H3 200 rv_page_01hrfjqn55v6bawz2h8820xd5t-9114a612c9f91ea65e2ebe2d35ccc504d782b27f Show response
secure.winred.com/api/v3/donations/live/ 451 B
522 B 178ms
178ms XHR
application/json 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/api/v3/donations/live/rv_page_01hrfjqn55v6bawz2h8820xd5t-9114a612c9f91ea65e2ebe2d35ccc504d782b27f?stream_id=84b564de0b57f39dfa2bb97ab0ac35f47088cfd1&_=1710022501214

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-e23d78f5dae749bd70067ba6d3bdf2e924c8866792d4dc2d5570569787a0c676.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6430ef46a6bc6a63ac83ee8d4d20765103e9646207e29ac6e444dbe9b686574

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
X-CSRF-Token: GfiY1iWK6n5PJEZeqHEGNN029/25L++5BRspFCcJtqs4Q5sgciNAuWUKyp0SQrtnwtsWSXKhTg09OdmfGIBREA==
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 2bcdb6b2-9e6b-49e3-bed3-f949ca090b44
x-runtime: 0.061263
server: cloudflare
etag: W/"f6430ef46a6bc6a63ac83ee8d4d20765"
vary: Origin, Accept-Encoding
content-type: application/json
cache-control: public, max-age=60
cf-ray: 861e6bda98807494-MIA
expires: Sat, 09 Mar 2024 22:16:01 GMT

GET
H2 200 controller-c8bfdd70e62be9f4e611d8b62738f20d.html Show response
js.stripe.com/v3/ Frame 7B82 325 B
265 B 35ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1bfb181330911e3736a1fe85f14a2ca94b4728ce86887d11e6b4fea110cd1292

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 14
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 188
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "c8bfdd70e62be9f4e611d8b62738f20d"
last-modified: Sat, 09 Mar 2024 02:38:05 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 14
x-content-type-options: nosniff
x-request-id: 6cf2c7f1-46e6-4fa9-9073-fc05179d4228
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html Show response
js.stripe.com/v3/ Frame 317D 408 B
937 B 33ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

4b38b26979eaaa677332ff92c1bc28a3908b484217d321a591822b32ddaa49ec

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 70348
cache-control: max-age=31536000
content-encoding: br
content-length: 221
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "fadce1bd1c27181a53fac88cd57faed7"
last-modified: Sat, 09 Mar 2024 02:38:18 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 583
x-content-type-options: nosniff
x-request-id: c131434b-2a58-4f47-bbc3-db992cff336f
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html Show response
js.stripe.com/v3/ Frame 2890 344 B
1 KB 32ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e494642088f5cd25721987eaa31497d2ff55b59496fa013795a3569b3f07e54d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 36
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 203
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
etag: "1922c41519d48ad4c66b970a564b81c8"
last-modified: Sat, 09 Mar 2024 02:38:18 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2
x-content-type-options: nosniff
x-request-id: d44cf664-1396-4c0f-abdc-312c8a5d4a03
x-served-by: cache-mia-kmia1760099-MIA

GET
H3 200 DJT-THANK_YOU_%285%29.png
d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/853/615/small_square/ 1 KB
2 KB 69ms
69ms Image
image/png 2600:9000:247b:9200:0:7d26:ee00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/853/615/small_square/DJT-THANK_YOU_%285%29.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:247b:9200:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46311e8ed501f8db5fb8f70d41a42bb114c26b13bb130c4e48cb8e87e7aeb054

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 22:39:21 GMT
x-amz-version-id: VM2bpdJqRAUxPaP094scFFxxx0yFdsTY
via: 1.1 050d3e345e03ee19c1b095050789e432.cloudfront.net (CloudFront)
last-modified: Fri, 09 Feb 2024 14:51:59 GMT
server: AmazonS3
age: 84941
x-amz-cf-pop: JFK52-P2
etag: "4fa0bd2db00b150bc0e59057c4a76f36"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1214
x-amz-cf-id: 9hc9QW6kj5l4PyUWKK6xwNUwHrqCiSo1K_qOBTHfMGXOm8dOt_xqbA==

GET
H3 200 statistics Show response
secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/forms/ 1 KB
1 KB 760ms
760ms XHR
text/html 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/forms/statistics

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c844f698787a459f7166b9f367e22deeac86c36f4d24024931297df2bedbdca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
X-CSRF-Token: GfiY1iWK6n5PJEZeqHEGNN029/25L++5BRspFCcJtqs4Q5sgciNAuWUKyp0SQrtnwtsWSXKhTg09OdmfGIBREA==
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Sat, 09 Mar 2024 22:15:02 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 9c81b1bb-fba3-491b-9bfc-e8cf2e0e3a59
x-runtime: 0.651813
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 861e6bdad8d77494-MIA

GET
H3

200

main.js Show response
secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/ Frame 242C
Redirect Chain

https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/main.js

8 KB
4 KB

41ms
41ms

Script
application/javascript

2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/main.js

Requested by

Protocol

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a693667d01b594c70ca5d642638001d39a977df5edf205dda49212ce54751cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 861e6bdb99fb7494-MIA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/aeb70db32f0f/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 861e6bdae8fd7494-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 501C 526 B
644 B 33ms
32ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 4027145
x-cache: HIT
content-length: 315
x-request-id: faceaac4-9ec9-487c-a5e5-8bab14ab4b2c
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 546725

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 03FE 537 KB
130 KB 32ms
32ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70354
x-cache: HIT
content-length: 133401
x-request-id: 7ef8823d-29a8-4ce1-b42f-e35488805317
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3

GET
H2 200 controller-a58721c28affd3a672e82df8c6e7e6a4.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 03FE 703 KB
184 KB 40ms
40ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-a58721c28affd3a672e82df8c6e7e6a4.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7fbe8a94ecb5d03772bd3de4e36a8b484d905a8be393f49201932f4521725ff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70355
x-cache: HIT
content-length: 188464
x-request-id: 181d3155-94b5-4079-98c7-5596304f2182
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:15 GMT
server: Fastly
etag: "5c2042a721abac64eac72d7fe5b76577"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A6CE 537 KB
130 KB 78ms
78ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70354
x-cache: HIT
content-length: 133401
x-request-id: 5a40953d-536e-4d42-85c4-baa1f385069f
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4

GET
H2 200 ui-shared-7dc68cc03f2c5456e360a1e943f92a71.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A6CE 415 KB
118 KB 73ms
73ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-7dc68cc03f2c5456e360a1e943f92a71.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7cdedf0496c95ba2b3c5ad025c2bf6f59ed42dd3f3a1d35d60f8cc7e8b1bee49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70348
x-cache: HIT
content-length: 120198
x-request-id: f9ae38e1-5050-4d4a-8b5c-5dd5d457922c
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "8fc3b02c892cad2f2ee7ffcb7e4adef8"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3891

GET
H2 200 elements-inner-card-c59665615e93a709cc55f2e224e91491.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame A6CE 55 KB
15 KB 65ms
64ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-card-c59665615e93a709cc55f2e224e91491.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

1b563eda3dbdadcc71e09378d95a6c9f338b9d68b685742c67f07a9a924edb1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 263362
x-cache: HIT
content-length: 15634
x-request-id: 767df2a8-18c9-4e53-a61f-96a606bc0ba6
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Wed, 06 Mar 2024 21:02:55 GMT
server: Fastly
etag: "165858d7f65b235654cfb27c83b2fa40"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 13118

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame A6CE 20 KB
3 KB 72ms
72ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 4015515
x-cache: HIT
content-length: 3304
x-request-id: a6cd1ee0-a479-4958-9003-f1fe14dff9af
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Mon, 24 Jul 2023 20:23:04 GMT
server: Fastly
etag: "b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 51345

GET
H2 200 elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css
js.stripe.com/v3/fingerprinted/css/ Frame A6CE 14 KB
2 KB 78ms
78ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-card-53aa57bec7f6d40d72327654fd43a92e.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 1426144
x-cache: HIT
content-length: 2260
x-request-id: c9f3e771-cf29-4629-b80e-60d3527e2a06
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Fri, 09 Feb 2024 18:11:43 GMT
server: Fastly
etag: "87bf0041cf7ae5e77d770c423e25828a"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 40978

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7B82 537 KB
130 KB 78ms
77ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70354
x-cache: HIT
content-length: 133401
x-request-id: 89823dae-eaab-4a23-971e-2ef9a4a49a35
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5

GET
H2 200 controller-a58721c28affd3a672e82df8c6e7e6a4.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 7B82 703 KB
184 KB 78ms
78ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/controller-a58721c28affd3a672e82df8c6e7e6a4.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7fbe8a94ecb5d03772bd3de4e36a8b484d905a8be393f49201932f4521725ff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70355
x-cache: HIT
content-length: 188464
x-request-id: 5ec26d51-a428-4269-a9e3-9def0f38fd7a
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:15 GMT
server: Fastly
etag: "5c2042a721abac64eac72d7fe5b76577"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 19

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 317D 117 KB
36 KB 312ms
184ms Script
application/javascript 2607:f8b0:4004:c1d::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f9c759cf5c578de883f94efb8ccb7a9c49db6f898f1bf094d27912234aabd4d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WziZTNkovQ2ViCol0bYB_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-WziZTNkovQ2ViCol0bYB_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjqtDikmJw1ZBiWF4qxVBRK8WwZKYUg2fNTabOPTeZ1nU9YlrY_pRJk-sZU33UM6aZvM-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prMejp7OyrduOqsKEGuun84aCMRO6TNYA4DYp34GaxQQt948xzoZiIV4OJ7u27yeTeDHzZldzACiJDXg"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Sat, 09 Mar 2024 22:15:01 GMT

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 317D 537 KB
131 KB 77ms
77ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70354
x-cache: HIT
content-length: 133401
x-request-id: 6d7ee859-a522-44b2-88fa-6ab551459b5e
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6

GET
H2 200 payment-request-inner-google-pay-c83e5fd7cbd25a878b3ffc70ebb53333.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 317D 12 KB
5 KB 34ms
34ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-c83e5fd7cbd25a878b3ffc70ebb53333.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

06e9cfa1e2fb5b8269f55ebb7dc5ced06737bc1e3faec047ca535265a9d7ac85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-google-pay-fadce1bd1c27181a53fac88cd57faed7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 781458
x-cache: HIT
content-length: 5124
x-request-id: ad114967-d748-4526-86a3-773193613103
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Thu, 29 Feb 2024 21:07:03 GMT
server: Fastly
etag: "7946a1d9a17729b6659d22b18a313c0e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6047

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2890 537 KB
130 KB 77ms
76ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 70354
x-cache: HIT
content-length: 133401
x-request-id: af5c88c5-c71d-4e1a-b514-f604ec0a4cd1
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 7

GET
H2 200 payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 2890 13 KB
6 KB 76ms
76ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-792795e2c4e2210721d96228540c4e06.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/payment-request-inner-browser-1922c41519d48ad4c66b970a564b81c8.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:01 GMT
via: 1.1 varnish
age: 2520039
x-cache: HIT
content-length: 5631
x-request-id: 29a38916-05e9-431b-8a53-7dada391a114
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Fri, 09 Feb 2024 18:11:55 GMT
server: Fastly
etag: "32dba56f50e599b5cc53a055305f8c45"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 21454

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 388ms
124ms XHR
application/json 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame AA93 930 B
1 KB 51ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 285
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:01 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 249
x-content-type-options: nosniff
x-request-id: 780b05c7-1bde-4243-8429-62a973937a93
x-served-by: cache-mia-kmia1760099-MIA
x-timer: S1710022502.775750,VS0,VE0

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 03FE 474 B
372 B 253ms
117ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 49
x-cache: HIT
content-length: 298
x-request-id: eee0ad15-45db-407a-b3f2-01ad25c60ca1
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 56

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 03FE 474 B
614 B 235ms
116ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 49
x-cache: HIT
content-length: 298
x-request-id: 6d507ae8-f22f-439a-8c16-5c2c7ebcfc41
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 55

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
91 KB 128ms
127ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e5c70da9f6f8d3044446a7c7c65636d44d643b13fc376c7b3f4195b76d8d2db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 276ms
61ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 21:51:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1400
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 09 Mar 2024 23:51:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 318 KB
106 KB 173ms
173ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e30033b8ab857c9985e8bef28cff8424602a312642cf8d32338cec1e2b5f95ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108101
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:02 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 190 KB
69 KB 181ms
180ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-9381094&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f7d5e62862118a898296ea07a799361733b3a788c2806662d803ab4e72596686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71050
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Mar 2024 22:15:02 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 257ms
60ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 18:08:41 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kcgs7200029-IAD

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 215 KB
58 KB 264ms
66ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 09 Mar 2024 22:15:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57348
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=114, rtx=0, c=12, mss=1294, tbw=2768, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: aQLR8yKCN8laht2cpwos7SVFUvKuX3Q8/jJMiMq2VTuqsHScYpnnreXDihFmuTMha+tDlbLl2Go/9hYRNeo3pA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ratag Show response
a.ads.rmbl.ws/ 3 KB
2 KB 212ms
36ms Script
application/javascript 38.70.189.72
RUMBLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ads.rmbl.ws/ratag?id=AV-6622
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.70.189.72 Toronto, Canada, ASN399647 (RUMBLE, CA),
Reverse DNS
Software: nginx /
Resource Hash: 6037734d0ad3dd7b2f31955aeeb4b34e2316f726e1bd884d7dbc979649570049

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: gzip
server: nginx
etag: W/"788ed2f782eb45b57dff78c742214a69"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=900
access-control-allow-credentials: true

POST
H3 200 861e6bd5ced58dfd Show response
secure.winred.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 242C 0
341 B 76ms
73ms XHR
text/plain 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/challenge-platform/h/b/jsd/r/861e6bd5ced58dfd

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 861e6bde1d687494-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 7B82 474 B
373 B 33ms
32ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 49
x-cache: HIT
content-length: 298
x-request-id: 77fbc591-2bf2-48d8-872a-7c8f669f8fcf
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 57

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 7B82 474 B
373 B 38ms
29ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/controller-c8bfdd70e62be9f4e611d8b62738f20d.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 49
x-cache: HIT
content-length: 298
x-request-id: 44044f4c-6419-4e37-8b52-bfac45f16e21
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 58

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame A6CE 474 B
373 B 33ms
32ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 49
x-cache: HIT
content-length: 298
x-request-id: b43906f5-72af-4033-8c40-4acaa35abe4c
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 59

GET
H2 200 countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json Show response
js.stripe.com/v3/fingerprinted/data/ Frame A6CE 145 KB
39 KB 34ms
33ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/data/countryRanges-9ffc15b92962ca316164b9a5ff4c1917.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 3416687
x-cache: HIT
content-length: 39981
x-request-id: bbfe9f4b-bffd-432e-b219-7bf8f86be657
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Tue, 21 Nov 2023 21:42:47 GMT
server: Fastly
etag: "9ffc15b92962ca316164b9a5ff4c1917"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 19194

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame AA93 87 KB
15 KB 33ms
33ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 163
x-cache: HIT
content-length: 15509
x-request-id: 6f0851b5-70ec-4e29-ab6a-dcf56b7b54ad
x-served-by: cache-mia-kmia1760099-MIA
server: Fastly
x-timer: S1710022502.249924,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 147

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame 7B82 3 KB
3 KB 325ms
194ms Fetch
application/json 198.202.176.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.202.176.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

fa2d7ff1b9def979f09e26f0c7dd693cfe25f6dabcadd0f05f9a3712ec9a1742

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2594
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
272 B 355ms
118ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502621238
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022502620992
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 463ms
232ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502734677
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022502734344
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 461ms
232ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502735107
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022502734720
access-control-allow-credentials: true
content-length: 0

POST
H2 200 wallet-config Show response
merchant-ui-api.stripe.com/elements/ Frame 03FE 3 KB
3 KB 300ms
189ms Fetch
application/json 198.202.176.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://merchant-ui-api.stripe.com/elements/wallet-config

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.202.176.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

014d09b8b597a8e96a14b52028f7b2927b5a7b7ce5927ee762860fd1b8677096

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-security-policy: report-uri https://q.stripe.com/csp-report?p=elements%2Fwallet-config; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site
content-length: 2594
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://js.stripe.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report
expires: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 458ms
234ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502735325
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022502734886
access-control-allow-credentials: true
content-length: 0

GET
H2 200 collect Show response
gtm.winred.com/g/ 486 B
927 B 416ms
324ms XHR
text/plain 2606:4700::6810:fa45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4360v867905447z872410129za220&_p=1710022500958&gcd=13l3l3l3l1&npa=0&dma=0&cid=430285545.1710022502&ul=en-us&sr=1600x1200&_fplc=0&ur=US-FL&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710022500958&_s=1&sid=1710022502&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&dt=MAGA&en=page_view&_fv=1&_nsi=1&_ss=1&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=-1710022500.1&epn.event_fire_time=1710022501886&ep.event_uuid=9bc7febc-ed16-4245-ac89-c89a498c652c&ep.isVideoPage=f&ep.referrer=&tfd=2291&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fa45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c08f5c1d3cff9a8f882fca49ac1e3de95cc3c85edae5beb0b4b772d9ef49c1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 861e6be07a3b74b8-MIA
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
147 B 76ms
75ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1628783291&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAEK~&jid=1516739345&gjid=1901301603&cid=430285545.1710022502&tid=UA-73658561-7&_gid=641084634.1710022502&_slc=1&gtm=45He4360n71NTQZ9Nv72410129za220&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&gcd=13l3l3l3l1&dma=0&z=1857945651

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
348 B 182ms
66ms XHR
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-73658561-7&cid=430285545.1710022502&jid=1516739345&gjid=1901301603&_gid=641084634.1710022502&_u=YCDAiEABBAAAAGAEK~&z=358054013

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
84 B 84ms
83ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1628783291&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAAGAEK~&jid=1301022647&gjid=1425573684&cid=430285545.1710022502&tid=UA-60901920-1&_gid=641084634.1710022502&_r=1&_slc=1&gtm=45He4360n71M27JCGv72350723za200&gcd=13l3l3l3l1&dma=0&z=1367766859

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

641defe78e044cbd72e13110f131016fc26c1e8b00ef29ad142e177a0e54bfe1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
193 B 63ms
62ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1628783291&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&ul=en-us&de=UTF-8&dt=MAGA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=YCDAiEABBAAAAGAEK~&jid=&gjid=&cid=430285545.1710022502&tid=UA-73658561-7&_gid=641084634.1710022502&gtm=45He4360n71NTQZ9Nv72410129za220&cd41=anonymous&cd58=t&cd61=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&gcd=13l3l3l3l1&dma=0&z=1360241653

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 20:34:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 6026
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 148ms
51ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9124b48d-9279-4119-827b-b0e28b2662e4&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=8744f521-d87d-4a7f-8988-1778294e5149&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&tw_iframe_status=0&txn_id=of93e&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-response-time: 6
date: Sat, 09 Mar 2024 22:15:01 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 1d4e8aaf0aa697aa
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: ddbaf237b32f255683c9b91d90607e8c054ca5a88e9172b1f6f8673b9228f491
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
722 B 223ms
125ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9124b48d-9279-4119-827b-b0e28b2662e4&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=8744f521-d87d-4a7f-8988-1778294e5149&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&tw_iframe_status=0&txn_id=of93e&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-response-time: 80
date: Sat, 09 Mar 2024 22:15:02 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: bbc4da6f358e19b4
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: ecf045682bc01ec29fc7e2a5c69877052ced6c4ae08d4a6877641bdd9e970b31
content-length: 43

GET
H2

200

activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;u... Show response
9381094.fls.doubleclick.net/ Frame C63A
Redirect Chain

https://9381094.fls.doubleclick.net/activityi;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=...
https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350...

685 B
827 B

127ms
126ms

Document
text/html

142.250.80.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-9381094&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f6.1e100.net

Software

cafe /

Resource Hash

170778a905ba5ca37ba728d3a53180483e26a5022dd3f2b96990b7325c59e530

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 396
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 22:15:02 GMT
expires: Sat, 09 Mar 2024 22:15:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 22:15:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
56 B 84ms
84ms Ping
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-0YWKLMCX4D&gtm=45je4360v9102512289z872350723za220&_p=1710022500958&gcd=13l3l3l3l1&npa=0&dma=0&cid=430285545.1710022502&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710022502&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&dt=MAGA&en=page_view&_fv=1&_ss=1&ep.cookieDomain=auto&tfd=2394
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11091438865/ 2 KB
2 KB 225ms
87ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11091438865/?random=1710022502470&cv=11&fst=1710022502470&bg=ffffff&guid=ON&async=1&gtm=45je4360v9102512289z872350723za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&hn=www.googleadservices.com&frm=0&tiba=MAGA&npa=0&pscdl=noapi&auid=175027967.1710022502&uamb=0&uaw=0&fdr=QA&data=event%3Dgtag.config%3BcookieDomain%3Dauto&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0YWKLMCX4D&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e458bfe58478c899de47def330282c9fd66dfe543c5d4a131cec9fbc545c4ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1378
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 payframe Show response
pay.google.com/gp/p/ui/ Frame C0F7 19 KB
8 KB 92ms
91ms Document
text/html 2607:f8b0:4004:c1d::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a54e4cf9aa70071041eac3976fafc2e959528e8f699a5b0b0ec0dbdab5cb15c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KolLJgfTCmjK3GIxXFOBFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-KolLJgfTCmjK3GIxXFOBFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Sat, 09 Mar 2024 22:15:02 GMT
expires: Sat, 09 Mar 2024 22:15:02 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjqtDikmJw1ZBiWF4qxVBRK8WwZKYUg2fNTabOPTeZ1nU9YlrY_pRJk-sZU33UM6aZvM-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prMejp7OyrduOqsKEGuun84aCMRO6TNYA4DYp34GaxQQt948xzoZiIV4OJ7t27yeTeDDousdTACh4DXd"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame A6CE 474 B
596 B 33ms
32ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-card-ea4b4f4cc243b3261efc5454ef3aabcd.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 50
x-cache: HIT
content-length: 298
x-request-id: 965dbf78-2b62-4c56-a928-34a3ee6ffd1b
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 60

GET
H2 200 1599889267195467 Show response
connect.facebook.net/signals/config/ 61 KB
13 KB 67ms
66ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1599889267195467?v=2.9.148&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9db8b420e21f5db6aa0dd50677268861205363d1975b4089e46abe4c8797a6c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 09 Mar 2024 22:15:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12878
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=72, rtx=0, c=63, mss=1294, tbw=62427, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: /pQ0x0xsV2Q5kBNmL3rQP3IN3Cnd9tHNsJFZzbR8zhFgsMt3/JJH6TJtUw5oYqU3zbubrk8ImGaddOS0VhRO5g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
68 B 66ms
65ms XHR
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60901920-1&cid=430285545.1710022502&jid=1301022647&gjid=1425573684&_gid=641084634.1710022502&_u=YCDACEABBAAAAGAEK~&z=1671972085

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
87 KB 92ms
92ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33f7b0cbccd401850fbb68c039a047ab5e0e0f028f03befd4aba9cc8693955e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:02 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 228ms
87ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-73658561-7&cid=430285545.1710022502&jid=1516739345&_u=YCDAiEABBAAAAGAEK~&z=56693199

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame AA93 156 B
666 B 357ms
119ms XHR
application/json 34.212.84.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.212.84.166 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-212-84-166.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

bb3cf6a6747b69d874598f02f390225c27e8dd85dd3cc9f37400aa9d5cb38bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Sat, 09 Mar 2024 22:15:02 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710022502889117
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710022502888454
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 205ms
204ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502735520
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1710022502734967
access-control-allow-credentials: true
content-length: 0

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMi... Frame C0F7 159 KB
57 KB 194ms
63ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgNyTrZL1kjrH0cXIkKh1uwEgL8sQ/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa8e89ac5cec62383a2233b5c9d98479a8ff13ad3e0adc874f8d15ddf053562

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 20:33:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57735
x-xss-protection: 0
last-modified: Fri, 08 Mar 2024 02:34:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 20:33:28 GMT

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 165ms
165ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502735277
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022502735099
access-control-allow-credentials: true
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 168ms
90ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60901920-1&cid=430285545.1710022502&jid=1301022647&_u=YCDACEABBAAAAGAEK~&z=451113563

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 enforcement-mode Show response
stripe.com/cookie-settings/ Frame 03FE 15 B
949 B 149ms
144ms Fetch
application/json 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stripe.com/cookie-settings/enforcement-mode

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-a58721c28affd3a672e82df8c6e7e6a4.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4

Security Headers

Name	Value
Content-Security-Policy	report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-security-policy: report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
x-stripe-server-envoy-start-time-us: 1710022502735250
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-envoy-upstream-service-time: 14
cross-origin-resource-policy: same-site
content-length: 15
x-stripe-bg-intended-route-color: blue
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 13
x-stripe-client-envoy-start-time-us: 1710022502735056
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 196ms
65ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1599889267195467&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&rl=&if=false&ts=1710022502664&sw=1600&sh=1200&v=2.9.148&r=stable&ec=0&o=4126&fbp=fb.1.1710022502662.979166602&cs_est=true&ler=empty&cdl=API_unavailable&it=1710022502573&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=10, mss=1294, tbw=2761, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 09 Mar 2024 22:15:02 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/11091438865/ 42 B
154 B 126ms
119ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11091438865/?random=1710022502470&cv=11&fst=1710021600000&bg=ffffff&guid=ON&async=1&gtm=45je4360v9102512289z872350723za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&frm=0&tiba=MAGA&npa=0&data=event%3Dgtag.config%3BcookieDomain%3Dauto&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqk6zh2rY2ArmjoFhB-cu1JWfSUvR_pw&random=2282381477&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/s/ 0
255 B 148ms
46ms Ping
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e4372h1v867905447z872410129z9867900975za220&_gsid=X6H0114PDF9_T7hDP52WfBpOP7CZNL0Q
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 66ms
66ms Ping
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-X6H0114PDF&cid=%2BMr7u64YI%2BXEkeakd0%2FGaY6upF0mUXgY8m3G%2FLcmbJg%3D.1710022502&gtm=45j91e4372h1v867905447z872410129z9867900975za220&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
45 B 113ms
46ms Ping
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-HNR33QTX08&_ono=1&gtm=45je4360v9164375506za220&_p=1710022500958&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=1600x1200&cid=430285545.1710022502&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&dt=MAGA&sid=1710022502&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2746
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 66ms
66ms Ping
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-HNR33QTX08&cid=430285545.1710022502&gtm=45je4360v9164375506za220&aip=1&dma=0&gcd=13l3l3l3l2&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNR33QTX08&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 enforcement-mode Show response
stripe.com/cookie-settings/ Frame 7B82 15 B
951 B 134ms
133ms Fetch
application/json 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stripe.com/cookie-settings/enforcement-mode

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-a58721c28affd3a672e82df8c6e7e6a4.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4

Security Headers

Name	Value
Content-Security-Policy	report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-security-policy: report-uri /csp-report?p=%2Fcookie-settings%2Fenforcement-mode;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
x-stripe-server-envoy-start-time-us: 1710022502901545
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-envoy-upstream-service-time: 18
cross-origin-resource-policy: same-site
content-length: 15
x-stripe-bg-intended-route-color: blue
server: nginx
access-control-max-age: 300
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 16
x-stripe-client-envoy-start-time-us: 1710022502901086
vary: Origin
access-control-allow-headers: x-stripe-csrf-token
cross-origin-opener-policy-report-only: same-origin; report-to=https://q.stripe.com/coop-report

GET
H2 200 hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html Show response
js.stripe.com/v3/ Frame 66FA 71 KB
25 KB 32ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e9ba771a0a93967531b81c021cc19452c512ec0ea1e087e773e5176de419bc04

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-Y7tTnk6Ux3nvGvTXu3a374g9TLdHtSuNx+d0JmBU38c='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 70348
cache-control: max-age=31536000
content-encoding: br
content-length: 25167
content-security-policy: base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-Y7tTnk6Ux3nvGvTXu3a374g9TLdHtSuNx+d0JmBU38c='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:02 GMT
etag: "7438ebd4e6021bf6d752f6aaf1fcae75"
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 4109
x-content-type-options: nosniff
x-request-id: 10c0492d-ae55-437e-bc55-f1e5a30cfba6
x-served-by: cache-mia-kmia1760099-MIA

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 123ms
122ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:02 GMT
x-stripe-server-envoy-start-time-us: 1710022502908026
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710022502907757
access-control-allow-credentials: true
content-length: 0

GET
H2 200 phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js Show response
js.stripe.com/v3/fingerprinted/js/ 148 KB
40 KB 33ms
32ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-5113174565c377315fd5b8d695d8b541.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 4015512
x-cache: HIT
content-length: 40295
x-request-id: 3dc4f271-77ad-41a7-99df-8167c7df9168
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Thu, 21 Dec 2023 18:13:42 GMT
server: Fastly
etag: "f7a3e754fa2fa9117506f69f618b5778"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 33932

GET
H2 200 elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html Show response
js.stripe.com/v3/ Frame AA5A 78 KB
17 KB 33ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

26e5cd6de33ce4b5c5b249c81f99ce8eeac76c8642f21019ff3fbc1efdfddfd6

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 70348
cache-control: max-age=31536000
content-encoding: br
content-length: 16210
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:02 GMT
etag: "d5bc310d4625155f8551279d60a103f7"
last-modified: Sat, 09 Mar 2024 02:38:05 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2466
x-content-type-options: nosniff
x-request-id: ca5f3839-02e3-4bb2-b2e6-6b7b18524cc9
x-served-by: cache-mia-kmia1760099-MIA

GET
H2 200 dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=*;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;u...
adservice.google.com/ddm/fls/z/ Frame C63A 42 B
401 B 584ms
439ms Image
image/gif 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=*;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075

Requested by

Host: 9381094.fls.doubleclick.net
URL: https://9381094.fls.doubleclick.net/activityi;dc_pre=COro0J6a6IQDFSq9fwQdE1sBog;src=9381094;type=pagev0;cat=djt_p0;ord=889995520683;npa=0;auiddc=175027967.1710022502;pscdl=noapi;gtm=45fe4360z872350723za201;gcd=13l3l3l3l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://9381094.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect Show response
gtm.winred.com/g/ 65 B
299 B 514ms
513ms XHR
text/plain 2606:4700::6810:fa45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4360v867905447z872410129za220&_p=1710022500958&gcd=13l3l3l3l1&npa=0&dma=0&cid=430285545.1710022502&ul=en-us&sr=1600x1200&_fplc=0&ur=US-FL&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710022500958&_s=2&sid=1710022502&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&dt=MAGA&en=user%20session%20start&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=-1710022500.1&epn.event_fire_time=1710022501911&ep.event_uuid=7dc22b2f-fde3-4755-b3ee-a27f2027feec&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=t&ep.usercategory=anonymous&_et=5&tfd=2797&richsstsse

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fa45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 861e6be30dc774b8-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 66FA 474 B
373 B 33ms
32ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:02 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 50
x-cache: HIT
content-length: 298
x-request-id: 35c77436-a1c4-48b1-9519-2751c635013c
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 61

GET
H2 200 HCaptchaInvisible.html Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame D864 419 B
887 B 444ms
412ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/hcaptcha-invisible-7438ebd4e6021bf6d752f6aaf1fcae75.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7046e325bee6e4ffd4581616a2b76772f5749fbd45eb77998a1b5810ed476d2e

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://hcaptcha.com https://.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://.hcaptcha.com; style-src 'self' https://hcaptcha.com https://.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 283
content-security-policy: base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://errors.stripe.com; default-src 'self'; form-action 'none'; frame-src https://hcaptcha.com https://*.hcaptcha.com; img-src 'self'; object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-request-id: e04bb679-2a0c-407b-8bf1-2b688a2b1300
x-served-by: cache-mia-kmia1760099-MIA
x-timer: S1710022503.952459,VS0,VE160

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame AA5A 537 KB
130 KB 44ms
43ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 70355
x-cache: HIT
content-length: 133401
x-request-id: 711590c4-fbaa-49de-be31-6c345d07d7bf
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8

GET
H2 200 elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame AA5A 25 KB
10 KB 42ms
42ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-link-button-for-card-3e3c6751186392e3859c5f4470b4d0df.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 1252692
x-cache: HIT
content-length: 9702
x-request-id: e12c9742-9f30-496c-b168-532a1c96857b
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Wed, 14 Feb 2024 18:03:44 GMT
server: Fastly
etag: "12873bf8979ee1f4c70fe3749e63d8a2"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18734

GET
H2 200 elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css
js.stripe.com/v3/fingerprinted/css/ Frame AA5A 25 KB
4 KB 46ms
45ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-link-button-for-card-e0892059cc36c5a207d4915b8be6a4f3.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-link-button-for-card-d5bc310d4625155f8551279d60a103f7.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:02 GMT
via: 1.1 varnish
age: 3124318
x-cache: HIT
content-length: 4362
x-request-id: d43b24bb-5b37-4d0f-99ea-a26b6de3a8d0
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Fri, 02 Feb 2024 18:19:28 GMT
server: Fastly
etag: "ec65bfd4737d216032b538eb56aec1bd"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18502

GET
H2 200 m=Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekW... Frame C0F7 75 KB
27 KB 65ms
64ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekWB2nw5o-4.L.B1.O/am=gEE2/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrj3jLfGazDAm-9H8IxQ905XgawvVg/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/am=gEE2/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrgNyTrZL1kjrH0cXIkKh1uwEgL8sQ/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d43cd65453ea849fe49814f849e61c569709a08c9fb00e7a98609e5dcae613a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27675
x-xss-protection: 0
last-modified: Wed, 06 Mar 2024 04:06:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 20:34:21 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame AA93 156 B
666 B 389ms
388ms XHR
application/json 34.212.84.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.212.84.166 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-212-84-166.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

bb3cf6a6747b69d874598f02f390225c27e8dd85dd3cc9f37400aa9d5cb38bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710022503022131
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710022503021798
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 6 Show response
m.stripe.com/ Frame AA93 156 B
666 B 389ms
388ms XHR
application/json 34.212.84.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.212.84.166 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-212-84-166.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

bb3cf6a6747b69d874598f02f390225c27e8dd85dd3cc9f37400aa9d5cb38bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710022503070149
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710022503069826
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
272 B 301ms
301ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503375348
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022503374770
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
272 B 229ms
229ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503376083
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022503375744
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 119ms
119ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503402792
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022503402109
access-control-allow-credentials: true
content-length: 0

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame C0F7 1 MB
377 KB 88ms
88ms XHR
text/html 2607:f8b0:4004:c1d::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

34e07c6ce3ca97b757fb44d6a203c36f4a9dd03a66c5dc4ff31c3b78b4ed32df

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5GT9Nnqr_wqfLH1iKYBypw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-5GT9Nnqr_wqfLH1iKYBypw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/gp/p/_/InstantbuyFrontendBuyflowPayUi/web-reports?context=eJzjqtDikmJw1ZBiWF4qxVBRK8WwZKYUg2fNTabOPTeZ1nU9YlrY_pRJk-sZU33UM6aZvM-ZBN88Z3r35SUTx9eXTBJArAbE2308WMR8prMejp7OyrduOqsKEGuun84aCMRO6TNYA4DYp34GaxQQt948xzoZiIV4OJ7v27yeTWDF78OHGAGiHjYU"
x-ua-compatible: IE=edge
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Sat, 09 Mar 2024 22:15:03 GMT

GET
H2 200 api.js Show response
hcaptcha.com/1/ Frame D864 376 KB
107 KB 127ms
43ms Script
application/javascript 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 eca8616127916fa339e7718294322b64.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: Y83AnVQfVaYtiCkhua7rz_C8xbCj9kI1
age: 0
x-amz-cf-pop: MIA3-C4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
etag: W/"cf161ae1463888e6b05f1ecd1d11305b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
cf-ray: 861e6be6988a128b-MIA
x-amz-cf-id: H0qDo0qcTHRnk9DezAm3kxpqeGja5feA6vOb7utcHwODphgdQGv6wQ==

GET
H2 200 vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame D864 114 KB
37 KB 34ms
34ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/vendors~AddressAutocomplete~AffirmInContext~AmazonPayButton~AuthMap~DemoPayButton~DynamicMap~GoogleA~35711e2c.292fe004c7b932cf1066.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

fa38eebb1eca7c94241152ae35cec12209d942905dc49f6d00dbe50636441258

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 09 Mar 2024 22:15:03 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 360143
x-cache: HIT
content-length: 38076
x-request-id: 502c4556-7099-4305-afef-6b1923494205
x-served-by: cache-mia-kmia1760099-MIA
server: Fastly
x-timer: S1710022503.378046,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18828

GET
H2 200 HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js Show response
b.stripecdn.com/stripethirdparty-srv/assets/v20.21/ Frame D864 18 KB
7 KB 36ms
36ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.b27e55a4db75cd3e653a.bundle.js

Requested by

Host: b.stripecdn.com
URL: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

eccf72d793ee9369fb1c8217a3cebd89e035b728e6eae08b7e12332886b0f95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://b.stripecdn.com/stripethirdparty-srv/assets/v20.21/HCaptchaInvisible.html?id=74d36433-7935-4085-8f3f-abe717f9b420&origin=https%3A%2F%2Fjs.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 09 Mar 2024 22:15:03 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 360143
x-cache: HIT
content-length: 7278
x-request-id: df3399e5-f31f-443e-a377-60481598451a
x-served-by: cache-mia-kmia1760099-MIA
server: Fastly
x-timer: S1710022503.378973,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000, public
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18611

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekW... Frame C0F7 10 KB
4 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekWB2nw5o-4.L.B1.O/am=gEE2/d=1/exm=Das5Le,_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrj3jLfGazDAm-9H8IxQ905XgawvVg/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b3f8ff3ac18420948dee5e28afc35009f409add491fa510254c992a5dc07787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4168
x-xss-protection: 0
last-modified: Wed, 06 Mar 2024 04:06:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 20:34:21 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekW... Frame C0F7 37 KB
14 KB 83ms
82ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.U5bj8U-w7zA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.ekWB2nw5o-4.L.B1.O/am=gEE2/d=1/exm=Das5Le,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrj3jLfGazDAm-9H8IxQ905XgawvVg/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

850ab5897d186d343295dcb34f74372ca46dc50abda3295d82043c5dfce60949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14261
x-xss-protection: 0
last-modified: Wed, 06 Mar 2024 04:06:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 08 Mar 2025 20:34:21 GMT

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 224ms
97ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 215ms
75ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 227ms
102ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 211ms
76ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 227ms
100ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 208ms
76ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 223ms
98ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 207ms
77ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 224ms
99ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 207ms
77ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame C0F7 131 B
155 B 224ms
98ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Mar 2024 22:15:03 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 201ms
76ms Preflight
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 09 Mar 2024 22:15:03 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 121ms
121ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503475293
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1710022503474782
access-control-allow-credentials: true
content-length: 0

GET
H2 200 elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html Show response
js.stripe.com/v3/ Frame 3AFB 820 B
1 KB 32ms
32ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

076096cac630bd34a3c93ee7f579a866eb44081a0e0fa373e15ff97fb329054f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 70332
cache-control: max-age=31536000
content-encoding: br
content-length: 370
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 09 Mar 2024 22:15:03 GMT
etag: "d9c6608d88003c49cb00acc46820c3d2"
last-modified: Sat, 09 Mar 2024 02:38:05 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1486
x-content-type-options: nosniff
x-request-id: 306981df-94de-4c3c-a42b-75fc5f8628f0
x-served-by: cache-mia-kmia1760099-MIA

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 121ms
121ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503505898
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 5
x-stripe-client-envoy-start-time-us: 1710022503505309
access-control-allow-credentials: true
content-length: 0

GET
H2 200 shared-e5fa3fec3ae52e82c9dbe99744d9674a.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 3AFB 537 KB
130 KB 35ms
34ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 varnish
age: 70356
x-cache: HIT
content-length: 133401
x-request-id: 317b3022-0a0d-4a82-b73a-d3746ff8cd4f
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "ae80f9950714ec2bafdb890ef9866f99"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9

GET
H2 200 ui-shared-7dc68cc03f2c5456e360a1e943f92a71.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 3AFB 415 KB
118 KB 34ms
34ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/ui-shared-7dc68cc03f2c5456e360a1e943f92a71.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

7cdedf0496c95ba2b3c5ad025c2bf6f59ed42dd3f3a1d35d60f8cc7e8b1bee49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 varnish
age: 70350
x-cache: HIT
content-length: 120198
x-request-id: 1589d07a-e710-4168-acb5-9294cbeef49a
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Sat, 09 Mar 2024 02:38:17 GMT
server: Fastly
etag: "8fc3b02c892cad2f2ee7ffcb7e4adef8"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3892

GET
H2 200 elements-inner-payment-request-5045daf48c86b743da2874b548c46415.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 3AFB 73 KB
26 KB 35ms
35ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/elements-inner-payment-request-5045daf48c86b743da2874b548c46415.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

80354fb397ad4656fa5814c41d9fd5464583c402b2b5a95cb649875927931743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 varnish
age: 446562
x-cache: HIT
content-length: 25968
x-request-id: 40b20be3-84d9-4c2d-8821-ff945a27618a
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Mon, 04 Mar 2024 18:06:16 GMT
server: Fastly
etag: "654586738640c3c5cbfea23a1dc67e7d"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8637

GET
H2 200 ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css
js.stripe.com/v3/fingerprinted/css/ Frame 3AFB 20 KB
3 KB 33ms
32ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/ui-shared-1d27f4e2b314637ba4bb9d7ff79c23c7.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 varnish
age: 4015517
x-cache: HIT
content-length: 3304
x-request-id: c7ee117d-25e1-4e59-b5a3-9926bc113a66
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Mon, 24 Jul 2023 20:23:04 GMT
server: Fastly
etag: "b361d7109e9925ca18e32c9da528520f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 51346

GET
H2 200 elements-inner-payment-request-30c75c9984170b682d45e5a26a564e7b.css
js.stripe.com/v3/fingerprinted/css/ Frame 3AFB 11 KB
3 KB 35ms
35ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/css/elements-inner-payment-request-30c75c9984170b682d45e5a26a564e7b.css

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

b86c2a2bbfa9454750609b50a03f9510289842fc2268544bfc53921e1d9e65e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:03 GMT
via: 1.1 varnish
age: 446561
x-cache: HIT
content-length: 2577
x-request-id: 677a6f73-8c15-4c2c-ad3e-06889d58d27a
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Mon, 04 Mar 2024 18:06:05 GMT
server: Fastly
etag: "fa32759e8db8ce19c25f0147f1281e2d"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8720

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
272 B 120ms
119ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503564636
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 3
x-stripe-client-envoy-start-time-us: 1710022503564229
access-control-allow-credentials: true
content-length: 0

GET
H2 200 .deploy_status_henson.json Show response
js.stripe.com/v3/ Frame 3AFB 474 B
399 B 33ms
33ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/.deploy_status_henson.json

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://js.stripe.com/v3/elements-inner-payment-request-d9c6608d88003c49cb00acc46820c3d2.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: br
via: 1.1 varnish
strict-transport-security: max-age=31556926; includeSubDomains; preload
age: 51
x-cache: HIT
content-length: 298
x-request-id: 1e1ccbc0-5487-4ead-97ac-a756fae9c43f
x-served-by: cache-mia-kmia1760024-MIA
last-modified: Sat, 09 Mar 2024 03:17:41 GMT
server: Fastly
etag: "abf0cb9b2315500db3445ffbd3bb17d5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 62

POST
H2 200 b Show response
r.stripe.com/ Frame A6CE 0
272 B 118ms
118ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503679933
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 2
x-stripe-client-envoy-start-time-us: 1710022503679381
access-control-allow-credentials: true
content-length: 0

POST
H3 204 rum Show response
secure.winred.com/cdn-cgi/ 0
142 B 43ms
34ms XHR
text/plain 2606:4700::6813:d359
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/json

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://secure.winred.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 861e6be7eac87494-MIA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
84 KB 93ms
92ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11094181768

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M27JCG

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

deea53f188a975e5aef536924e5f9cc7a1715a07b2997e7a20d0e80164e1cf8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85540
x-xss-protection: 0
last-modified: Sat, 09 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Mar 2024 22:15:03 GMT

GET
H2 200 hcaptcha.html Show response
newassets.hcaptcha.com/captcha/v1/fadb9c6/static/ Frame 1C0B 2 KB
1 KB 58ms
39ms Document
text/html 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=ak09m2l7ov

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=captchaLoad&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afdff3c753ee3fa12020ee8f214b491fe7961bbf155385134cbf346996277fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://b.stripecdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 872022
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 861e6be829d7128b-MIA
content-encoding: br
content-type: text/html
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 22:15:03 GMT
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 8285570aba5e7b415ddceb68e221bf8a.cloudfront.net (CloudFront)
x-amz-cf-id: UCnwSZsMIBgLhe3aGaPTVZ_ANmuiBX0eBlPqlaKIjLacyjha9LFA6A==
x-amz-cf-pop: MIA3-C4
x-amz-server-side-encryption: AES256
x-amz-version-id: w380JAJSDRpHmjdLNet.Oei.HbAumRcl
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 122ms
121ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:03 GMT
x-stripe-server-envoy-start-time-us: 1710022503750874
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 6
x-stripe-client-envoy-start-time-us: 1710022503750485
access-control-allow-credentials: true
content-length: 0

GET
H2 200 hcaptcha.js Show response
newassets.hcaptcha.com/captcha/v1/fadb9c6/ Frame 1C0B 376 KB
106 KB 41ms
40ms Script
application/javascript 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=ak09m2l7ov

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=ak09m2l7ov
Origin: https://newassets.hcaptcha.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 eca8616127916fa339e7718294322b64.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: Y83AnVQfVaYtiCkhua7rz_C8xbCj9kI1
age: 862794
x-amz-cf-pop: MIA3-C4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Feb 2024 13:10:44 GMT
server: cloudflare
etag: W/"cf161ae1463888e6b05f1ecd1d11305b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 861e6be8aa3f128b-MIA
x-amz-cf-id: H0qDo0qcTHRnk9DezAm3kxpqeGja5feA6vOb7utcHwODphgdQGv6wQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11094181768/ 2 KB
1 KB 94ms
85ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11094181768/?random=1710022503815&cv=11&fst=1710022503815&bg=ffffff&guid=ON&async=1&gtm=45be4360v9102692410za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&hn=www.googleadservices.com&frm=0&tiba=MAGA&npa=0&pscdl=noapi&auid=175027967.1710022502&uamb=0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11094181768

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1cc0ea7333c638ac9a26e6613882be5ec3cb3cf5f03fad44584b1e84c8633eec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1372
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 checksiteconfig Show response
api.hcaptcha.com/ Frame 1C0B 719 B
811 B 63ms
49ms XHR
application/json 104.19.219.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hcaptcha.com/checksiteconfig?v=fadb9c6&host=b.stripecdn.com&sitekey=463b917e-e264-403f-ad34-34af0ee10294&sc=1&swa=1&spst=1

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.219.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a054211c8c1a463f0378ef3e818155d4dd929ac89729df59f353b12e8ca2ab46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://newassets.hcaptcha.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 861e6be97aeb128b-MIA
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
alt-svc: h3=":443"; ma=86400

GET
H2 200 /
www.google.com/pagead/1p-user-list/11094181768/ 42 B
108 B 114ms
113ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11094181768/?random=1710022503815&cv=11&fst=1710021600000&bg=ffffff&guid=ON&async=1&gtm=45be4360v9102692410za220&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&frm=0&tiba=MAGA&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqxHC9ndMvwCX-jKG3nH8s0uIlW1MaCHGE1A39zd767sNeC49m&random=232797883&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Mar 2024 22:15:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 hsw.js Show response
newassets.hcaptcha.com/c/4753532/ Frame 1C0B 505 KB
220 KB 51ms
50ms Script
application/javascript 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/c/4753532/hsw.js

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0dc7511f9f3b8369a23f2a94f49b27b025a3719b0fba66b2c20701d6ab82820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/static/hcaptcha.html?_v=ak09m2l7ov
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 22:15:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6c06d3b8fdddf587c323accc30a7e51c.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: xYmORh03N7Se5zk_65rH8kcKE5HmZuvB
age: 792080
x-amz-cf-pop: MIA3-C4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Feb 2024 12:49:07 GMT
server: cloudflare
etag: W/"33b2f95bda4299b75e695ffc983fcda5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 861e6be9c9b3d9c5-MIA
x-amz-cf-id: G3SNzQ36FIVa7lmgBYdyjsijyzAUmfcfyXGd_jYf_mgi3ATWgisqFw==

POST
H3 200 463b917e-e264-403f-ad34-34af0ee10294 Show response
api.hcaptcha.com/getcaptcha/ Frame 1C0B 3 KB
4 KB 230ms
230ms XHR
application/octet-stream 104.19.218.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hcaptcha.com/getcaptcha/463b917e-e264-403f-ad34-34af0ee10294

Requested by

Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/fadb9c6/hcaptcha.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.218.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7db98b51eab671829b41ff95dbd27f216a69fd7cad56de254f13637e6fb23b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json, application/octet-stream
Referer: https://newassets.hcaptcha.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 09 Mar 2024 22:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://newassets.hcaptcha.com
access-control-allow-credentials: true
cf-ray: 861e6bec7cded9c5-MIA
alt-svc: h3=":443"; ma=86400
content-length: 3314

POST
H2 200 b Show response
r.stripe.com/ Frame 7B82 0
271 B 120ms
120ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:04 GMT
x-stripe-server-envoy-start-time-us: 1710022504507482
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 4
x-stripe-client-envoy-start-time-us: 1710022504507071
access-control-allow-credentials: true
content-length: 0

POST
H2 200 b Show response
r.stripe.com/ Frame 03FE 0
271 B 119ms
118ms Fetch
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r.stripe.com/b
Requested by: Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-e5fa3fec3ae52e82c9dbe99744d9674a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-187-159-182.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://js.stripe.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color: blue
date: Sat, 09 Mar 2024 22:15:04 GMT
x-stripe-server-envoy-start-time-us: 1710022504756083
server: nginx
content-type: text/plain
access-control-allow-origin: https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms: 2
x-stripe-client-envoy-start-time-us: 1710022504755581
access-control-allow-credentials: true
content-length: 0

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/3/ 255 KB
56 KB 64ms
63ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/3/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1869f3c799186ad29aa2996195c838024ad3aacc77d32d1acfae19b7f76a0d09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 17:57:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56717
x-xss-protection: 0
last-modified: Tue, 05 Mar 2024 00:18:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Mar 2025 17:57:11 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/56/3/ 180 KB
56 KB 88ms
88ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/56/3/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b39eb45d39e9f00365df95ad79c4341cf04b63c43090fb3adc292e61352fc533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 18:57:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11872
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56817
x-xss-protection: 0
last-modified: Tue, 05 Mar 2024 00:18:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Mar 2025 18:57:14 GMT

GET
H2 200 trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js Show response
js.stripe.com/v3/fingerprinted/js/ 176 B
318 B 33ms
32ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Mar 2024 22:15:08 GMT
via: 1.1 varnish
age: 3342922
x-cache: HIT
content-length: 127
x-request-id: f5b8d118-2502-4f1b-9c4c-2f9cf4841011
x-served-by: cache-mia-kmia1760099-MIA
last-modified: Thu, 21 Dec 2023 18:13:43 GMT
server: Fastly
etag: "96f5b26d366f47393b3ff36fe7471474"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 88465

GET collect
gtm.winred.com/g/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gtm.winred.com
URL: https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4360v867905447z872410129za220&_p=1710022500958&gcd=13l3l3l3l1&npa=0&dma=0&cid=430285545.1710022502&ul=en-us&sr=1600x1200&ur=US-FL&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.gse=1&sst.gcd=13l3l3l3l1&sst.tft=1710022500958&_s=3&sid=1710022502&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F%3Futm_campaign%3D20240308_Can-Opener.110771_t1459364-3075%26ex_tid%3D20240308_Can-Opener.110771_t1459364-3075&dt=MAGA&en=page_load_time_event&ep.pagepath=%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fsave-america-joint-fundraising-committee%2Flp-prsp-sms-sotu-truths-tma&epn.load_time_sec=3.6&epn.event_fire_time=1710022503655&ep.event_uuid=1ca2c6a2-8cea-4bbf-a44b-ef08c2470a97&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=t&ep.usercategory=anonymous&epn.loading_time_sec_on_window_load=3.56&_et=1287&tfd=8586&richsstsse

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.revv.co/api/v3/users	1970-01-21 04:36:22	Name: rvid Value: 1424814d-645b-4888-9aed-bcd2f8de223f
.secure.winred.com/	1970-01-20 19:00:24	Name: __cf_bm Value: 12ZHAX3O9fqye6IzmGrxVvlweqnEAC5yVO0uHbd2rCc-1710022500-1.0.1.1-ny.Dt1I1Ynqz75o6gmRzHhO1RYHMZnfiMds1OikCu70dXQUv7yD12BtoeCTs_rhJiMkpOJ65D.Sn4_Fwhtj8mw
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075
.revv.co/	1969-12-31 23:59:59	Name: _revv_v3_session Value: NTgvdzdUYjZETHNHaDV6OFE5VTJJOU9sQi9oL3REQmFCSzRrbXR3Tk9qTmZDVFJXUWlPa010Z0JaYUEwY1RzbkQ2RU1neWFHaEN2OTZlNFIxUlpPS2c9PS0tNFN5UElPekZyMXBWamw2dTl4L1JIQT09--ef374b11f6e8ea55d0f344556467887ba8e03869
.revv.co/	1970-01-20 19:00:24	Name: __cf_bm Value: mv3qXlcX0yqAJw_c4I7AG2Je.sxcqwG3D_flDGfXVWA-1710022501-1.0.1.1-ZtBDOUvtCnn9nJ304tEEAAcxzxDM553Sbn4rfZtnJy2B3bWf2eQHrxY7PuKqwGOrZ5nIoRC1qOJf.OMw13f0UQ
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-21 04:36:22	Name: rvid Value: 1424814d-645b-4888-9aed-bcd2f8de223f
.winred.com/	1970-01-20 21:09:58	Name: _gcl_au Value: 1.1.175027967.1710022502
.secure.winred.com/	1970-01-21 03:45:58	Name: cf_clearance Value: mMR37TBVAY0XTZ2bwUzl9M9Y2HnHDQIuPjLfidkdlwM-1710022502-1.0.1.1-r47Clc.dPBNzEl28IIElD0e0TEXUpZF7Z6vGHyOufqv9Mu8bzhrza0adDN.nhVf2gA2tl3lIFU3pyVTOfc4iCQ
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: c0I3ZEVQWnlXNStlcStRcVZ6bXpyOXhpS25yb2NtQlRHdGI1WHA5d0dmMVBMSit4Q3JJWWQwOTN1bkV1RytyQWVQVTJqU3JHN3hIVzFCUExnYnBsZi9VeEJtNzFMbzlUeUV2M3J0K1dWRzlvWTc4bGNEa2ptU2dqZ2ZGZGoxOWlBUlhZVTNwUU1vQXdER0lEczZJYTBtZkFNaVhvM1ZRVE5pckJTL3FpOXE5cUgzby9ldEFQRjZuU2NUMSttbmtpaG1maXBIU2hkNHl5ckY1UVJyM2hBUmZlNkdYajJJMFZkWGdGQWYrcU5MY2tSckNlRVQ0aElQNXJQeVMrS2s2bkFBdTRKVmlWYnFqRW01SHExOW53Y3F4T1RtTEU0UHVPUTlFR00xYndHQ2tXSzlBZnBkR0d4V204OGMySDR6RFE2TFVKcHJDdnhYdU5kOVhVQW9GaVJNT09jbFpHZHU4MVhlblBUZzRrZlVRPS0tKzVoTE1DSVpEZ005U3VlNWp5QXp3dz09--7735dac6efbe32de9250962108a7ae2b28a5c490
secure.winred.com/	1970-01-20 21:24:22	Name: _cids Value: W10=
.winred.com/	1970-01-20 19:01:48	Name: _gid Value: GA1.2.641084634.1710022502
.winred.com/	1970-01-20 19:00:22	Name: _dc_gtm_UA-73658561-7 Value: 1
.winred.com/	1970-01-20 19:00:22	Name: _gat_UA-60901920-1 Value: 1
.winred.com/	1970-01-21 04:36:22	Name: _ga_0YWKLMCX4D Value: GS1.1.1710022502.1.0.1710022502.0.0.0
.winred.com/	1970-01-21 04:36:22	Name: _ga Value: GA1.1.430285545.1710022502
.t.co/	1970-01-21 04:36:22	Name: muc_ads Value: 8199fbf2-4292-4b8a-9653-e77ed3df6162
.twitter.com/	1970-01-21 04:36:22	Name: guest_id_marketing Value: v1%3A171002250252733552
.twitter.com/	1970-01-21 04:36:22	Name: guest_id_ads Value: v1%3A171002250252733552
.twitter.com/	1970-01-21 04:36:22	Name: personalization_id Value: "v1_ScV1bF9DhxtqzHjUjsiK6Q=="
.twitter.com/	1970-01-21 04:36:22	Name: guest_id Value: v1%3A171002250252733552
.winred.com/	1970-01-20 21:09:58	Name: _fbp Value: fb.1.1710022502662.979166602
.winred.com/	1970-01-21 04:36:22	Name: FPID Value: FPID2.2.%2BMr7u64YI%2BXEkeakd0%2FGaY6upF0mUXgY8m3G%2FLcmbJg%3D.1710022502
.winred.com/	1970-01-20 19:00:24	Name: FPGSID Value: 1.1710022502.1710022502.G-X6H0114PDF.9_T7hDP52WfBpOP7CZNL0Q
.winred.com/	1970-01-21 04:36:22	Name: _ga_HNR33QTX08 Value: GS1.2.1710022502.1.0.1710022502.60.0.0
.doubleclick.net/	1970-01-21 04:36:22	Name: IDE Value: AHWqTUlZn3JdkNH8UP7bBwPbW5lg1iuLzBl2QcF1clpGKhR_7y67OpX7HzDsuF3srg0
.doubleclick.net/	1970-01-20 23:19:34	Name: receive-cookie-deprecation Value: 1
m.stripe.com/	1970-01-21 04:36:22	Name: m Value: b2eba9a7-e0f1-49bc-a481-8cedc718b2c2c0ca41
.secure.winred.com/	1970-01-21 03:45:58	Name: __stripe_mid Value: 07ef40e8-0fac-4668-94ac-a9158753b8355fb0b5
.secure.winred.com/	1970-01-20 19:00:24	Name: __stripe_sid Value: 83fcf3cf-181b-43a7-b6d6-0b75fe3889c5fd3379
.winred.com/	1970-01-20 19:01:34	Name: FPLC Value: qXAlaBN%2BD00cCXYnjMXHa0oxN%2FugF%2BgL1rapVJ37W9tej33cQT7JpVC%2BWdRJuLFJxABVWWiVWZK4JegXSbQPCLUw2XsGlbnjcBo3qdhAn8rXa0KTpnH9CqGAxQXayQ%3D%3D
.winred.com/	1970-01-21 04:36:22	Name: _ga_X6H0114PDF Value: GS1.1.1710022502.1.0.1710022503.0.0.0
.google.com/	1970-01-20 23:23:53	Name: NID Value: 512=RutJOqWBNHGekDgLNs61I_4RJdSG0IeNTtxu-AStai1aES0Q6lFS681CXL6f9v46H6_RDydE3WgABBATFBEIvzly11nwOotO2bVe6RcRMLa9PZVYAvoDtLeJvHUP2BVn58dy_W8EONjf6JN6fQgVg2MJtKJ81swpV9uimIvUHK4
api.hcaptcha.com/	1970-01-20 19:43:34	Name: hmt_id Value: e31fbaa9-dfd7-49d7-9efc-abb76c524e8f

44 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1599889267195467?v=2.9.148&r=stable&domain=secure.winred.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://secure.winred.com/save-america-joint-fundraising-committee/lp-prsp-sms-sotu-truths-tma/?utm_campaign=20240308_Can-Opener.110771_t1459364-3075&ex_tid=20240308_Can-Opener.110771_t1459364-3075 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9381094.fls.doubleclick.net
a.ads.rmbl.ws
adservice.google.com
analytics.google.com
analytics.twitter.com
api.hcaptcha.com
app.revv.co
b.stripecdn.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
gtm.winred.com
hcaptcha.com
js.stripe.com
lh7-us.googleusercontent.com
m.stripe.com
m.stripe.network
maps.googleapis.com
merchant-ui-api.stripe.com
newassets.hcaptcha.com
nolib.us
pay.google.com
play.google.com
r.stripe.com
secure.winred.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stripe.com
t.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
gtm.winred.com
104.19.218.90
104.19.219.90
104.244.42.195
104.244.42.5
142.250.80.102
146.75.36.157
151.101.192.176
198.202.176.201
2001:4860:4802:34::181
2600:9000:247b:9200:0:7d26:ee00:93a1
2606:4700::6810:3865
2606:4700::6810:fa45
2606:4700::6813:d359
2607:f8b0:4004:c06::9d
2607:f8b0:4004:c1d::5c
2607:f8b0:4006:806::2003
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80d::2001
2607:f8b0:4006:816::2002
2607:f8b0:4006:81d::2004
2607:f8b0:4006:81d::2008
2607:f8b0:4006:81d::200a
2607:f8b0:4006:81f::200e
2607:f8b0:4006:820::200e
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
34.212.84.166
38.70.189.72
54.187.159.182
75.2.108.118
007b4be1404b0f21a158fa83a2ae9375393b2d932a17e9745aa392fcadc7cf2f
014d09b8b597a8e96a14b52028f7b2927b5a7b7ce5927ee762860fd1b8677096
063054879eec7d015ae3fbee4997239dd1bd2016456a74987fb57ebc864a1a22
06e9cfa1e2fb5b8269f55ebb7dc5ced06737bc1e3faec047ca535265a9d7ac85
076096cac630bd34a3c93ee7f579a866eb44081a0e0fa373e15ff97fb329054f
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
1511387345c0eb0fde467b28a406925d1c7ca932282f4926895fe01c9921e328
170778a905ba5ca37ba728d3a53180483e26a5022dd3f2b96990b7325c59e530
1869f3c799186ad29aa2996195c838024ad3aacc77d32d1acfae19b7f76a0d09
1b563eda3dbdadcc71e09378d95a6c9f338b9d68b685742c67f07a9a924edb1f
1bfb181330911e3736a1fe85f14a2ca94b4728ce86887d11e6b4fea110cd1292
1c08f5c1d3cff9a8f882fca49ac1e3de95cc3c85edae5beb0b4b772d9ef49c1b
1cc0ea7333c638ac9a26e6613882be5ec3cb3cf5f03fad44584b1e84c8633eec
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
26c9072e3ab504f6faaec1e5e8f448d9ff566d92476550ca855aacf865dd2dff
26e5cd6de33ce4b5c5b249c81f99ce8eeac76c8642f21019ff3fbc1efdfddfd6
335b041a57cb1746b5b1634e9537f532503d6691d825dcfc1b4babba301fc3d0
33f7b0cbccd401850fbb68c039a047ab5e0e0f028f03befd4aba9cc8693955e5
34e07c6ce3ca97b757fb44d6a203c36f4a9dd03a66c5dc4ff31c3b78b4ed32df
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
394724ca0118829643c12fb5a033cb66680e51327ba157677d18dec209278a3d
46311e8ed501f8db5fb8f70d41a42bb114c26b13bb130c4e48cb8e87e7aeb054
4b38b26979eaaa677332ff92c1bc28a3908b484217d321a591822b32ddaa49ec
4ec0827f796bdadb833f52dd7ea841e12158d9f488554ecb73479cc2ea6f6d8e
4fa8e89ac5cec62383a2233b5c9d98479a8ff13ad3e0adc874f8d15ddf053562
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
52ff61f8a3c0bc6a5cb3dc91ae468fdee25845bc9863bc943a6b1a6e3cfe371b
58d85ba8e53eddc3d87dc3d8c114812bc7cfd1d49f658d7a0827a898b708d6ec
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
6037734d0ad3dd7b2f31955aeeb4b34e2316f726e1bd884d7dbc979649570049
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6107b0d3cc386025d24b1e78350469c1e9b51e6611d67fc6b24f2abb181b94c8
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
621661fe1c7a59420c624f7a421c566ebfb38cfbc7edd98ee0462c44d15971f9
641defe78e044cbd72e13110f131016fc26c1e8b00ef29ad142e177a0e54bfe1
6a54e4cf9aa70071041eac3976fafc2e959528e8f699a5b0b0ec0dbdab5cb15c
6d43cd65453ea849fe49814f849e61c569709a08c9fb00e7a98609e5dcae613a
6fa3e3c6540600d9350822d57e6844187ffb140e90652b864f6489e18a0cd89a
7046e325bee6e4ffd4581616a2b76772f5749fbd45eb77998a1b5810ed476d2e
756cd5368e3bf22664232c8228b5d7d572cf4b6b8f912ff17da005caea7790c0
78cbe967c1f4e24b0a586fff03fbcd4a98069b27ad23bfe0ef8aef9a9fa22739
7cdedf0496c95ba2b3c5ad025c2bf6f59ed42dd3f3a1d35d60f8cc7e8b1bee49
7db98b51eab671829b41ff95dbd27f216a69fd7cad56de254f13637e6fb23b5a
7e5c70da9f6f8d3044446a7c7c65636d44d643b13fc376c7b3f4195b76d8d2db
7f9c759cf5c578de883f94efb8ccb7a9c49db6f898f1bf094d27912234aabd4d
7fbe8a94ecb5d03772bd3de4e36a8b484d905a8be393f49201932f4521725ff4
80354fb397ad4656fa5814c41d9fd5464583c402b2b5a95cb649875927931743
81a6832550bd52d1c44e1e63c2d9137a441dd53d31302c3070000403d032b012
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
850ab5897d186d343295dcb34f74372ca46dc50abda3295d82043c5dfce60949
8726b07c568b9c0beb4f94f28032b44b05ed250511375c86a1804b2d1db67f63
8b3f8ff3ac18420948dee5e28afc35009f409add491fa510254c992a5dc07787
925b617167e4c6e628f86fecb87b7cea4af209e4a9237b123b0bd81076f06000
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
961951e588ed2cbd0dadda321becf5c4d27451bb0896262f86e7d922da5794ca
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
9a0fea60b23cab2006d139b4934661a679771385be7e2ce011e4797a62bb5199
9c6118142b959d48f825b11ab7ab9cbb551681de4764b45868f0417817c2243b
9db8b420e21f5db6aa0dd50677268861205363d1975b4089e46abe4c8797a6c4
a054211c8c1a463f0378ef3e818155d4dd929ac89729df59f353b12e8ca2ab46
a693667d01b594c70ca5d642638001d39a977df5edf205dda49212ce54751cbd
ab300f7fbf19d240df62d6f94156dee501e8230741c5dbdc9b8180423af61274
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afdff3c753ee3fa12020ee8f214b491fe7961bbf155385134cbf346996277fa3
b0dc7511f9f3b8369a23f2a94f49b27b025a3719b0fba66b2c20701d6ab82820
b39eb45d39e9f00365df95ad79c4341cf04b63c43090fb3adc292e61352fc533
b86c2a2bbfa9454750609b50a03f9510289842fc2268544bfc53921e1d9e65e3
b94b05ccc912f4deadb7dffd20326ce301931340c02efcb1e2a80fb55c59c6c2
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bb3cf6a6747b69d874598f02f390225c27e8dd85dd3cc9f37400aa9d5cb38bdc
be92d9673bff24b4647b2f0f2db11c87a57ba3355e40ebba73da38660179970e
c3c2125ebaeb07268bbc110c5f11486686b0d1b756115142dfbfc855cf82ba43
c67fd705b4a52a62066cd60979c65edfa8b0d6c3da9a8d88d21afd56c11042e9
c844f698787a459f7166b9f367e22deeac86c36f4d24024931297df2bedbdca6
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce483bd57a7d0576c16db84df9cf92b4d94a2c8472f3254dbd2a759704d0fbfd
cf47d3a034eb704dbc6a1b479427ab513892062349ae526c3b96a4ba6465e3d4
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d8424db7d8737b6c35f5996017f01e0d8931bc6fae96222d821489a1e742b723
d9b7faa0259f5b0961455f53b4a507fba4bd0ed70dffac0bdaf2f94298c74b40
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deea53f188a975e5aef536924e5f9cc7a1715a07b2997e7a20d0e80164e1cf8f
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e30033b8ab857c9985e8bef28cff8424602a312642cf8d32338cec1e2b5f95ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e458bfe58478c899de47def330282c9fd66dfe543c5d4a131cec9fbc545c4ca6
e494642088f5cd25721987eaa31497d2ff55b59496fa013795a3569b3f07e54d
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e7a525c76ea7d8411d461e008bc972e77483d247a5f98d69913e89bd15b029b5
e9ba771a0a93967531b81c021cc19452c512ec0ea1e087e773e5176de419bc04
eac1bb2890c6ae6d2cc8653765f594f1209eda9eb0036eef9fde51299e883a5b
eccf72d793ee9369fb1c8217a3cebd89e035b728e6eae08b7e12332886b0f95e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05270c012f1cc9f1e631a07b1d87079e95aa73c95df82eeace0e9daf8e36373
f6430ef46a6bc6a63ac83ee8d4d20765103e9646207e29ac6e444dbe9b686574
f7d5e62862118a898296ea07a799361733b3a788c2806662d803ab4e72596686
f8372e4920304819a1afe1cb4a33def279a032e5d0154b53df47d05abdfc8077
fa2d7ff1b9def979f09e26f0c7dd693cfe25f6dabcadd0f05f9a3712ec9a1742
fa38eebb1eca7c94241152ae35cec12209d942905dc49f6d00dbe50636441258
fedfc64728beee4dcdf576abb2dd3c44b462afc3b5db8c53704629a1ee6dd14c
ff3bcb4b6ff50975328f38e8553353ce3c0a5bf93a578f9c4d6affc81870c349
ff8ecca72ee1ad26b150b7f4ab7b3dc8dbb119fd764e7acbe5dee40f7837a22f

secure.winred.com Open in urlscan Pro 2606:4700::6813:d359 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

167 Requests

99 %HTTPS

60 %IPv6

22 Domains

35 Subdomains

30 IPs

3 Countries

7574 kBTransfer

17956 kBSize

34 Cookies

9 Outgoing links

Page URL History

Redirected requests

167 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700::6813:d359 Public Scan

Screenshot
Live screenshot

Full Image

167
Requests

99 %
HTTPS

60 %
IPv6

22
Domains

35
Subdomains

30
IPs

3
Countries

7574 kB
Transfer

17956 kB
Size

34
Cookies

167 HTTP transactions
0 data transactions