www.theonion.com Open in urlscan Pro
151.101.194.166 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://theonion.com/
Effective URL:
https://www.theonion.com/
Submission: On May 27 via manual (May 27th 2021, 11:59:17 am UTC) from US

Summary HTTP 241 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 63 IPs in 7 countries across 47 domains to perform 241 HTTP transactions. The main IP is 151.101.194.166, located in United States and belongs to FASTLY, US. The main domain is www.theonion.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on May 14th 2021. Valid for: a year.

This is the only time www.theonion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 51	151.101.194.166 151.101.194.166	54113 (FASTLY) (FASTLY)
6	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
2 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.114.217 151.101.114.217	54113 (FASTLY) (FASTLY)
5	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
7	13.226.159.10 13.226.159.10	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	199.232.198.217 199.232.198.217	54113 (FASTLY) (FASTLY)
5	13.226.158.204 13.226.158.204	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:2182:7200:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3039::6815:c076	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
1	34.120.253.250 34.120.253.250	15169 (GOOGLE) (GOOGLE)
1 3	13.226.159.43 13.226.159.43	16509 (AMAZON-02) (AMAZON-02)
1	13.226.159.50 13.226.159.50	16509 (AMAZON-02) (AMAZON-02)
1	52.50.64.214 52.50.64.214	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	54.221.193.128 54.221.193.128	14618 (AMAZON-AES) (AMAZON-AES)
1	35.201.100.179 35.201.100.179	15169 (GOOGLE) (GOOGLE)
1 2	88.214.207.207 88.214.207.207	46636 (NATCOWEB) (NATCOWEB)
3	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
3 6	35.211.168.6 35.211.168.6	15169 (GOOGLE) (GOOGLE)
2 4	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
2	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
4	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
1 1	34.225.97.84 34.225.97.84	14618 (AMAZON-AES) (AMAZON-AES)
1	34.228.209.42 34.228.209.42	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
2	34.98.72.95 34.98.72.95	15169 (GOOGLE) (GOOGLE)
1	52.44.181.48 52.44.181.48	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
3	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1 5	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1 7	52.95.124.170 52.95.124.170	16509 (AMAZON-02) (AMAZON-02)
8	18.188.155.169 18.188.155.169	16509 (AMAZON-02) (AMAZON-02)
1	35.227.229.34 35.227.229.34	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:2182:9e00:0:70b1:7080:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.196.184.242 18.196.184.242	16509 (AMAZON-02) (AMAZON-02)
6 9	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	52.94.232.32 52.94.232.32	16509 (AMAZON-02) (AMAZON-02)
3 4	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 1	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
1 2	34.254.147.143 34.254.147.143	16509 (AMAZON-02) (AMAZON-02)
1 1	185.33.221.52 185.33.221.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
7	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1 1	185.29.132.144 185.29.132.144	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3 7	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	88.214.193.99 88.214.193.99	46636 (NATCOWEB) (NATCOWEB)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	3.125.99.7 3.125.99.7	16509 (AMAZON-02) (AMAZON-02)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
241	63

51 151.101.194.166 (United States) 1 redirects

ASN54113 (FASTLY, US)

theonion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.theonion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kinja.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.kinja-img.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.108.144.24 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.speedcurve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.226.159.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-10.dus51.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.198.217 (United States)

ASN54113 (FASTLY, US)

static.scroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.226.158.204 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-158-204.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:7200:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c076 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

kinja-com.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.226.159.43 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-43.dus51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.159.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-50.dus51.r.cloudfront.net

cdn.britepool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.64.214 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-64-214.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.221.193.128 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-193-128.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.100.179 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 179.100.201.35.bc.googleusercontent.com

connect.scroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.214.207.207 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)

colossusssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.211.168.6 (North Charleston, United States) 3 redirects

ASN15169 (GOOGLE, US)

sofia.trustx.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.242 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.225.97.84 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

px.britepool.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.228.209.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.44.181.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-181-48.compute-1.amazonaws.com

idx.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.95.124.170 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.188.155.169 (Columbus, United States)

ASN16509 (AMAZON-02, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.229.34 (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:9e00:0:70b1:7080:93a1 (United States)

ASN16509 (AMAZON-02, US)

sync-amz.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.184.242 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.34 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.94.232.32 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.190 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.254.147.143 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.52 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.144 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.193.99 (United Kingdom)

ASN46636 (NATCOWEB, US)

sync.colossusssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.99.7 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	googlesyndication.com c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	336 KB
21	doubleclick.net 6 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	174 KB
21	kinja-static.com f.kinja-static.com x.kinja-static.com	541 KB
18	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	411 KB
18	theonion.com 1 redirects theonion.com www.theonion.com	266 KB
14	2mdn.net s0.2mdn.net	226 KB
13	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com	41 KB
12	rubiconproject.com 4 redirects fastlane.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	18 KB
11	casalemedia.com 2 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	12 KB
11	kinja-img.com i.kinja-img.com	503 KB
9	media.net hbx.media.net prebid.media.net cs.media.net	130 KB
7	google.com 1 redirects ampcid.google.com www.google.com adservice.google.com	2 KB
7	adlightning.com tagan.adlightning.com	140 KB
6	trustx.org 3 redirects sofia.trustx.org	4 KB
5	ampproject.org cdn.ampproject.org	101 KB
5	yahoo.com 1 redirects c2shb.ssp.yahoo.com pr-bh.ybp.yahoo.com	4 KB
5	adnxs.com 3 redirects ib.adnxs.com secure.adnxs.com	4 KB
4	googleapis.com imasdk.googleapis.com	680 KB
4	everesttech.net 3 redirects sync-tm.everesttech.net	1 KB
4	adsrvr.org insight.adsrvr.org match.adsrvr.org	1 KB
4	bounceexchange.com tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com	123 KB
3	criteo.com bidder.criteo.com gum.criteo.com	618 B
3	colossusssp.com 1 redirects colossusssp.com sync.colossusssp.com	2 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	w55c.net 2 redirects pm.w55c.net	1 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	criteo.net static.criteo.net	53 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	3lift.com 2 redirects eb2.3lift.com	744 B
2	rlcdn.com api.rlcdn.com id.rlcdn.com	288 B
2	chartbeat.net ping.chartbeat.net	337 B
2	google.de ampcid.google.de www.google.de	971 B
2	britepool.com 1 redirects cdn.britepool.com px.britepool.com api.britepool.com Failed	43 KB
2	scroll.com static.scroll.com connect.scroll.com	19 KB
1	mathtag.com 1 redirects sync.mathtag.com	611 B
1	simpli.fi 1 redirects um.simpli.fi	619 B
1	yieldmo.com sync-amz.ads.yieldmo.com	483 B
1	google.ch adservice.google.ch	799 B
1	liadm.com idx.liadm.com	688 B
1	thrtle.com thrtle.com
1	btloader.com btloader.com	5 KB
1	videoplayerhub.com 1 redirects kinja-com.videoplayerhub.com	548 B
1	chartbeat.com static.chartbeat.com	14 KB
1	kinja.com kinja.com	1 KB
1	speedcurve.com cdn.speedcurve.com	7 KB
1	indexww.com js-sec.indexww.com	16 KB
241	47

	Domain	Requested by
17	www.theonion.com	www.theonion.com x.kinja-static.com
16	x.kinja-static.com	www.theonion.com
14	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com s0.2mdn.net c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
13	tpc.googlesyndication.com	tagan.adlightning.com c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com www.theonion.com cdn.ampproject.org
12	pagead2.googlesyndication.com	srcdoc c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com tagan.adlightning.com tpc.googlesyndication.com www.theonion.com x.kinja-static.com
11	i.kinja-img.com	www.theonion.com
9	cm.g.doubleclick.net	6 redirects eus.rubiconproject.com googleads.g.doubleclick.net
8	capi.connatix.com	x.kinja-static.com
7	dsum-sec.casalemedia.com	2 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
7	aax-eu.amazon-adsystem.com	1 redirects tagan.adlightning.com aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com eus.rubiconproject.com
7	tagan.adlightning.com	www.theonion.com tagan.adlightning.com c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
6	img.connatix.com	www.theonion.com
6	sofia.trustx.org	3 redirects www.theonion.com
5	cdn.ampproject.org	www.theonion.com
5	www.google.com	1 redirects www.theonion.com c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com tagan.adlightning.com
5	c.amazon-adsystem.com	www.theonion.com x.kinja-static.com
5	securepubads.g.doubleclick.net	www.theonion.com tagan.adlightning.com x.kinja-static.com
5	hbx.media.net	www.theonion.com hbx.media.net
5	f.kinja-static.com	www.theonion.com
4	pixel.rubiconproject.com	eus.rubiconproject.com
4	imasdk.googleapis.com	tagan.adlightning.com
4	sync-tm.everesttech.net	3 redirects ssum-sec.casalemedia.com
4	c2shb.ssp.yahoo.com	x.kinja-static.com
4	ib.adnxs.com	2 redirects x.kinja-static.com
3	googleads.g.doubleclick.net	c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com tagan.adlightning.com www.theonion.com
3	token.rubiconproject.com	3 redirects
3	match.adsrvr.org	x.kinja-static.com ssum-sec.casalemedia.com eus.rubiconproject.com
3	prebid.media.net	x.kinja-static.com
3	sb.scorecardresearch.com	1 redirects tagan.adlightning.com www.theonion.com
3	www.google-analytics.com	www.theonion.com x.kinja-static.com
2	pm.w55c.net	2 redirects
2	googleads4.g.doubleclick.net	www.theonion.com
2	www.googletagservices.com	securepubads.g.doubleclick.net c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
2	static.criteo.net	www.theonion.com x.kinja-static.com
2	dpm.demdex.net	1 redirects ssum-sec.casalemedia.com
2	eb2.3lift.com	2 redirects
2	eus.rubiconproject.com	aax-eu.amazon-adsystem.com eus.rubiconproject.com
2	ssum-sec.casalemedia.com	aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com
2	c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com	tagan.adlightning.com
2	assets.bounceexchange.com	tagan.adlightning.com
2	stats.g.doubleclick.net	x.kinja-static.com
2	htlb.casalemedia.com	x.kinja-static.com
2	bidder.criteo.com	x.kinja-static.com
2	fastlane.rubiconproject.com	x.kinja-static.com
2	colossusssp.com	1 redirects x.kinja-static.com
2	ping.chartbeat.net	www.theonion.com
2	cds.connatix.com	www.theonion.com tagan.adlightning.com
1	ade.googlesyndication.com
1	cs.media.net
1	gum.criteo.com	tagan.adlightning.com
1	sync.colossusssp.com
1	id.rlcdn.com	eus.rubiconproject.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	vid.connatix.com	x.kinja-static.com
1	pixel-eu.rubiconproject.com	1 redirects
1	secure.adnxs.com	1 redirects
1	um.simpli.fi	1 redirects
1	s.amazon-adsystem.com	ssum-sec.casalemedia.com
1	sync-amz.ads.yieldmo.com	aax-eu.amazon-adsystem.com
1	adservice.google.com	tagan.adlightning.com
1	adservice.google.ch	tagan.adlightning.com
1	api.bounceexchange.com	tagan.adlightning.com
1	www.google.de	www.theonion.com
1	api.rlcdn.com	x.kinja-static.com
1	idx.liadm.com	x.kinja-static.com
1	thrtle.com	www.theonion.com
1	px.britepool.com	1 redirects
1	connect.scroll.com	x.kinja-static.com
1	ampcid.google.de	www.google-analytics.com
1	insight.adsrvr.org	www.theonion.com
1	cdn.britepool.com	tagan.adlightning.com
1	tag.bounceexchange.com	tagan.adlightning.com
1	cd.connatix.com	1 redirects
1	btloader.com	www.theonion.com
1	kinja-com.videoplayerhub.com	1 redirects
1	static.chartbeat.com	tagan.adlightning.com
1	static.scroll.com	tagan.adlightning.com
1	ampcid.google.com	www.google-analytics.com
1	kinja.com	www.theonion.com
1	cdn.speedcurve.com	www.theonion.com
1	js-sec.indexww.com	www.theonion.com
1	theonion.com	1 redirects
0	api.britepool.com Failed	x.kinja-static.com
241	84

This site contains links to these domains. Also see Links.

Domain
theonion.com
avclub.com
deadspin.com
gizmodo.com
jalopnik.com
jezebel.com
kotaku.com
lifehacker.com
theroot.com
thetakeout.com
theinventory.com
store.theonion.com
onionnative.kinja.com

Subject Issuer	Validity	Valid
*.avclub.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-14` - `2022-06-15`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.speedcurve.com GlobalSign Atlas R3 DV TLS CA 2020	`2020-12-09` - `2022-01-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.adlightning.com Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.scroll.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-06` - `2021-10-06`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
tag.bounceexchange.com R3	`2021-03-28` - `2021-06-26`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
cdn.britepool.com Amazon	`2021-04-15` - `2022-05-14`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.colossusssp.com Go Daddy Secure Certificate Authority - G2	`2020-10-06` - `2021-11-07`	a year	crt.sh
sofia.trustx.org Sectigo RSA Domain Validation Secure Server CA	`2020-12-15` - `2021-12-29`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-18` - `2021-09-08`	6 months	crt.sh
*.thrtle.com Go Daddy Secure Certificate Authority - G2	`2021-03-22` - `2022-04-23`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.liadm.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
api.bounceexchange.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.ads.yieldmo.com Amazon	`2021-01-18` - `2022-02-15`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://www.theonion.com/
Frame ID: 192A7FD68D13F5E30FCFE0F38402A50C
Requests: 147 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Frame ID: 628F04A4EDA2C7C54CAC8F0D5E3134A8
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: 125F65D3C49BBE92F71F683908375719
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: F42DA72B9183995D2ECF32D4099613D8
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Frame ID: 40E2B0FD2F097798BA22A9B4CB4ECAEA
Requests: 10 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Frame ID: CB49774BB98906CBBF6314DB7D3CDFA7
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Frame ID: 2DA9681292D958818337070F66B8659B
Requests: 11 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4554056646552464802&ex=appnexus.com
Frame ID: 0C6821A575AF52B098C85A9638258AEB
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1926174938368787089
Frame ID: A5E5BAC7C5941D749ECF6F0EDF250BE8
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html
Frame ID: 10CA669F4A854D2FF8D6C783A1941E8B
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html
Frame ID: 316E1503B1927E8A3FDDD33B04819EFE
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html
Frame ID: D975DEA04E1FF0B5F433E9891F50B746
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C251001EA1EDE1C78B432BC08F023E49
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 92CB106F181662F1C0EA21E80CCEF306
Requests: 1 HTTP requests in this frame

Frame: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3466677509D97847B2280F4AA4261A89
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 89974A57CC8D0DDFC3C6A9E848D03F3D
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/gomedia/bl-165eba0-d3cb199c.js
Frame ID: 3D387AF8E904D0132E7CD57835F2A242
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg
Frame ID: 4C8FCAFE26038B6B03087D9349210E89
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1605078249191/index.html
Frame ID: 3554D35D62D4ACEBBB6AD3ABD40A80BB
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 675576A1B357407006C929098AAE5066
Requests: 3 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C229%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=2448&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: E6814D5849A392A46B43527A2C527465
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.theonion.com
Frame ID: D8EA9C04A196CB357F5F9E0FFBB04C64
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: A827579C6EC5CE067938E83AEA7B6BB8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 06ADC096EB052801033D1CF381E76ECD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://theonion.com/ HTTP 307
https://theonion.com/ HTTP 301
https://www.theonion.com/ Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Page Statistics

241
Requests

97 %
HTTPS

31 %
IPv6

47
Domains

84
Subdomains

63
IPs

7
Countries

3955 kB
Transfer

11886 kB
Size

34
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://theonion.com/
Title: The Onion

Search URL Search Domain Scan URL

URL: https://avclub.com/
Title: The A.V. Club

Search URL Search Domain Scan URL

URL: https://deadspin.com/
Title: Deadspin

Search URL Search Domain Scan URL

URL: https://gizmodo.com/
Title: Gizmodo

Search URL Search Domain Scan URL

URL: https://jalopnik.com/
Title: Jalopnik

Search URL Search Domain Scan URL

URL: https://jezebel.com/
Title: Jezebel

Search URL Search Domain Scan URL

URL: https://kotaku.com/
Title: Kotaku

Search URL Search Domain Scan URL

URL: https://lifehacker.com/
Title: Lifehacker

Search URL Search Domain Scan URL

URL: https://theroot.com/
Title: The Root

Search URL Search Domain Scan URL

URL: https://thetakeout.com/
Title: The Takeout

Search URL Search Domain Scan URL

URL: https://theinventory.com/
Title: The Inventory

Search URL Search Domain Scan URL

URL: https://store.theonion.com/
Title: Shop

Search URL Search Domain Scan URL

URL: https://onionnative.kinja.com/how-to-live-rich-and-reckless-1846967013
Title:

Search URL Search Domain Scan URL

URL: https://onionnative.kinja.com/
Title: Onion Sponsored Content

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://theonion.com/ HTTP 307
https://theonion.com/ HTTP 301
https://www.theonion.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

https://kinja-com.videoplayerhub.com/gallery.js HTTP 301
https://btloader.com/tag?h=kinja-com&upapi=true

Request Chain 61

https://cd.connatix.com/connatix.playspace.js HTTP 302
https://cds.connatix.com/p/118660/connatix.playspace.dc.js

Request Chain 83

https://sofia.trustx.org/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000 HTTP 302
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

Request Chain 96

https://sofia.trustx.org/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000 HTTP 302
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

Request Chain 99

https://px.britepool.com/new?partner_id=t HTTP 302
https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=244d69ad-7c4d-442b-b81f-0b316395d6a2

Request Chain 102

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=

Request Chain 110

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

Request Chain 124

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=4554056646552464802&ex=appnexus.com

Request Chain 125

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1926174938368787089

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESECwZQ3P__fwv5_6U3Z4Kyys&google_cver=1

Request Chain 129

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YK.JfpFfBm2OM7LvnkCj8AAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2

Request Chain 131

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YK_JfwABWvDOeAA4

Request Chain 132

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=41EFF775772643339344FE470293C997

Request Chain 133

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158

Request Chain 134

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4554056646552464802

Request Chain 136

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KP6UF74U-1Q-596O&ex=d-rubiconproject.com&status=ok

Request Chain 140

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=5fd160af-897f-4100-b347-cab16db7ef25

Request Chain 141

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/ofaXOkdQbVTwiB2_tQtHVcn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=90278421757898669

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA28xQHdr96mdHJKmzZR4sE&google_cver=1

Request Chain 144

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTJlMTc2NTE4MmE1Y2I5NmYzNmYwZTE3MTIwZDM1MzI1NmM5MDkwYw

Request Chain 146

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2VUY3NFUtMVEtNTk2Tw==

Request Chain 147

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YK_JfwABWu3OgAA4 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YK_JfwABWu3OgAA4&_test=YK_JfwABWu3OgAA4

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1

Request Chain 193

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YK.JfpFfBm2OM7LvnkCj8AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2

Request Chain 194

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 220

https://colossusssp.com/?c=o&m=cookie HTTP 302
https://sync.colossusssp.com/hms.gif?puid=d636620b50818fd571362d61328a2020d57881f3

Request Chain 232

https://sofia.trustx.org/push_sync HTTP 302
https://pm.w55c.net/ping_match.gif?st=TRUSTX&rurl=https%3A%2F%2Fsofia.trustx.org%2Fsync%3Ftp_id%3D15%26tp_uid%3D_wfivefivec_%26ssp_custom_data%3D HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=TRUSTX&rurl=https%3A%2F%2Fsofia.trustx.org%2Fsync%3Ftp_id%3D15%26tp_uid%3D_wfivefivec_%26ssp_custom_data%3D HTTP 302
https://sofia.trustx.org/sync?tp_id=15&tp_uid=97GFsTlt1LMeFc5&ssp_custom_data=

241 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.theonion.com/
Redirect Chain

http://theonion.com/
https://theonion.com/
https://www.theonion.com/

445 KB
54 KB

23ms
22ms

Document
text/html

151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Express

Resource Hash

ffbc1da39f4aa0ea52589a753a0d6b760df894a3249beb867ab551bb6a13506b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.theonion.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KinjaBucket=e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-powered-by: Express
x-kinja: kinja-magma-kube02-767c489dcf-l5kpx #2717
x-kinja-revision: d8f17e9dbc0b346cd3c5fbe8e7869bd9aa2c18ca
x-kinja-server: kinja-magma-kube02-767c489dcf-l5kpx
x-kinja-build: 2717
cache-control: stale-if-error=86400, stale-while-revalidate=300
content-security-policy: frame-ancestors 'self'; upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-googlenews-bot: false
content-type: text/html; charset=utf-8
etag: W/"6f301-6h9LUhABIriXF3idPOJAdx1TvTE"
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-cdn-fetch: mantle-default
accept-ranges: bytes
date: Thu, 27 May 2021 11:58:54 GMT
age: 188
x-served-by: cache-bwi5127-BWI, cache-hhn4054-HHN
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1622116734.048930,VS0,VE1
x-ua-device: desktop
set-cookie: geocc=CH;path=/;
vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, Cookie, X-GoogleNews-Bot, X-Kinja-WelcomeAdLoadedV1, X-Kinja-Req-Origin-US, X-Kinja-SuperHeroLoaded, X-Kinja-GDPR, X-Kinja-CCPA, Authorization
content-length: 53090

Redirect headers

x-powered-by: Express
x-kinja: kinja-magma-kube01-7cf68896c6-dqnms #2717
x-kinja-revision: d8f17e9dbc0b346cd3c5fbe8e7869bd9aa2c18ca
x-kinja-server: kinja-magma-kube01-7cf68896c6-dqnms
x-kinja-build: 2717
cache-control: stale-if-error=86400, stale-while-revalidate=300
content-security-policy: frame-ancestors 'self'; upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-googlenews-bot: false
location: https://www.theonion.com/
content-type: text/html; charset=utf-8
via: 1.1 varnish, 1.1 varnish
x-cdn-fetch: mantle-default
accept-ranges: bytes
date: Thu, 27 May 2021 11:58:54 GMT
age: 0
x-served-by: cache-bwi5148-BWI, cache-hhn4054-HHN
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1622116734.939057,VS0,VE87
x-ua-device: desktop
set-cookie: geocc=CH;path=/; KinjaBucket=e;path=/;Max-Age=31536000;domain=theonion.com;SameSite=None;Secure; KinjaSetBucket=e|1622116500|MVqI7OOAw2bt3D0OfK4ohaDzqtzkb7TR2XL5hf49OPM=;path=/;Max-Age=300;SameSite=None;Secure;
vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, Cookie, X-GoogleNews-Bot, X-Kinja-WelcomeAdLoadedV1, X-Kinja-Req-Origin-US, X-Kinja-SuperHeroLoaded, X-Kinja-GDPR, X-Kinja-CCPA, Accept, Authorization
content-length: 106

GET
H2 200 proxima_nova_cond_reg-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 70ms
19ms Font
binary/octet-stream 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_reg-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 50
x-cache: HIT
content-length: 28044
x-amz-id-2: dYhZkzb1y6BNmv7G0mBlIeQ9MkB2bmDvZMmakC4XFPs9UBxUdX53CPT0LrEGr453BCZbe/xKTtg=
x-served-by: cache-hhn4039-HHN
last-modified: Wed, 12 May 2021 22:27:48 GMT
server: AmazonS3
x-timer: S1622116734.131877,VS0,VE0
etag: "94cbaf403b2922fd6858c812dae091fb"
x-amz-request-id: G5EKV0D12V26KKD9
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 2

GET
H2 200 proxima_nova_cond_reg_it-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 30 KB
30 KB 95ms
44ms Font
binary/octet-stream 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_reg_it-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3d764be1388f0488c90be29ca58c3ad082f9d954ece8448448779bb79e3ca7a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 120
x-cache: HIT
content-length: 30416
x-amz-id-2: W0m2YV/Mx9xFK3xHlpfZvuIe3rgIbqWNF6CVrahnMiXSd7r7M5dirGWQx3Z8ksDYM85B52B4keM=
x-served-by: cache-hhn4039-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1622116734.132173,VS0,VE0
etag: "bea38ea36d2aba1d5da6e8f842425e40"
x-amz-request-id: 4EWX3BKH2MWM3N67
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 3

GET
H2 200 proxima_nova_cond_sbold-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 101ms
50ms Font
binary/octet-stream 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 8
x-cache: HIT
content-length: 28136
x-amz-id-2: r4NGbedkOwrfpQqfT3YFqNkocXEurDRIIOeZgrD0QCNBazaTmsuin2EPuURmvahe9GC/BAqpmCw=
x-served-by: cache-hhn4039-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1622116734.132152,VS0,VE1
etag: "7ac1e4b7ab03f256e831e00e3b5618a6"
x-amz-request-id: E9F3YW0NDV4ZPA9Y
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 proxima_nova_cond_sbold_it-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 30 KB
30 KB 85ms
35ms Font
binary/octet-stream 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold_it-webfont.woff2?08252015

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 120
x-cache: HIT
content-length: 30232
x-amz-id-2: 9C1cdw9kDnJaXDCHhgBny1iRyokOZW+LeV5mbtVjNNgEvrQB5mr1dLSm3OQjb/nIyUqGoaDpKtE=
x-served-by: cache-hhn4039-HHN
last-modified: Wed, 05 May 2021 21:49:31 GMT
server: AmazonS3
x-timer: S1622116734.132137,VS0,VE0
etag: "6d0ce198b25710fd5d0a2c0fb863b22c"
x-amz-request-id: QFTYJ4GEGFBPY0TF
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 4

GET
H2 200 bidexchange.js Show response
hbx.media.net/ 412 KB
116 KB 311ms
250ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e4ffaf2dc39a01132cbf9bffcabab489bdcadddc0fcba631fde4ba0bf3a144ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Thu, 27 May 2021 12:28:54 GMT

GET
H/1.1 200
OK 183957-47751755686051.js Show response
js-sec.indexww.com/ht/p/ 47 KB
16 KB 568ms
512ms Script
text/javascript 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/183957-47751755686051.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 568068711d00d07ac001e1937acdb4621d0d7ea602ff8beb225c1b9f22701d1d

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 11:58:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 May 2021 11:56:29 GMT
Server: Apache
ETag: "da3642-bde7-5c34e7315b914"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3583
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 15802
Expires: Thu, 27 May 2021 12:58:37 GMT

GET
H2 200 lux.js Show response
cdn.speedcurve.com/js/ 21 KB
7 KB 68ms
20ms Script
application/javascript 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.speedcurve.com/js/lux.js?id=527761496
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 0e7cec00a56dcc4f9b8bafc9003193ccee8cc269f6990c64fc9302b4aa448e6e

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 vegur, 1.1 varnish
age: 91
x-cache: HIT
x-cache-hits: 1
content-encoding: gzip
content-length: 6933
x-served-by: cache-hhn4029-HHN
last-modified: Thu, 27 May 2021 11:57:23 GMT
server: Apache
x-timer: S1622116734.147361,VS0,VE1
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Jun 2021 11:57:23 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 63 KB
21 KB 79ms
28ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

0fb8c36bbd7111ab1af799c0a1f5965d2e6a82b2c13d5ec60b2af0dde5f386ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "884 / 590 of 1000 / last-modified: 1622114387"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21548
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:54 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/gomedia/ 38 KB
14 KB 78ms
26ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/op.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01598efbc8a136f9e26a2f5705be400d2fc80856e17ea6513d921ebd09e78632

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: A5.T8.kQQzO8MdS8lbS.ArX14r7eg.OM
content-encoding: gzip
etag: "c7721cac53fa0b88e12765d4e7e67195"
age: 2194
x-cache: Hit from cloudfront
content-length: 13560
x-amz-meta-git_commit: 165eba0
last-modified: Wed, 26 May 2021 21:31:52 GMT
server: AmazonS3
date: Thu, 27 May 2021 11:22:35 GMT
content-type: application/javascript
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: 9QlbED61aMkbK2ikhmG41SrvNDGSTwYJJKON-jWWMQzwzaJBNFlkmw==

GET
H2 200 vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~889ce567.d6d0a6b456b6a57ebdb3.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 8 KB
3 KB 36ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~889ce567.d6d0a6b456b6a57ebdb3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

abf419ca6f6d5e3c5c89f26cdf1eae7a4c079c6d3566a55959e3ee222398041a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 634795
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2614
x-amz-id-2: 35qItJQfG4NPLzZCr7qgbfTNB2N1Yc8cG7jHUA9hpd8onctTvvPz1NfoYRj6rUkyx/angH3deFg=
x-served-by: cache-fra19157-FRA, cache-hhn4054-HHN
last-modified: Wed, 19 May 2021 20:37:49 GMT
server: AmazonS3
x-timer: S1622116734.052736,VS0,VE1
etag: "01f9996a7090ff7e61a73ea8fa84860c"
vary: Accept-Encoding, Authorization
x-amz-request-id: Q9FBGWZFZ81QGBRC
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~7b1b7e0e.83f32bca1266d80c59d1.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 156 KB
43 KB 15ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboa~7b1b7e0e.83f32bca1266d80c59d1.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6c50de5ea5214d5c8bca51d1f4021d3a84781ddaaed9aa8aea8d183b9bba7077

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33704
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 44014
x-amz-id-2: 0lAci+3zxotna11T56gl3x2/SBsEyztLgnOVH4x6GvzC4zs/+WQUXIHysP6hSalJeztmYCkkyog=
x-served-by: cache-fra19164-FRA, cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:12 GMT
server: AmazonS3
x-timer: S1622116734.051614,VS0,VE1
etag: "03e894c69ddd117e7363d613e3d167fe"
vary: Accept-Encoding, Authorization
x-amz-request-id: ES0G3YR4JJ17831H
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 vendors~adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~err~3a83c825.596e208a3d5cb3d5bb16.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 6 KB
2 KB 36ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~err~3a83c825.596e208a3d5cb3d5bb16.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2ce6ec59c3b4fb4d5b4dd981f15c37b81d46e7390906fb31099b5c5baba78124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1251455
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2212
x-amz-id-2: aI7gO6C3ehi/SRzShcnl5pwg42YJMNhEhjoJRFDluqorpZDKOWRAByfmAQaRfd9wUcydODrdkOE=
x-served-by: cache-hhn4048-HHN, cache-hhn4054-HHN
last-modified: Wed, 12 May 2021 22:28:14 GMT
server: AmazonS3
x-timer: S1622116734.053001,VS0,VE1
etag: "021ad9ad356f359099105cb5b4291d32"
vary: Accept-Encoding, Authorization
x-amz-request-id: K1G90FJTXZ8W460M
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 4, 1

GET
H2 200 vendors~adManager~ads.7598490c003fea9443bf.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 10 KB
3 KB 27ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adManager~ads.7598490c003fea9443bf.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2a9a71312cdfc062f7d8dd7d322a2017cbc8e0834eaf76f42a9ecc6ad7174d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1161670
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2800
x-amz-id-2: wVmpSXYp4OTwBTy8y9I+VgOh9rMp/jU3RuH5BNy2x0WdwsBanw/j5Q7DwXd3z4qEVx5Nay8bLvg=
x-served-by: cache-fra19163-FRA, cache-hhn4054-HHN
last-modified: Thu, 13 May 2021 20:31:37 GMT
server: AmazonS3
x-timer: S1622116734.051474,VS0,VE1
etag: "8b751f3abcbb23899c6b8f5751313a87"
vary: Accept-Encoding, Authorization
x-amz-request-id: SDPVQZKVNSTNKKRW
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 0, 1

GET
H2 200 adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~error~6e1f78b6.9716d7ebc759a73e393b.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 61 KB
14 KB 26ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adEditor~adManager~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~error~6e1f78b6.9716d7ebc759a73e393b.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4857f78184689c788f0dbd1fd37edc5596691e9dc4388290a60219e315bf56e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 784458
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 13503
x-amz-id-2: Oq1Px+bafa7LOBOKStR9jd/SD+XXI+p1TeAbKWkKQpxq0fFl/+TusSfwO/r/MkPtAVepTRLM4Ng=
x-served-by: cache-hhn4033-HHN, cache-hhn4054-HHN
last-modified: Tue, 18 May 2021 10:01:08 GMT
server: AmazonS3
x-timer: S1622116734.051711,VS0,VE1
etag: "3487f2045ed8a314e1c5792b6972f544"
vary: Accept-Encoding, Authorization
x-amz-request-id: 51FF4JBHQ2DYAGDW
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 0, 1

GET
H2 200 adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~errorPage~experiments~featu~804b1df3.e2269939d163c54c230a.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 47 KB
9 KB 14ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adEditor~adManager~ads~categoryPage~channelSectionPage~commerceDashboard~errorPage~experiments~featu~804b1df3.e2269939d163c54c230a.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

eabddc93a53d4ab48ebfb1bdeb39773a7d04d27f6a9e82b00f368d61955c5d5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37308
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 8700
x-amz-id-2: JWCRjP5EdrUSpeGTsG2+JzoWHEVZV0/qKgFCcpu9fzDrMpPIerqeoVVQEdVcDIs9CXI9vJMTKZg=
x-served-by: cache-fra19149-FRA, cache-hhn4054-HHN
last-modified: Tue, 25 May 2021 21:49:06 GMT
server: AmazonS3
x-timer: S1622116734.051372,VS0,VE1
etag: "bc9f12f4d22c06615cb3917414929333"
vary: Accept-Encoding, Authorization
x-amz-request-id: QQVB9Y2SQWEW0RSQ
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adManager~ads~commerceDashboard~errorPage~featureSwitchPage~newsletterPage~profilePage~slideshowPerm~95a337b2.2e89db33ba6e3e68dcc0.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 9 KB
3 KB 25ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager~ads~commerceDashboard~errorPage~featureSwitchPage~newsletterPage~profilePage~slideshowPerm~95a337b2.2e89db33ba6e3e68dcc0.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1ab5e8f02049723599890880252a821a1977b08f1f9fb3b0b14575581315eb7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1837747
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 3152
x-amz-id-2: GIm7c+RDQJX3fq5JNCqj0px44abRm8negPY8c977cLEMLqmuSi8P0dwTnoec6LUF9ISQC8HsTwg=
x-served-by: cache-fra19138-FRA, cache-hhn4054-HHN
last-modified: Wed, 05 May 2021 15:28:38 GMT
server: AmazonS3
x-timer: S1622116734.052337,VS0,VE0
etag: "d8c70a16dd2c3c1e7c726f2e6a27267b"
vary: Accept-Encoding, Authorization
x-amz-request-id: AMRQ3AY5YKJAHKK2
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 15

GET
H2 200 adManager~ads.260fa24aed8f9656088d.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 180 KB
11 KB 34ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager~ads.260fa24aed8f9656088d.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

280aa0d6cbff263e9cbea356ed88de741efd7abc1814f5f897bc727edab2c5e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33081
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 10872
x-amz-id-2: l+Z6GB+E27OCAJ+wObXxm2UkCKqkUQWwt3/GmQfcpjThYf0w0+j04lKgMXEEJy72loS7YgpzGbs=
x-served-by: cache-hhn4073-HHN, cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:10 GMT
server: AmazonS3
x-timer: S1622116734.052312,VS0,VE1
etag: "769a0c8ec1b5585ff516b2d51ef00164"
vary: Accept-Encoding, Authorization
x-amz-request-id: 5Q5DS70025NN6BQ2
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 0, 1

GET
H2 200 vendors~adEditor~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curated~ee56329e.40ffe4204f5be29f50fd.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
2 KB 25ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/vendors~adEditor~ads~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curated~ee56329e.40ffe4204f5be29f50fd.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c2623c377b66546fddb83939116bccb47fc698265387ca1d6b224ef7aaac5cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1842366
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1278
x-amz-id-2: BG89EqjMMUQXQQ4qEX3RdK804djmnjJt2mNmpsfeOQX79DFEZuw1zKqmFtxduPJX8RwJsi7yN+U=
x-served-by: cache-hhn4064-HHN, cache-hhn4054-HHN
last-modified: Wed, 05 May 2021 21:38:54 GMT
server: AmazonS3
x-timer: S1622116734.051360,VS0,VE1
etag: "47b6051e35ae6184c7c0d2201ee2501b"
vary: Accept-Encoding, Authorization
x-amz-request-id: GAS3FAAN656BX5GW
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 accountwithtoken Show response
kinja.com/api/profile/ 197 B
1 KB 121ms
115ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://kinja.com/api/profile/accountwithtoken?jsonp=_fasttoken&newFollows=true

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0cce724acf954078845e24d5525989f93013ab1c327e82289bb0e9e835065d80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-cache: MISS, MISS
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
x-ua-device: desktop
x-cdn-fetch: mantle-setcookie
content-length: 195
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5123-BWI, cache-hhn4054-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1622116734.107937,VS0,VE91
x-frame-options: DENY
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding,Origin
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache, no-store, private
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-cache-hits: 0, 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5522
date: Thu, 27 May 2021 10:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 27 May 2021 12:26:52 GMT

GET
H2 200 ea7476523fc3ca038d861e660b74773f.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 19 KB
19 KB 33ms
27ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ea7476523fc3ca038d861e660b74773f.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f338dbc9c08e6a745f325aff7f1aeeb3ef7ef06d59361e5711c0076190e5d94b

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 5381
x-cache: HIT, HIT
fastly-io-info: ifsz=419879 idim=2000x1125 ifmt=jpeg ofsz=19308 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 19308
x-amz-id-2: iqgfejefGMKkbUyxoAQLww0lXeGbAeje7FQ0aRDJWsZxiOoK6nDun2YX4b1oYuFB4QzDfpbRDk8=
x-served-by: cache-bwi5122-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.107810,VS0,VE1
etag: "ZMExhY0vX+cMLj5qY20YkMA65yqUSeROfUQW4/e/XHY"
vary: Accept
x-amz-request-id: 640JQNQ953T9JAHV
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 22d58d351384398de6d4341341c7b34b.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 8 KB
8 KB 33ms
27ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/22d58d351384398de6d4341341c7b34b.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebcbaff31461efe7ba68773335f1d7bbdeb4b951ae58fe1a71f5fe73b752c87f

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 2257
x-cache: HIT, HIT
fastly-io-info: ifsz=1693200 idim=2000x1125 ifmt=jpeg ofsz=8174 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 8174
x-amz-id-2: IFbwOx8zdWRzD6Tlhdo6zBQj1fx8wKUg/7Z6a6rT3imU27Sb2GqgYk9EScz0xn4+WaMvWTjEz2g=
x-served-by: cache-bwi5135-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.107780,VS0,VE1
etag: "jGKtmg66M5qWy1BSWkc/1oh6NxYAOtzLreCRAAKGjcA"
vary: Accept
x-amz-request-id: 7HN0Y12ZCYJTQ9TB
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 a69c0ce054366699d69571269588caaa.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 8 KB
8 KB 33ms
27ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/a69c0ce054366699d69571269588caaa.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2ca9b139db69e244f2d8ab87b3099bc58fb5afe4afbdc77829a795b9961b8a0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 1758
x-cache: HIT, HIT
fastly-io-info: ifsz=2599085 idim=2000x1125 ifmt=jpeg ofsz=8054 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 8054
x-amz-id-2: sx8QrU4jfgHUcttpVCTV7rKB6xI/HHIFxbke6gF4FjteCM8L2MgIdVerdf/lMHLEJkG0ffsr3S8=
x-served-by: cache-bwi5156-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.107786,VS0,VE1
etag: "LF3367m4Zek1B5RlEWdIeFQS3ihAdtkS3zK6EhfqnHs"
vary: Accept
x-amz-request-id: 5ME7TDT4BS4Y13CD
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 65370d0d8dee27e649d920716294482a.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 7 KB
7 KB 33ms
27ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/65370d0d8dee27e649d920716294482a.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 48e84cc3aa2c0dee869123a153f0d9a449a94e55f63e01c3c3e1fdd9fdd8bebc

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 2415
x-cache: HIT, HIT
fastly-io-info: ifsz=408735 idim=2000x1125 ifmt=jpeg ofsz=6928 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 6928
x-amz-id-2: nEib44odjiKjWcPB34v8W2Eq7/Wm9QAWC1dfjeab/u0XJ6gTwnZ/kgfSdgIQ7eYipKcU1Ix9Ico=
x-served-by: cache-bwi5164-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.107755,VS0,VE1
etag: "H9Are1rMLaIzvMsCd5uZdY8Vl/dUhSuv1yvE6lRMGoo"
vary: Accept
x-amz-request-id: HHMS41R5Q4BJ87MF
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 2, 1

GET
H2 200 d60c9cb867e361cd8b3e2492d8c29de8.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/ 100 KB
100 KB 24ms
21ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/d60c9cb867e361cd8b3e2492d8c29de8.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26c03cbcfe8f8ca51b7136894fc5820ff35af5b44ef181c2f53c7788421b865e

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 1879
x-cache: HIT, HIT
fastly-io-info: ifsz=538815 idim=2000x1125 ifmt=jpeg ofsz=102044 odim=800x450 ofmt=webp
fastly-stats: io=1
content-length: 102044
x-amz-id-2: N+cq6/jH8ozqbnQh476gAIeKPiLtG8biR6h01f5zBbT1G5BwdIAgawFsq5939vzQd+8OGYhNp1Q=
x-served-by: cache-bwi5121-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.113807,VS0,VE1
etag: "aOVpFpYUxCooNjHN6MnpeEa3BsNbxC/M482SK691Pjg"
vary: Accept
x-amz-request-id: VN60TT55E9QQB5KV
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=450&quality=80&width=800
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 2, 1

GET
H2 200 f4d6ea4e73f848cf6a1b0d9cedec6792.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 3 KB
4 KB 23ms
21ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/f4d6ea4e73f848cf6a1b0d9cedec6792.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b983dcdffdc3303d3607316532eac493a0cfa1552484f965e8b07b62e03b0c7a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 3756
x-cache: HIT, HIT
fastly-io-info: ifsz=278471 idim=2000x1125 ifmt=jpeg ofsz=3372 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 3372
x-amz-id-2: yqLpqrcu7N5zHr3vLSu5itx+CzkJncxTsiz/NU4xEz1q/i6AIUCyHxN8iilpxNFUVFcK2u29poI=
x-served-by: cache-bwi5167-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.136834,VS0,VE1
etag: "Cskuq2KduEX8NFDYo48IO0Nfz4cWLPsQcFrp6RpMC6A"
vary: Accept
x-amz-request-id: HJCHR53S500VFC70
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 2, 1

GET
H2 200 f01d3041b638861bd17151f4681d0945.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 7 KB
7 KB 23ms
22ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/f01d3041b638861bd17151f4681d0945.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a94d3ed056bdc581e506464f8fa3b87404036be7b3975345a51b25d987769c93

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 4437
x-cache: HIT, HIT
fastly-io-info: ifsz=913444 idim=2000x1125 ifmt=jpeg ofsz=6902 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 6902
x-amz-id-2: cedj3ij7Tp/LzfdCxaaKY2w/Z+g9NGHl2r4aDYt8e3CG9eZjRy9tBsof4Gq/uf4s60xI2LedHkc=
x-served-by: cache-bwi5140-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.136825,VS0,VE1
etag: "gUIAwBy1XXesaKcpK9BlYWtUammcKovld76qadPrbfY"
vary: Accept
x-amz-request-id: 46WQRF8WQNJYWZPN
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 043a07b6b83acca347994192d2e391e4.jpg
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/ 4 KB
4 KB 23ms
22ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_180,pg_1,q_80,w_320/043a07b6b83acca347994192d2e391e4.jpg
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 340e212a1751fd85ea203bf8e17f67d12ee0e82affca6e8c1199eced124ff2e0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 6727
x-cache: HIT, HIT
fastly-io-info: ifsz=1796760 idim=2000x1125 ifmt=jpeg ofsz=4296 odim=320x180 ofmt=webp
fastly-stats: io=1
content-length: 4296
x-amz-id-2: nPhz1t7xN9Jv0a4CvyCdjo3S5cX3r6KrV28gOx8c59ms7BR3SY2+uualbAhoBzOLR8Wz4sbo/1M=
x-served-by: cache-bwi5145-BWI, cache-hhn4054-HHN
server: AmazonS3
x-timer: S1622116734.136800,VS0,VE1
etag: "tXT7A9hdBqTvhZvMeHsK52HQyBo/Gm1SKrbQaxorNVU"
vary: Accept
x-amz-request-id: VFZTW2MDZ03N4FXY
access-control-allow-origin: *
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=180&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 pr0gzmhpdd3kmxjd5p1y.png
i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ 15 KB
16 KB 23ms
22ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/pr0gzmhpdd3kmxjd5p1y.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92a0bfc0861a802d3fe9c2c70913bebc317707244d8d4d4656927713ecc2a2f5

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody6982375886234284587asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "AStJBY/KomZjy/y2bS+c/xAxoIDJBBaHybh+ni/dPFc"
age: 1222764
x-amz-meta-cld-version: 1587383397
x-cache: HIT, HIT
fastly-io-info: ifsz=28750 idim=235x120 ifmt=png ofsz=15400 odim=320x163 ofmt=webp
x-amz-meta-cld-surrogate-key: 351236110008638766298547047125526252396
fastly-stats: io=1
content-length: 15400
x-amz-id-2: AP2KSOfk7rftJ+aOrgobQJatkqgxMQCBjPpvq5+djxaVqUwYK7xiTcWTuWjaIYZKaUm/ICTBeJ0=
x-served-by: cache-bwi5130-BWI, cache-hhn4054-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1622116734.136779,VS0,VE1
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept
x-amz-request-id: C3EDRT06F5ZQNJN1
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&format=png&frame=1&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 ruzytt0vx9fahqs1fjge.png
i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ 6 KB
6 KB 20ms
20ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fit,fl_progressive,q_80,w_320/ruzytt0vx9fahqs1fjge.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3426fb9ab290b175146bce114372bac9bae5f2f661cd390d5caa75d3b2bc7544

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody3243967384545254353asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "b5S1Sprc+cKTxrLspYEY00aRhyy6iE3r2VAf2vlrWNU"
age: 2520963
x-amz-meta-cld-version: 1556302062
x-cache: HIT, HIT
fastly-io-info: ifsz=32653 idim=1373x418 ifmt=png ofsz=5722 odim=320x97 ofmt=webp
x-amz-meta-cld-surrogate-key: 308379839138913248773917624644144710573
fastly-stats: io=1
content-length: 5722
x-amz-id-2: TgkYKpb+89ZZFvEEWzFUBnewzy8ZNCE82oveZXwowbG78d5/W7C8tebNM7dxLqiKzeSXSeo5JNE=
x-served-by: cache-bwi5181-BWI, cache-hhn4054-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1622116734.138062,VS0,VE1
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept
x-amz-request-id: MZ2NNMRYYBW379K1
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&format=png&frame=1&quality=80&width=320
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 ikipksesw9xxufjfg9il.png
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/ 322 KB
323 KB 31ms
27ms Image
image/webp 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_450,pg_1,q_80,w_800/ikipksesw9xxufjfg9il.png
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.166 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 030b5c1519b67066edcac36ea1098064479ef497bb5a510bf3e86e6c1001ff58

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cld-original-filename: multipartBody6913644371365155305asTemporaryFile
via: 1.1 varnish, 1.1 varnish
etag: "CxLQVuA/oULNx+xVTanrT5Rf0Dd85fiyo2ZCFGhL6fM"
x-amz-meta-cld-surrogate-reporting: width=1920,height=1080
age: 2343458
x-amz-meta-cld-version: 1619528942
x-cache: HIT, HIT
fastly-io-info: ifsz=2351749 idim=1920x1080 ifmt=png ofsz=330180 odim=800x450 ofmt=webp
x-amz-meta-cld-surrogate-key: 249186901206833562741094096343092394398
fastly-stats: io=1
x-amz-meta-cld-etag: 0437241c48629045fc0c144bc3903499
content-length: 330180
x-amz-id-2: 7cfvDCynLr6CDF/LS0RDcXh9jp7HugHk20ll+UszeTGvxh/0q4DRxTuAGqGquEtSfbKBeI/1l8s=
x-served-by: cache-bwi5173-BWI, cache-hhn4039-HHN
x-amz-meta-cld-transformation-id: 10000011314925
server: AmazonS3
x-timer: S1622116734.162466,VS0,VE2
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept
x-amz-request-id: MESHAT35J6W5SRAA
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=png&frame=1&height=450&quality=80&width=800
accept-ranges: bytes
content-type: image/webp
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 runtime~adManager.487cb9be5257c437034a.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
1 KB 1ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/runtime~adManager.487cb9be5257c437034a.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6541ccc3e28b7eb3657d8624c3b23a6c955f0a05fdef7a7cfa04a798c3d0f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35391
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1128
x-amz-id-2: lSJv3BUR4hw+6wGfPIjw9QOeXVsFsUSv1hZpXBowlFhv6nLMVZg+HzVy9oKcuvCwVXzLYt0TLp0=
x-served-by: cache-fra19123-FRA, cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:12 GMT
server: AmazonS3
x-timer: S1622116734.051629,VS0,VE1
etag: "ab74f8472757599846af2395a301a02f"
vary: Accept-Encoding, Authorization
x-amz-request-id: 4MFSF81BA03JK57V
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 adManager.7604a42f42ca8bf36262.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 668 KB
102 KB 2ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/adManager.7604a42f42ca8bf36262.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

05c95bae874d85bb326f9f38cf493d8bf8c049f0a85ca2d3887ab7cd17d02399

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33387
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 104385
x-amz-id-2: 5FnFLWGUPkr59PIVZEeaTlQ0oIxnLMiKLBizhk6KdLYAj3cXr3pW3hDWI6vL9YMGvIQNkQSBkms=
x-served-by: cache-hhn4034-HHN, cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:10 GMT
server: AmazonS3
x-timer: S1622116734.051313,VS0,VE1
etag: "27c1381a99f797b56c8dd1150ebde786"
vary: Accept-Encoding, Authorization
x-amz-request-id: ZHSRFVRJ6ZG4EZWV
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 runtime~trackers.4d23399ce64861a657d3.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 3 KB
1 KB 2ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/runtime~trackers.4d23399ce64861a657d3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

159f073ca9a9d774b1cad9f7991e48b1f060f297d4fdcb15b14d4e25edf20a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43681
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 1121
x-amz-id-2: Qs02ioAZCBzJb/ocTj2x4LT3N01lIwkQ8FaXdLIFdl6ZR9pm15vOxLLlcrurcMR5DG/ce0/y/sg=
x-served-by: cache-hhn4037-HHN, cache-hhn4054-HHN
last-modified: Fri, 21 May 2021 20:08:27 GMT
server: AmazonS3
x-timer: S1622116734.051298,VS0,VE1
etag: "56ca77d3308f23ac30d62030e4ea811a"
vary: Accept-Encoding, Authorization
x-amz-request-id: 8ARF9FG7CTW79RET
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 0.964ec926522338d43fe6.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 7 KB
3 KB 3ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/0.964ec926522338d43fe6.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6db55e01bed50fd095397a0c2382148aea2865278d05a346499a5a677bc49fcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33081
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 2238
x-amz-id-2: GQx3OLnuLXXp/RfEbRueYkesLX2ylxnBo/EYjNqj/nsMRuGKFa40f0xgDT0E15QHNyz0WGqJ9XY=
x-served-by: cache-hhn4073-HHN, cache-hhn4054-HHN
last-modified: Tue, 25 May 2021 21:49:06 GMT
server: AmazonS3
x-timer: S1622116734.051280,VS0,VE1
etag: "fc24e5eaf48793210ba391bd2ac61a9a"
vary: Accept-Encoding, Authorization
x-amz-request-id: 846T84VZ596M4XDC
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 trackers.baa96a1facf9a5feed27.js Show response
www.theonion.com/x-kinja-static/assets/new-client/ 44 KB
12 KB 3ms
0ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/x-kinja-static/assets/new-client/trackers.baa96a1facf9a5feed27.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c7316099520e2f8f2a370c95834bb1b625e2bcac97d01333183f124744643365

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6023
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
set-cookie: geocc=CH;path=/;
x-ua-device: desktop
x-cdn-fetch: mantle-origin-cache
content-length: 11733
x-amz-id-2: PEETFupY2ORcT8JX2B1dBEk1HlXH48sJqetdXslEtxOd89KHl5mDzGa2y8OJoLOsPRPJ3syEKIQ=
x-served-by: cache-fra19145-FRA, cache-hhn4054-HHN
last-modified: Thu, 27 May 2021 10:13:53 GMT
server: AmazonS3
x-timer: S1622116734.051253,VS0,VE1
etag: "26d2ac8efd82edaf46c1a07c9b277284"
vary: Accept-Encoding, Authorization
x-amz-request-id: JHH8RQBVRN05FTKT
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-http2-push: pushed
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1, 1

GET
H2 200 runtime~curatedHomepage.a5ef5a4a2f513ba36161.js Show response
x.kinja-static.com/assets/new-client/ 8 KB
2 KB 25ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/runtime~curatedHomepage.a5ef5a4a2f513ba36161.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

672cdbef225357459320a88eb5c4b50833c3d50110ee9dbd55c5b0421db054bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31
via: 1.1 varnish
x-cache: HIT
content-length: 2223
x-amz-id-2: HZ6gAw+rrglSyJb0TZ/B/7JVW6z0wdeUUaxYdAly/eXyj8w4MT3SEERuz7QXxCNrDbeNiPD03qc=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 27 May 2021 10:13:53 GMT
server: AmazonS3
x-timer: S1622116734.167184,VS0,VE1
etag: "6a8b05352ba9a0fbd0e3800ea3c2952c"
vary: Accept-Encoding
x-amz-request-id: RRDS7T83DEBZJF16
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~50ffb65c.70b9ffbba4d80c316a65.js Show response
x.kinja-static.com/assets/new-client/ 115 KB
32 KB 25ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~50ffb65c.70b9ffbba4d80c316a65.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a720edff5fac0933dfb339213c8239f78abfa3cb60c27a9c467704fb5c57aae0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95
via: 1.1 varnish
x-cache: HIT
content-length: 32824
x-amz-id-2: vVCheInECORgfBahQHXc0RmENuXHgDoGt0mYr7FJ9IeiO253qZI9L5xNPLzpxoiTiLJUZQh5rUg=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 19 May 2021 20:37:49 GMT
server: AmazonS3
x-timer: S1622116734.167066,VS0,VE1
etag: "fef678a6374a0ed28d669e2f766834fc"
vary: Accept-Encoding
x-amz-request-id: D991H4MB1M125QAF
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~1ac5354a.1af5d7a7f6b9ca21b73c.js Show response
x.kinja-static.com/assets/new-client/ 4 KB
2 KB 21ms
19ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~1ac5354a.1af5d7a7f6b9ca21b73c.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b0384dc4f44a2d2192eea70893ce43e74d63925434d7cfe10163227ee2791cd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78
via: 1.1 varnish
x-cache: HIT
content-length: 1595
x-amz-id-2: JjnPIHteG+DZ4Gh/h2brgcs4iNnGL4Mj7bl7aacL8BIQqVtbAB5j4u/2lk83z6CJddrSAT26Vm0=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 27 May 2021 10:13:53 GMT
server: AmazonS3
x-timer: S1622116734.167159,VS0,VE1
etag: "9b9220c09e2c35036c99ba2b4b294e6a"
vary: Accept-Encoding
x-amz-request-id: X2SGJK8AMGMPM9TF
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~ab99bc6b.be5427d9ce6fac989a45.js Show response
x.kinja-static.com/assets/new-client/ 7 KB
3 KB 22ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~ab99bc6b.be5427d9ce6fac989a45.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9f3d63652277cd51fb82f48f9c18480d5a5bd4960cab9e0c8d96f5f03bce7836

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71
via: 1.1 varnish
x-cache: HIT
content-length: 2908
x-amz-id-2: 3CTH3xd+7bS8A0ASfJ5f0jtn6ubm1ZaW9LNI5vO1HysYKyNs9JHEOrdIeybdHawsuZGuVCaOKME=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:12 GMT
server: AmazonS3
x-timer: S1622116734.167428,VS0,VE1
etag: "bd24a93ea9d13ee49b0521fe3f35f0d3"
vary: Accept-Encoding
x-amz-request-id: 68FNAN0NYW85N7BD
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~3441fe34.cc27c62841b3add68c09.js Show response
x.kinja-static.com/assets/new-client/ 118 KB
29 KB 20ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~alertsUnsubscribePage~categoryPage~channelSectionPage~commerceDashboard~curatedHome~3441fe34.cc27c62841b3add68c09.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f0c19455876a23a70e104a436baa4d5cfdbade5685e228c25cd5f1aeadc42c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95
via: 1.1 varnish
x-cache: HIT
content-length: 29550
x-amz-id-2: oJt6qDpApew8HVmBYFezhqNTd5K9b5xLwiQdMpJSienG9DcX6utfvJSnwC/N33Jw0t0KfXHM0lk=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 13 May 2021 20:31:37 GMT
server: AmazonS3
x-timer: S1622116734.176695,VS0,VE1
etag: "5b0db8eed8da26fef6f799eeba64c0fe"
vary: Accept-Encoding
x-amz-request-id: SBBA58QKXYSG5CAQ
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~c4cf108c.2168a9d8b81e18e60dd7.js Show response
x.kinja-static.com/assets/new-client/ 4 KB
2 KB 23ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~c4cf108c.2168a9d8b81e18e60dd7.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

30a74a724f831d9b59d6a44c890fe18ff341bd1d68579aed2cb09e682b59f312

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87
via: 1.1 varnish
x-cache: HIT
content-length: 1577
x-amz-id-2: VXB/uIp2yf72c2YIy6UoRYHLnT54TzjkMjQ/XsjpUgVToAK9lY9kYeU3MKi73K0YGXRmrOknbbc=
x-served-by: cache-hhn4054-HHN
last-modified: Fri, 21 May 2021 00:50:31 GMT
server: AmazonS3
x-timer: S1622116734.192451,VS0,VE1
etag: "956c04eed47e1b571275446dd2ec3408"
vary: Accept-Encoding
x-amz-request-id: EWJSR4GXV3HVWV1H
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~browser-logs~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~erro~95b460b0.6648ed7b82bdcb5a128b.js Show response
x.kinja-static.com/assets/new-client/ 18 KB
5 KB 23ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~browser-logs~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~erro~95b460b0.6648ed7b82bdcb5a128b.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf085c3ec47acdc729ec9929e13405f071ce559d6e4bf8aa0cf91d10f4dff396

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87
via: 1.1 varnish
x-cache: HIT
content-length: 5350
x-amz-id-2: 3DbN9UBXKPvABpc77uBvTZ3yhp/dkcXeqh1CjTqEaLqgnkZbwTWYjrU3cxqWM/exNUoWfJI/UCM=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:12 GMT
server: AmazonS3
x-timer: S1622116734.192440,VS0,VE1
etag: "1a5aba4c49a2c47dfa399a4935bed66f"
vary: Accept-Encoding
x-amz-request-id: E1FXH348NJQ980WR
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~482673d0.36f2d855df04dd9c69a0.js Show response
x.kinja-static.com/assets/new-client/ 19 KB
7 KB 22ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~482673d0.36f2d855df04dd9c69a0.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

35983cd8f6ef4c7cb9989a29f0e9151b5cd81ace67f614dc88cb0797bb1eea32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87
via: 1.1 varnish
x-cache: HIT
content-length: 6584
x-amz-id-2: V4VkoAn5W55HVhlKfYNOObB+3LoFAZwYagBDT7L75i6hzBXFgCQLciKzJjXFR79WOmPH92ToFfc=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 27 May 2021 10:13:53 GMT
server: AmazonS3
x-timer: S1622116734.192532,VS0,VE1
etag: "48442ef6164453c5499708c1bbcdf605"
vary: Accept-Encoding
x-amz-request-id: HPZKFYBQ92ZMEVT2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js Show response
x.kinja-static.com/assets/new-client/ 44 KB
13 KB 22ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2a6dc6fb00cde6afb3b582119bf4c8c6ee7f5b4043cf09b789482b85850a48d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71
via: 1.1 varnish
x-cache: HIT
content-length: 13181
x-amz-id-2: AFwrf1tczNMLLf0oh/C3HHbXAgE//wxw/GIekedogF7ESfYgIlyquJEdAk53Y8iVFUYAOsTH6c8=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 13 May 2021 05:34:52 GMT
server: AmazonS3
x-timer: S1622116734.192521,VS0,VE1
etag: "1454ca61f8e339128ad0b2b3f8567d12"
vary: Accept-Encoding
x-amz-request-id: BD7GHHZ7M5NQ5BJR
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 1.3a63154824145ee4e028.js Show response
x.kinja-static.com/assets/new-client/ 460 KB
103 KB 22ms
22ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/1.3a63154824145ee4e028.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bc7167a426fb45825902fddef4a2d12b790bb470ff9e8656fdaadf293b676f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62
via: 1.1 varnish
x-cache: HIT
content-length: 104892
x-amz-id-2: SFLI8YEUpimi/4lFai26gG4njluoWy5S4sMwKus6ylpT5PGxh34zsE7VcNDwE/VUhlRUWbLF7nc=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:10 GMT
server: AmazonS3
x-timer: S1622116734.192611,VS0,VE1
etag: "2d8a83a136207801ee74ac34a3f8e87a"
vary: Accept-Encoding
x-amz-request-id: YMTVASCTDSDQC2TQ
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~YMALModule~carousel~category-stream~commentsIframe~curatedHomepage~homepage-edit~impact-head~833e4f08.01dc0d78b2de2f1ae4fe.js Show response
x.kinja-static.com/assets/new-client/ 5 KB
2 KB 21ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~YMALModule~carousel~category-stream~commentsIframe~curatedHomepage~homepage-edit~impact-head~833e4f08.01dc0d78b2de2f1ae4fe.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8f4ea46ad7e421dbf383dff81c4e8169ba515c49c72151c020d364aaa7c7bf27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 116
via: 1.1 varnish
x-cache: HIT
content-length: 1857
x-amz-id-2: jWw1/jwPkDxmK18U+qze6cNld6IzqxoCVkTObiiYxPRwgjXm4flVayB3/pkY7YdGcEznOys1KJk=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:12 GMT
server: AmazonS3
x-timer: S1622116734.200171,VS0,VE1
etag: "1bb7566f3cedc96f88f37d81cf71a38f"
vary: Accept-Encoding
x-amz-request-id: 1EAFM54Z5N76MYKC
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~channelSectionPage~commerceDashboardClient~curatedHomepage~customHeader~header~login~notific~da1c7d2b.37367c878de2452f00da.js Show response
x.kinja-static.com/assets/new-client/ 16 KB
4 KB 24ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~channelSectionPage~commerceDashboardClient~curatedHomepage~customHeader~header~login~notific~da1c7d2b.37367c878de2452f00da.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bab52415ad1528e0e14bedfabdd748d62572a27dcd2ff1991d8cd9bdb0b0609a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9
via: 1.1 varnish
x-cache: HIT
content-length: 4110
x-amz-id-2: fYLL0E34+KYVlaScVGxQv1H/lcUG6GWdbhJ/CYsR0YIlNt+wj9o4e7heFNLMp3M2gHGRKjHZsPg=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 20 May 2021 22:41:18 GMT
server: AmazonS3
x-timer: S1622116734.219184,VS0,VE1
etag: "32d386827751a53b5a9ede24089b312c"
vary: Accept-Encoding
x-amz-request-id: 7J901P0NWH877516
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~categoryPage~curatedHomepage~featuredPermalinkPage~frontPage~permalinkPage~searchPage~slides~a3dad056.7f0a898dd527abb1ffa7.js Show response
x.kinja-static.com/assets/new-client/ 16 KB
5 KB 25ms
22ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~categoryPage~curatedHomepage~featuredPermalinkPage~frontPage~permalinkPage~searchPage~slides~a3dad056.7f0a898dd527abb1ffa7.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3ed4dce1bfb07c181da64095e302461a5b744ee60299ca8cdff598633d745bf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13
via: 1.1 varnish
x-cache: HIT
content-length: 5264
x-amz-id-2: Cyf7ZT7usK2zb9CWQ6NFnOXjwuaK3HNSY4whV9jxBZzxl0VCWecNzdxMsh9Azn0XrjIn+2gc/DE=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:13 GMT
server: AmazonS3
x-timer: S1622116734.219184,VS0,VE1
etag: "9a0575f06bd61bc32bd69c39e48a8326"
vary: Accept-Encoding
x-amz-request-id: MQDZY8KGJZEM99HQ
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~YMALModule~curatedHomepage~homepage-edit.0c7bfdba950254ddc6a3.js Show response
x.kinja-static.com/assets/new-client/ 7 KB
3 KB 25ms
20ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~YMALModule~curatedHomepage~homepage-edit.0c7bfdba950254ddc6a3.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dfb8689a3cbf4f504d5e8523c5b74e684d32766e37521bd00943d6e3c96da80e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26
via: 1.1 varnish
x-cache: HIT
content-length: 2495
x-amz-id-2: 4L5EO6jM7+R/rW5zdZf/9+XsCPsX13lCwg7iPXB6jWMG1ZFg8fZN97pKjLado2invZ2oGfp53oQ=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 13 May 2021 05:34:51 GMT
server: AmazonS3
x-timer: S1622116734.219131,VS0,VE1
etag: "3598adf061d5c69aeda9f652a55a06c2"
vary: Accept-Encoding
x-amz-request-id: 1RRXN0X30ZNPD35C
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 vendors~curatedHomepage.d5dab888663c0e5b3f0f.js Show response
x.kinja-static.com/assets/new-client/ 8 KB
2 KB 24ms
19ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/vendors~curatedHomepage.d5dab888663c0e5b3f0f.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bf7055642f98c8e3f7717323c7df5ac421d68f48a30a94c74d11691d2ab25888

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19
via: 1.1 varnish
x-cache: HIT
content-length: 2235
x-amz-id-2: QmRjo8o4cp6ukNa/8wf7mhSLy0n37flm/eaKioP3aWismfGi9KdSG9x4DSozTWfhKoM2PcRzJ7c=
x-served-by: cache-hhn4054-HHN
last-modified: Wed, 26 May 2021 19:20:13 GMT
server: AmazonS3
x-timer: S1622116734.219124,VS0,VE1
etag: "3de05db5e37ff13e0942ddf0044f33e5"
vary: Accept-Encoding
x-amz-request-id: 493RWWHH0KYCJY7G
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 curatedHomepage.28e00d329d062bc1c41d.js Show response
x.kinja-static.com/assets/new-client/ 1 MB
193 KB 22ms
21ms Script
application/javascript 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/new-client/curatedHomepage.28e00d329d062bc1c41d.js

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7ed012ae3fc555235596c23c34ef64a7141b2c689b9afc068a4bf05b3a41cb70

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11
via: 1.1 varnish
x-cache: HIT
content-length: 197383
x-amz-id-2: 2pWyV0RZMFFgDhlxLCZ61AOPJuv816Zd6NdnpTwoD5pZ8F467CEhUfAA/Nb/jeyt1uxRyfL1kcM=
x-served-by: cache-hhn4054-HHN
last-modified: Thu, 27 May 2021 10:13:52 GMT
server: AmazonS3
x-timer: S1622116734.220838,VS0,VE1
etag: "121b9a0c0f810a2276f13dccfbc0426e"
vary: Accept-Encoding
x-amz-request-id: GQCAF7VHVZHBMP40
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 libre-baskerville-bold.woff2
f.kinja-static.com/assets/fonts/libre-baskerville/ 18 KB
18 KB 35ms
35ms Font
binary/octet-stream 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/libre-baskerville/libre-baskerville-bold.woff2

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7e81304e7824242c9059d1ba7875b48357656ac82d4e143dccb3d0eb7c77296c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.theonion.com
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 107
x-cache: HIT
content-length: 17984
x-amz-id-2: 7ls3FCMk3KQwEg2bYULDMMQhCL9tNFqBegKqaWuIIM8CiBxCsQ+gnU8HcfozjHi/DnInUW0HRbI=
x-served-by: cache-hhn4039-HHN
last-modified: Wed, 26 May 2021 19:19:31 GMT
server: AmazonS3
x-timer: S1622116734.153065,VS0,VE1
etag: "0518781cd45a71291d17ea1febfcc5fe"
x-amz-request-id: B8T4XX0RX3X4B66N
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
H2 200 b-165eba0-d33cdfb0.js Show response
tagan.adlightning.com/gomedia/ 68 KB
23 KB 28ms
27ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6752c7307f4f3d9e84681023632884d9ee0ebea34414f6dd34224d546e90cef

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:12:50 GMT
content-encoding: gzip
age: 837965
x-cache: Hit from cloudfront
content-length: 22724
x-amz-meta-git_commit: 165eba0
last-modified: Mon, 17 May 2021 19:11:17 GMT
server: AmazonS3
etag: "6bc857b066e82e254e7e05b4e5371d8c"
x-amz-version-id: g13l3EMtjHIEyToJHgckrLBeb66Tvrah
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: e7i4fbkSm92HfxQqjQmwBLHZVNW4Z_2jmC1yC10TdWeH9uDgkJgiBQ==

GET
H2 200 bl-165eba0-d3cb199c.js Show response
tagan.adlightning.com/gomedia/ 51 KB
20 KB 28ms
28ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-d3cb199c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1bcbb7c20266cf764ae05d6483d018827ffe86e9548b050192fe4e22e50d19b

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 22:22:15 GMT
content-encoding: gzip
age: 49000
x-cache: Hit from cloudfront
content-length: 19637
x-amz-meta-git_commit: 165eba0
last-modified: Wed, 26 May 2021 21:31:08 GMT
server: AmazonS3
etag: "6a5d55fdb41bb0d78eb555c735f401f0"
x-amz-version-id: IhMYlIgrAPlc9NMf.PFk9TSMiAYRXIMX
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: m5WipSsooLnSkhllDuIBVTeT4aySt94FBFhgy2Su2UiSyAVDA3srzA==

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
537 B 34ms
14ms XHR
application/json 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 scroll.js Show response
static.scroll.com/js/ 17 KB
18 KB 76ms
19ms Script
application/javascript 199.232.198.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.scroll.com/js/scroll.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.198.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 01522e70e4807e89bf3303d4f2e01fb141b4ce91dba4023d23794e255028ed9e

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 varnish
x-guploader-response-body-transformations: gunzipped
age: 71545
x-guploader-uploadid: ABg5-UzDn4HViVtDYMx0LxJFFJlJP1Vz5wrigqc--DyYYhhSwMVmRMtaG6ZwrRuWYETy9wRdT0ELNUrWXe2mNQi0nLck5Tz0HA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 17845
x-served-by: cache-hhn4025-HHN
last-modified: Thu, 25 Feb 2021 20:29:37 GMT
server: UploadServer
x-timer: S1622116734.411309,VS0,VE0
etag: W/"334dd94887922f13e29acca6ed203eb7"
vary: Origin
x-goog-hash: crc32c=kcQgZA==, md5=M03ZSIeSLxPimsym7SA+tw==
x-goog-generation: 1614284976930081
expires: Tue, 27 Apr 2021 16:41:24 GMT
cache-control: public, max-age=0, s-maxage=86400
access-control-allow-credentials: true
x-goog-stored-content-length: 6459
accept-ranges: bytes
content-type: application/javascript
warning: 214 UploadServer gunzipped
x-scrolljs: 3
x-cache-hits: 7920

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 84ms
30ms Script
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/x-kinja-static/assets/new-client/trackers.baa96a1facf9a5feed27.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:30:51 GMT
content-encoding: gzip
server: Server
age: 70082
etag: 6bda376aea84df42909484ff0d20f22a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: 7iV2kGh8hACCLQM7XX9BldZxc25jPH1q
x-amz-cf-id: CsK0t1l6mTLHrABTNveVzbWcIZmkv2qetog0toYR6l2p3_qRFZgL2w==

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 35ms
10ms Script
application/x-javascript 2600:9000:2182:7200:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 15:20:58 GMT
content-encoding: gzip
last-modified: Fri, 02 Apr 2021 00:04:46 GMT
server: nginx
age: 74275
etag: W/"60665f9e-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 3e9b9356decf1aa720af0bc92acc0586.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: I87p0JSaTmuQez4LNPMXJjiFycpJEbAkOz_vA9MJOZ_467xTUBq90w==
expires: Thu, 27 May 2021 15:20:58 GMT

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://kinja-com.videoplayerhub.com/gallery.js
https://btloader.com/tag?h=kinja-com&upapi=true

10 KB
5 KB

31ms
14ms

Script
application/javascript

2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=kinja-com&upapi=true
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b5473db0e51abf3da61b7537df9dcb6a8758d37438aa247d0aad4bfd51f2b56

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 197
content-encoding: br
cf-request-id: 0a4f4a2e0500002b4d2cafb000000001
server: cloudflare
etag: W/"3aaddb6f472770a516deffa11ea5c602"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=M32upwr0LZmnXn1c00d5GIor4CFk9SqwXtQPnfotRkhgpaCj5YEpupQJ9up%2FuZjlkgfm%2FUqJomSq7CWTpkBwCwLF7y7ff3JeVSffniOJoCRoq1E8vG7CfoAEqPlHItELheRW7AQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 655f12f66e542b4d-FRA

Redirect headers

date: Thu, 27 May 2021 11:58:54 GMT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uNdSj6xDlX1wRrvrpIwdqPw3cXA2Rrq%2FspGcJMMYa9PFeW%2FaZdoHQVmYdYSIVmWlOgZe8jkPH%2FaduIqrhRApK0p%2FFYF%2F82NtYH8%2BgOz%2BbCpP9rwknpRizC60UW0Bn%2FnbMJQ0VLHkTZscjx4efkesxDdDXHZA"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=kinja-com&upapi=true
cache-control: max-age=3600
cf-ray: 655f12f5efca4eb6-FRA
cf-request-id: 0a4f4a2db700004eb661127000000001
expires: Thu, 27 May 2021 12:58:54 GMT

GET
H2

200

connatix.playspace.dc.js Show response
cds.connatix.com/p/118660/
Redirect Chain

https://cd.connatix.com/connatix.playspace.js
https://cds.connatix.com/p/118660/connatix.playspace.dc.js

1 MB
233 KB

24ms
20ms

Script
application/javascript

151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/118660/connatix.playspace.dc.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 994bbd6945e5afa6c43bc66e221915b670f42a914b1eb2e8130f469df2b61b30

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: br
last-modified: Thu, 27 May 2021 11:39:45 GMT
age: 1058
etag: "9e291c5af5666b262357aa82835e845d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 237743

Redirect headers

location: https://cds.connatix.com/p/118660/connatix.playspace.dc.js
date: Thu, 27 May 2021 11:58:54 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
age: 0
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
H2 200 i.js Show response
tag.bounceexchange.com/3645/ 16 KB
8 KB 168ms
125ms Script
text/plain 34.120.253.250
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/3645/i.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: fasthttp /
Resource Hash: 0439f0a18bd35e29994291058cff34e8b3399359ebdb0cb79b30abd92435f73f

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:17 GMT
content-encoding: gzip
server: fasthttp
age: 37
etag: aa59d8f1ed748d
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public, max-age=60
x-region: us-central1
timing-allow-origin: *
alt-svc: clear
content-length: 7700

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
2 KB 98ms
35ms Script
application/javascript 13.226.159.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:36:45 GMT
via: 1.1 c51e3be89c14e3f859ea898f7e36eced.cloudfront.net (CloudFront)
etag: "1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 1330
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 1469
x-amz-cf-id: FO9w7dmec1fN3FPJ-87486yhErRbLXKq7ssSoKAHAzRz3GJnUAruOA==

GET
H2 200 publisher_kit.js Show response
cdn.britepool.com/ 133 KB
43 KB 101ms
31ms Script
text/javascript 13.226.159.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.britepool.com/publisher_kit.js?api_key=6e9e2b90-3709-4afb-a9f8-3586da6c7fb3
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-50.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 61ccb8c3252e27a327becaf9318517719a131160e0bc05659b0d2493dc6e9245

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 10:38:15 GMT
content-encoding: gzip
last-modified: Wed, 06 Jan 2021 10:34:46 GMT
server: AmazonS3
age: 4839
etag: W/"84e9f71335e9b47a7fe8e0e75dd289da"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
cache-control: max-age=14400, public, immutable
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: oacpNN-4LeHw8A557b5Bkq-1mzf9hvzBpEt_fLaZIZAes234lMoBjA==

GET
H2 200 /
insight.adsrvr.org/track/evnt/ 70 B
261 B 141ms
45ms Image
image/gif 52.50.64.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=5zq9nmk&ct=0:ngtk7da&fmt=3
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.64.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-64-214.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 pubads_impl_2021052501.js Show response
securepubads.g.doubleclick.net/gpt/ 310 KB
109 KB 55ms
27ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052501.js?31061327

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

a1b8ef6d40a6f447aa71becd00f6fa9a4e1be4405fad120ab1aa8ae6ef2146bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 08:40:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111175
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:54 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
466 B 42ms
17ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

POST
H2 200 event.js
www.theonion.com/api/kala/t/ 159 B
433 B 136ms
135ms Ping
application/json 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiRlJPTlRQQUdFX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0Njk2NDg5MCIsIjE4NDY5Njg0NDYiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NTUwMiIsIjE4NDY5NzUwMzkiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NDEwNyIsIjE4NDY5NjcxNjMiLCIxODQ2OTQyNTE3IiwiMTg0Njk0NDMxOCIsIjE4NDY5NjUwNDUiLCIxODQ2OTU3MTIwIiwiMTg0Njk2NjU5MSIsIjE4NDY5NTgxNzMiLCIxODQ2OTY3MDEzIiwiMTg0Njk1NjE4MiIsIjE4NDY5NTgxNzMiLCIxODQ2ODkxMjczIiwiMTg0Njg3MTU0NiIsIjE4NDY5MzQ4NzkiLCIxODQ2ODk3OTk0IiwiMTg0NjkzMzYyMSIsIjE4NDYyMDQyMzMiLCIxODQ2MTk2MTQzIiwiMTg0Njk2NTY5OSIsIjE4NDY5NTQxNTYiLCIxODQ2OTU0MTQ3IiwiMTg0Njk2NTUwMiIsIjE4NDY5MzcyMjIiLCIxODQ2NTkzMjU2IiwiMTg0NjUxNzE1NCIsIjE4NDY3MzQ5OTciLCIxODQ2OTI3NTA1IiwiMTg0Njk0MjkxMiIsIjE4NDY5MjE1NzIiLCIxODQ2ODk4OTMwIiwiMTg0Njg4MDYzOSIsIjE4NDY5NjQxOTMiLCIxODQ2OTQ0MzE4IiwiMTg0Njk0MjUxNyIsIjE4NDY5MzA4NzQiLCIxODQ2OTY2MTIzIiwiMTg0Njk2NjU5MSIsIjE4NDY4ODc4OTgiLCIxODQ2ODkwODMxIiwiMTg0Njk3NDc2MyIsIjE4NDY5NjU4OTEiLCIxODQ2OTU3ODQ4IiwiMTg0Njk1NzA0MSJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=473

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/curatedHomepage.28e00d329d062bc1c41d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc17080459f7dbd9c1dc41eb50d1b6d654364e69bf527018257df2af4c2c3028

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
origin: https://www.theonion.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: KinjaBucket=e; geocc=CH; AMP_TOKEN=%24RETRIEVING; lux_uid=162211673435241205; pageDepth=1; dd_rum_test=test; _dd_r=0
content-length: 0
:path: /api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiRlJPTlRQQUdFX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0Njk2NDg5MCIsIjE4NDY5Njg0NDYiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NTUwMiIsIjE4NDY5NzUwMzkiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NDEwNyIsIjE4NDY5NjcxNjMiLCIxODQ2OTQyNTE3IiwiMTg0Njk0NDMxOCIsIjE4NDY5NjUwNDUiLCIxODQ2OTU3MTIwIiwiMTg0Njk2NjU5MSIsIjE4NDY5NTgxNzMiLCIxODQ2OTY3MDEzIiwiMTg0Njk1NjE4MiIsIjE4NDY5NTgxNzMiLCIxODQ2ODkxMjczIiwiMTg0Njg3MTU0NiIsIjE4NDY5MzQ4NzkiLCIxODQ2ODk3OTk0IiwiMTg0NjkzMzYyMSIsIjE4NDYyMDQyMzMiLCIxODQ2MTk2MTQzIiwiMTg0Njk2NTY5OSIsIjE4NDY5NTQxNTYiLCIxODQ2OTU0MTQ3IiwiMTg0Njk2NTUwMiIsIjE4NDY5MzcyMjIiLCIxODQ2NTkzMjU2IiwiMTg0NjUxNzE1NCIsIjE4NDY3MzQ5OTciLCIxODQ2OTI3NTA1IiwiMTg0Njk0MjkxMiIsIjE4NDY5MjE1NzIiLCIxODQ2ODk4OTMwIiwiMTg0Njg4MDYzOSIsIjE4NDY5NjQxOTMiLCIxODQ2OTQ0MzE4IiwiMTg0Njk0MjUxNyIsIjE4NDY5MzA4NzQiLCIxODQ2OTY2MTIzIiwiMTg0Njk2NjU5MSIsIjE4NDY4ODc4OTgiLCIxODQ2ODkwODMxIiwiMTg0Njk3NDc2MyIsIjE4NDY5NjU4OTEiLCIxODQ2OTU3ODQ4IiwiMTg0Njk1NzA0MSJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=473
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.theonion.com
referer: https://www.theonion.com/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-ua-device: desktop
x-kinja: kinja-kala-kube01-5d5469547c-52fjb #55
x-cdn-fetch: mantle-setcookie
content-length: 153
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5125-BWI, cache-hhn4054-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1622116735.662510,VS0,VE116
x-frame-options: DENY
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
set-cookie: ka=4bafb379-fb70-4a1b-a4f9-5cdfb46c8496|ab13a128-3396-4571-9929-f8d7d46d31d1|1622116734722; Max-Age=31536000; Expires=Fri, 27 May 2022 11:58:54 GMT; Path=/; HTTPOnly
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-cache-hits: 0, 0

POST
H2 200 event.js
www.theonion.com/api/kala/t/ 159 B
792 B 109ms
108ms Ping
application/json 151.101.194.166
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theonion.com/api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiU1RSRUFNX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0Njk2NDg5MCIsIjE4NDY5Njg0NDYiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NTUwMiIsIjE4NDY5NzUwMzkiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NDEwNyIsIjE4NDY5NjcxNjMiLCIxODQ2OTQyNTE3IiwiMTg0Njk0NDMxOCIsIjE4NDY5NjUwNDUiLCIxODQ2OTU3MTIwIiwiMTg0Njk2NjU5MSIsIjE4NDY5NTgxNzMiLCIxODQ2OTY3MDEzIiwiMTg0Njk1NjE4MiIsIjE4NDY5NTgxNzMiLCIxODQ2ODkxMjczIiwiMTg0Njg3MTU0NiIsIjE4NDY5MzQ4NzkiLCIxODQ2ODk3OTk0IiwiMTg0NjkzMzYyMSIsIjE4NDYyMDQyMzMiLCIxODQ2MTk2MTQzIiwiMTg0Njk2NTY5OSIsIjE4NDY5NTQxNTYiLCIxODQ2OTU0MTQ3IiwiMTg0Njk2NTUwMiIsIjE4NDY5MzcyMjIiLCIxODQ2NTkzMjU2IiwiMTg0NjUxNzE1NCIsIjE4NDY3MzQ5OTciLCIxODQ2OTI3NTA1IiwiMTg0Njk0MjkxMiIsIjE4NDY5MjE1NzIiLCIxODQ2ODk4OTMwIiwiMTg0Njg4MDYzOSIsIjE4NDY5NjQxOTMiLCIxODQ2OTQ0MzE4IiwiMTg0Njk0MjUxNyIsIjE4NDY5MzA4NzQiLCIxODQ2OTY2MTIzIiwiMTg0Njk2NjU5MSIsIjE4NDY4ODc4OTgiLCIxODQ2ODkwODMxIiwiMTg0Njk3NDc2MyIsIjE4NDY5NjU4OTEiLCIxODQ2OTU3ODQ4IiwiMTg0Njk1NzA0MSJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=283

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/curatedHomepage.28e00d329d062bc1c41d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.166 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f474e9f09091dcabb763ee295bafb1f7ab2cdd8383c99a8398bb284454b0b589

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
origin: https://www.theonion.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: KinjaBucket=e; geocc=CH; AMP_TOKEN=%24RETRIEVING; lux_uid=162211673435241205; pageDepth=1; dd_rum_test=test; _dd_r=0
content-length: 0
:path: /api/kala/t/event.js?e=eyJibG9nSWQiOiIxNjM2MDc5NTEwIiwiY29udGV4dElkIjoiMTYzNjA3OTUxMCIsInRhcmdldElkIjoiMTYzNjA3OTUxMCIsImNvbnRleHRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRUeXBlIjoiU1RSRUFNX1ZJRVciLCJ0YXJnZXRUeXBlIjoiRlJPTlRQQUdFIiwiZXZlbnRBdHRyaWJ1dGVzIjp7ImJsb2dOYW1lIjoid3d3LnRoZW9uaW9uLmNvbSIsImlzTG9nZ2VkSW4iOjB9LCJldmVudEF0dHJpYnV0ZXNFeHRlbmRlZCI6eyJyZXNwb25zaXZlVmVyc2lvbiI6IjEzNjQrIiwiZGV2aWNlQ2F0ZWdvcnkiOiJkZXNrdG9wIiwiYWRCbG9jayI6ImFkYmxvY2sgb2ZmIiwidGltZW91dCI6ZmFsc2UsInBvc3RzSW5TdHJlYW0iOlsiMTg0Njk2NDg5MCIsIjE4NDY5Njg0NDYiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NTUwMiIsIjE4NDY5NzUwMzkiLCIxODQ2OTM3MjIyIiwiMTg0Njk2NDEwNyIsIjE4NDY5NjcxNjMiLCIxODQ2OTQyNTE3IiwiMTg0Njk0NDMxOCIsIjE4NDY5NjUwNDUiLCIxODQ2OTU3MTIwIiwiMTg0Njk2NjU5MSIsIjE4NDY5NTgxNzMiLCIxODQ2OTY3MDEzIiwiMTg0Njk1NjE4MiIsIjE4NDY5NTgxNzMiLCIxODQ2ODkxMjczIiwiMTg0Njg3MTU0NiIsIjE4NDY5MzQ4NzkiLCIxODQ2ODk3OTk0IiwiMTg0NjkzMzYyMSIsIjE4NDYyMDQyMzMiLCIxODQ2MTk2MTQzIiwiMTg0Njk2NTY5OSIsIjE4NDY5NTQxNTYiLCIxODQ2OTU0MTQ3IiwiMTg0Njk2NTUwMiIsIjE4NDY5MzcyMjIiLCIxODQ2NTkzMjU2IiwiMTg0NjUxNzE1NCIsIjE4NDY3MzQ5OTciLCIxODQ2OTI3NTA1IiwiMTg0Njk0MjkxMiIsIjE4NDY5MjE1NzIiLCIxODQ2ODk4OTMwIiwiMTg0Njg4MDYzOSIsIjE4NDY5NjQxOTMiLCIxODQ2OTQ0MzE4IiwiMTg0Njk0MjUxNyIsIjE4NDY5MzA4NzQiLCIxODQ2OTY2MTIzIiwiMTg0Njk2NjU5MSIsIjE4NDY4ODc4OTgiLCIxODQ2ODkwODMxIiwiMTg0Njk3NDc2MyIsIjE4NDY5NjU4OTEiLCIxODQ2OTU3ODQ4IiwiMTg0Njk1NzA0MSJdLCJzb3J0aW5nVmlldyI6ImRlZmF1bHQiLCJwYWdlSW5kZXgiOjB9fQ==&cb=283
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.theonion.com
referer: https://www.theonion.com/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-ua-device: desktop
x-kinja: kinja-kala-kube03-7cd7c5cdff-l2z2t #55
x-cdn-fetch: mantle-setcookie
content-length: 153
x-xss-protection: 1; mode=block
x-served-by: cache-bwi5156-BWI, cache-hhn4054-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1622116735.662824,VS0,VE89
x-frame-options: DENY
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
set-cookie: ka=974abdec-3f47-47e4-a93e-d95d1e257826|a73c7719-6df6-4c61-985f-8f2d467202a2|1622116734709; Max-Age=31536000; Expires=Fri, 27 May 2022 11:58:54 GMT; Path=/; HTTPOnly
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-cache-hits: 0, 0

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2044920808&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theonion.com%2F&ul=en-us&de=UTF-8&dt=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEABFAQCAC~&jid=1128268873&gjid=772519977&cid=533000506.1622116735&tid=UA-223393-1&_gid=306649726.1622116735&_r=1&_slc=1&cd34=none&cd35=none&cd36=none&cd38=computer&cd39=none&cd40=-2&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=adblock%20off&cd60=production%3Amagma&cd70=&cd75=Logged%20out&cd76=none&cd78=standard&cd80=none&cd82=none&cd83=frontpage&cd94=none&cd97=none&cd99=none&cd101=theonion&cd103=&cd105=The%20Onion&cd108=adblock%20off&cd109=website&cd110=1364%2B&cd111=0&cd115=none&cd117=none&cd123=none&cd124=none&cd126=adblock%20off&cd130=none&cd131=frontpage&z=2110621903

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2044920808&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theonion.com%2F&ul=en-us&de=UTF-8&dt=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEABFAQCAC~&jid=927123084&gjid=1779080969&cid=533000506.1622116735&tid=UA-142218-33&_gid=306649726.1622116735&_r=1&_slc=1&cd34=none&cd35=none&cd36=none&cd38=computer&cd39=none&cd40=-2&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=adblock%20off&cd60=production%3Amagma&cd70=&cd75=Logged%20out&cd76=none&cd78=standard&cd80=none&cd82=none&cd83=frontpage&cd94=none&cd97=none&cd99=none&cd101=theonion&cd103=&cd105=The%20Onion&cd108=adblock%20off&cd109=website&cd110=1364%2B&cd111=0&cd115=none&cd117=none&cd123=none&cd124=none&cd126=adblock%20off&cd130=none&cd131=frontpage&z=1664254386

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK a25efe94-1f9f-428d-83a1-befedca84c22
https://www.theonion.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.theonion.com/a25efe94-1f9f-428d-83a1-befedca84c22
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 200 ping
ping.chartbeat.net/ 43 B
169 B 341ms
114ms Image
image/gif 54.221.193.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=theonion.com&p=%2F&u=DiSmjYCi8k1yCdPQQZ&d=theonion.com&g=3012&g0=www.theonion.com&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=6097&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=857&t=B4DFcmCJN58rB7k3S9nh5ImBTDssg&V=126&i=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&tz=-120&sn=1&sv=Dbpp9VBuUH77BFYiPrDrQhKJF0YCC&sd=1&im=067b2ff3&_
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.193.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-193-128.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

POST
H2 200 check Show response
connect.scroll.com/embed/ 0
1 KB 162ms
127ms XHR
application/json 35.201.100.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.scroll.com/embed/check

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.100.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.100.201.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name

Value

Content-Security-Policy

default-src https: 'unsafe-eval' 'unsafe-inline'; child-src blob:;frame-ancestors https: http:; object-src 'none'; img-src 'self' https://*.scroll.com https://logo-scroll.imgix.net https://u-scroll.imgix.net https://pub-scroll.imgix.net https://scroll-static.imgix.net https://scroll.imgix.net https://logo-scratch-scroll.imgix.net https://www.google-analytics.com https://www.googletagmanager.com https://*.stripe.com data: https://static.scroll.com https://assets.scroll.com https://scroll.com; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://sentry.io https://o74190.ingest.sentry.io https://www.google-analytics.com https://fonts.googleapis.com https://*.scroll.com https://static.scroll.com https://api.scroll.com/v1/; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://accounts.google.com https://static.scroll.com https://assets.scroll.com https://scroll.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com/ https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3/ https://checkout.stripe.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://static.scroll.com https://assets.scroll.com 'nonce-null' 'strict-dynamic';

Strict-Transport-Security

max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
content-security-policy: default-src https: 'unsafe-eval' 'unsafe-inline'; child-src blob:;frame-ancestors https: http:; object-src 'none'; img-src 'self' https://*.scroll.com https://logo-scroll.imgix.net https://u-scroll.imgix.net https://pub-scroll.imgix.net https://scroll-static.imgix.net https://scroll.imgix.net https://logo-scratch-scroll.imgix.net https://www.google-analytics.com https://www.googletagmanager.com https://*.stripe.com data: https://static.scroll.com https://assets.scroll.com https://scroll.com; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://sentry.io https://o74190.ingest.sentry.io https://www.google-analytics.com https://fonts.googleapis.com https://*.scroll.com https://static.scroll.com https://api.scroll.com/v1/; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://accounts.google.com https://static.scroll.com https://assets.scroll.com https://scroll.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com/ https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.scroll.com https://assets.scroll.com; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3/ https://checkout.stripe.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://static.scroll.com https://assets.scroll.com 'nonce-null' 'strict-dynamic';
alt-svc: clear
content-length: 0

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
314 B 32ms
31ms XHR
text/plain 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3076&u=https%3A%2F%2Fwww.theonion.com%2F
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 14:25:22 GMT
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
server: Server
age: 77612
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.theonion.com
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: -NF701uDGmQZNLetCq6Ew6bDTk7ZRINZu8TuuQTjqh4KAn8XL8qO3g==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 69ms
23ms XHR
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 53666
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Wed, 26 May 2021 21:04:29 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: u3GE1tMkR7jpElKlG8qSJTyUq6d5qq0X4Igv5-WuXMO2sMsSaJr0wA==

GET
H2 200 rtbsmpubs.php Show response
hbx.media.net/ 58 KB
3 KB 150ms
150ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&cid=8CUL2TG3D&region=eu&ptrid=8PRL4E7N3&requestString=223272391*23%7C300x250%7C1722916%7C18816326%7C%7C%7C1%40223272391*29%7C300x250%7C12156%7C317160_1626478_15%7C%7C%7C1%40223272391*51%7C300x250%7C1703006%7C18682188%7C0.43%7C%7C1%40223272391*97%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.55%7C%7C1%40223272391*106%7C300x250%7C541006788%7C541006803%7C%7C%7C1%40223272391*145%7C300x250%7C100600%7C18682188%7C0.41%7C%7C1%40223272391*172%7C300x250%7C8CUL2TG3D%7C18764471%7C0.33%7C%7C1%40223272391*175%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.44%7C%7C1%40223272391*201%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.37%7C%7C1%40223272391*222%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C0.37%7C%7C1%40223272391*228%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40223272391*246%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40223272391*251%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40223272391*273%7C300x250%7C8CUL2TG3D%7C223272391_8CUL2TG3D%7C%7C%7C1%40283886783*23%7C970x90~728x90~970x250%7C1722916%7C18816313~18816313~18816313%7C%7C%7C1%40283886783*29%7C970x250~728x90~970x90%7C12156%7C317160_1626430_45~317160_1626430_2~317160_1626430_57%7C%7C%7C1%40283886783*51%7C728x90~970x90~970x250%7C1703006%7C18682195~18682195~18682195%7C0.43%7C%7C1%40283886783*97%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.55%7C%7C1%40283886783*106%7C970x90~728x90~970x250%7C541006788%7C541006797~541006797~541006797%7C%7C%7C1%40283886783*145%7C728x90~970x90~970x250%7C100600%7C499199~499199~499199%7C0.41%7C%7C1%40283886783*172%7C728x90~970x90~970x250%7C8CUL2TG3D%7C18685548~18685548~18685548%7C0.33%7C%7C1%40283886783*175%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.44%7C%7C1%40283886783*201%7C728x90~970x90~970x250%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.37%7C%7C1%40283886783*203%7C970x250~970x90~728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.28%7C%7C1%40283886783*222%7C970x250~728x90~970x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C0.37%7C%7C1%40283886783*228%7C728x90~970x90~970x250%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C%7C%7C1%40283886783*236%7C970x90~728x90~970x250%7C159463%7C2927740_715385~2927740_715385~2927740_715385%7C0.33%7C%7C1%40283886783*246%7C728x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D%7C%7C%7C1%40283886783*251%7C970x250~970x90%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C%7C%7C1%40283886783*273%7C728x90~970x90~970x250%7C8CUL2TG3D%7C283886783_8CUL2TG3D~283886783_8CUL2TG3D~283886783_8CUL2TG3D%7C%7C%7C1%40395631964*23%7C300x250%7C1722916%7C18816310%7C%7C%7C1%40395631964*29%7C300x250%7C12156%7C317160_1626416_15%7C%7C%7C1%40395631964*51%7C300x250%7C1703006%7C18682192%7C0.43%7C%7C1%40395631964*97%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.55%7C%7C1%40395631964*106%7C300x250%7C541006788%7C541006794%7C%7C%7C1%40395631964*145%7C300x250%7C100600%7C499196%7C0.41%7C%7C1%40395631964*172%7C300x250%7C8CUL2TG3D%7C18685545%7C0.33%7C%7C1%40395631964*175%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.44%7C%7C1%40395631964*201%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.37%7C%7C1%40395631964*203%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.28%7C%7C1%40395631964*222%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C0.37%7C%7C1%40395631964*228%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40395631964*236%7C300x250%7C159463%7C2927740_715385%7C0.33%7C%7C1%40395631964*246%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40395631964*251%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40395631964*273%7C300x250%7C8CUL2TG3D%7C395631964_8CUL2TG3D%7C%7C%7C1%40737331266*23%7C300x250~300x600%7C1722916%7C18816316~18816316%7C%7C%7C1%40737331266*29%7C300x600~300x250%7C12156%7C317160_1626436_10~317160_1626436_15%7C%7C%7C1%40737331266*51%7C300x250~300x600%7C1703006%7C18682197~18682197%7C0.43%7C%7C1%40737331266*97%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.55%7C%7C1&crid=223272391%2C283886783%2C395631964%2C737331266&sd=-1&requrl=https%3A%2F%2Fwww.theonion.com%2F&bl=1&rt=5&dn=https://www.theonion.com&https=1&act=headerBid&prvReqId=166394639761659941622116734791&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.4032928251398269&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A6097%7D&itype=HB&cc=CH&rc=ZH&ct=ZURICH&sid=7656&prid=8PRVCXX19&ssa=1&gcp=1&switch=1&callback=window.advBidxc.rtbsheaderBid1S0

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b33365d8cd0c0340b52853dea27d45a26ab8212eb536b759e37bfd87907d01b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 2675
x-mnet-hl2: E
expires: Thu, 27 May 2021 11:58:54 GMT

POST
H/1.1 200
OK / Show response
colossusssp.com/ 2 B
243 B 509ms
177ms XHR
application/json 88.214.207.207
NATCOWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://colossusssp.com/?c=o&m=multi
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 88.214.207.207 , United Kingdom, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.theonion.com
Date: Thu, 27 May 2021 11:58:59 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 2
Content-Type: application/json

GET
H2 200 rtbsmpubs.php Show response
hbx.media.net/ 15 KB
2 KB 140ms
140ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&cid=8CUL2TG3D&region=eu&ptrid=8PRL4E7N3&requestString=737331266*106%7C300x250~300x600%7C541006788%7C541006800~541006800%7C%7C%7C1%40737331266*145%7C300x600~300x250%7C100600%7C499201~499201%7C0.41%7C%7C1%40737331266*172%7C300x250~300x600%7C8CUL2TG3D%7C18685610~18685610%7C0.33%7C%7C1%40737331266*175%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.44%7C%7C1%40737331266*201%7C300x600~300x250%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.37%7C%7C1%40737331266*203%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.28%7C%7C1%40737331266*222%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C0.37%7C%7C1%40737331266*228%7C300x600~300x250%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C%7C%7C1%40737331266*236%7C300x250~300x600%7C159463%7C2927740_715385~2927740_715385%7C0.33%7C%7C1%40737331266*246%7C300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D%7C%7C%7C1%40737331266*251%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C%7C%7C1%40737331266*273%7C300x250~300x600%7C8CUL2TG3D%7C737331266_8CUL2TG3D~737331266_8CUL2TG3D%7C%7C%7C1&crid=737331266&sd=-1&requrl=https%3A%2F%2Fwww.theonion.com%2F&bl=1&rt=5&dn=https://www.theonion.com&https=1&act=headerBid&prvReqId=741321925096792581622116734799&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.39561227983366676&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A6097%7D&itype=HB&cc=CH&rc=ZH&ct=ZURICH&sid=7656&prid=8PRVCXX19&ssa=1&gcp=1&callback=window.advBidxc.rtbsheaderBid1S1

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

51d18b4b8cf3ca195fc5ae24f763152a7d6f49f5f558842782d64ca774036869

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Thu, 27 May 2021 11:58:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 1416
x-mnet-hl2: E
expires: Thu, 27 May 2021 11:58:54 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 129 B
513 B 90ms
90ms XHR
text/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fwww.theonion.com%2F&pid=D7dhv1fe5V2s9&cb=0&ws=1600x1200&v=7.65.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x251%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F4246%2Ffmg.onion%2Ffrontpage_top-banner%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 2556f59b2cd53ed4796e3321c14f626f90f8e739ee20e14d70ddc96908785cad

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: DUS51-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 134
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: cXSexDid93y3aXwkyTBvbk-R6KpADWTErHza2Ml80NeWOGUp1eYcnQ==

GET
H2 200 config Show response
prebid.media.net/rtb/prebid/analytics/ 44 B
245 B 156ms
123ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid/analytics/config?cid=8CU74RYRS&dn=www.theonion.com
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 6123ac967d1ab79ef7093374f3156aa4143f4b0ea081a5e0356fbf55fcb40cb4

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: max-age=900, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Thu, 27 May 2021 12:13:54 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 330 B
526 B 61ms
31ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU74RYRS
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: b04ce4742e537944eb1e8d16873c0b0358ab393505f4a5b655a66f22682a0adb

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear

GET
H/1.1

200
OK

hb Show response
sofia.trustx.org/ul_cb/
Redirect Chain

https://sofia.trustx.org/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeo...

2 B
825 B

125ms
125ms

XHR
application/json

35.211.168.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: nginx
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

Redirect headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: nginx
Access-Control-Allow-Origin: https://www.theonion.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9630&sizes=970x250%2C970x251%2C970x90%2C728x90&r=3bc764314341cd&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
720 B 101ms
33ms XHR
application/json 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:54 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 98efe503-5932-4a08-8203-092331700b2a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 117ms
52ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&site_id=243700&zone_id=1361938&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fwww.theonion.com%2F&tk_flint=pbjs_lite_v4.17.0&x_source.tid=9aa8549a-26fd-4030-b0bd-45aa9832b2e0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.45588304782130495
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: b159cb193d1025e2c1525701e3cc7c9a4f2ce1abad2f3fdac6597595c2f05895

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
146 B 109ms
35ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.17.0&cb=26431554484
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.theonion.com
date: Thu, 27 May 2021 11:58:54 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
527 B 70ms
26ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=223310&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221172fb89c27c5dc%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.theonion.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2212434ae57ec10c7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223310%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22134d78b695c9ab6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223309%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22145bb91fc96c87d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223311%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2212434ae57ec10c7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22223310%22%2C%22sid%22%3A%22970x251%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A251%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0b0c96dfa2f15997cdeb9191b6d7cef70cecce557a6e0af62ca2d2fb6eb2faee

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.156.175.107], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.theonion.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Thu, 27 May 2021 11:58:54 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 86ms
33ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_2&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: 7018aa213c2ca5ef26c59017119603e6bc2ea751989b9b567040520a91dbe137

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 27 May 2021 11:58:54 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 84ms
31ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=top_banner_728x90&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: c0cbcc724fb08be68859b1e9529f4cafef1a350ba3f28cff23e6f3bf0675c186

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 27 May 2021 11:58:54 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 84ms
32ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_3&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: cd120e229b6bd4ad4fb821ef25b81169ee13b999b0584cbf59e39bcb00b01e64

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 27 May 2021 11:58:54 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
748 B 96ms
43ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96945a017373a17480a71120f0035f&pos=d-atf-top-728x90_970x250_970x90_1&cmd=bid&secure=1
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ATS/7.1.2.128 /
Resource Hash: 2d529ab1cd0988898b9b53dc0f0c5e1bdf0f8724f50809f8a424aa600355c4ee

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 27 May 2021 11:58:54 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 129 B
512 B 118ms
117ms XHR
text/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fwww.theonion.com%2F&pid=D7dhv1fe5V2s9&cb=1&ws=1600x1200&v=7.65.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4246%2Ffmg.onion%2Ffrontpage_left_top%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: ab367e8880530a7949a5a5cffe5aed8ffe313413238fe8b1f6e9d8b5c1060614

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: DUS51-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 134
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: 0V1tjpxoY-5I0T3rsuB00ZPvV49Jw6lv0H5FfVaungOx1rSRCb4YOA==

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
720 B 101ms
37ms XHR
application/json 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:54 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.74:80
AN-X-Request-Uuid: cefc6fb3-9bf5-4bb5-b8b6-b9ccb704f7fc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 330 B
391 B 46ms
37ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU74RYRS
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: af2117f40f0d7349718eece577b4409506728b235b898207a8514cadca66408d

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
527 B 58ms
28ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=241226&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2224983f8756d41ae%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.theonion.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2225ba588619059db%22%2C%22ext%22%3A%7B%22siteID%22%3A%22241226%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bae09704781ed6f787287d3171931573e6ae033fb7caad4c94b0598b4c7fb0fd

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:54 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.156.175.107], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.theonion.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Thu, 27 May 2021 11:58:54 GMT

GET
H/1.1

200
OK

hb Show response
sofia.trustx.org/ul_cb/
Redirect Chain

https://sofia.trustx.org/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000

2 B
825 B

132ms
132ms

XHR
application/json

35.211.168.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: nginx
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 2

Redirect headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: nginx
Access-Control-Allow-Origin: https://www.theonion.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sofia.trustx.org/ul_cb/hb?pt=net&auids=9634&sizes=300x250&r=26e7a1578b8c8fb&wrapperType=Prebid_js&wrapperVersion=4.17.0&u=https%3A%2F%2Fwww.theonion.com%2F&wtimeout=1000
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
146 B 93ms
37ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.17.0&cb=60748044407
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.theonion.com
date: Thu, 27 May 2021 11:58:54 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 110ms
39ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&site_id=243700&zone_id=1361946&size_id=15&p_pos=atf&rf=https%3A%2F%2Fwww.theonion.com%2F&tk_flint=pbjs_lite_v4.17.0&x_source.tid=78206530-e5c4-41d6-8e24-45640d35029d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.005110574364364018
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 653d009a18090ef35be4c9f965cb2e81d1dc698bb774101464d05ab828f725bf

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:54 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.theonion.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

403

insync
thrtle.com/
Redirect Chain

https://px.britepool.com/new?partner_id=t
https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=244d69ad-7c4d-442b-b81f-0b316395d6a2

0
0

368ms
139ms

Image
text/html

34.228.209.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=244d69ad-7c4d-442b-b81f-0b316395d6a2
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.209.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: nginx
Vary: negotiate,Accept-Encoding
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://thrtle.com/insync?vxii_pid=10054&vxii_pdid=244d69ad-7c4d-442b-b81f-0b316395d6a2
Cache-Control: no-cache, no-store, private
Tcn: Choice
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
X-Request-Id: d45eeafbe5dd7318c702b24d0e8581a4
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
86 B 34ms
34ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-223393-1&cid=533000506.1622116735&jid=1128268873&gjid=772519977&_gid=306649726.1622116735&_u=aGDACEAAFAQCAC~&z=687093899

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 27 May 2021 11:58:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
72 B 35ms
35ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-142218-33&cid=533000506.1622116735&jid=927123084&gjid=1779080969&_gid=306649726.1622116735&_u=aGDACEABFAQCAC~&z=2043036232

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 27 May 2021 11:58:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=

64 B
331 B

29ms
29ms

Image
image/gif

13.226.159.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America%27s%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-43.dus51.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
via: 1.1 c51e3be89c14e3f859ea898f7e36eced.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: eLqrnCq9wWQRqeXVr-2FtqCZ1xQcfkvkhzKGWScq3kdf0VRE1qFeVw==

Redirect headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 c51e3be89c14e3f859ea898f7e36eced.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1622116734907&ns_c=UTF-8&cv=3.5&c8=The%20Onion%20%7C%20America's%20Finest%20News%20Source.&c7=https%3A%2F%2Fwww.theonion.com%2F&c9=
content-length: 211
x-amz-cf-id: l9OZaQluIlr53sJP4XtxHcJG0gqo0NWBqbdwcQI83cn6uWP7K_WBLg==

GET
H2 200 ijs_all_modules_77375b2223c1d9bd459634466ad87d8e.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 471 KB
114 KB 58ms
16ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_77375b2223c1d9bd459634466ad87d8e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: d5e60497b457ac4b570492c04c8dc6f0a841cb70a9d9fbc3b943b687ebb28400

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 24 May 2021 14:32:11 GMT
content-encoding: gzip
age: 250003
x-guploader-uploadid: ABg5-Uxil3QRJPjvH-u1PFN1g8hffk4bT-_MWqV5yG7SVC-qMb0A0ctw_WRaTlcoMIy5OYu1RY6w5dg-DTgslFlaESM
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 115643
last-modified: Mon, 24 May 2021 14:32:00 GMT
server: UploadServer
etag: "9b06397cf2ad13acb4dccbbc39997a9d"
vary: Accept-Encoding
x-goog-hash: crc32c=/dQuzw==, md5=mwY5fPKtE6y03Mu8OZl6nQ==
x-goog-generation: 1621866720692324
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 115643
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 24 May 2022 14:32:11 GMT

GET
H/1.1 200
OK any Show response
idx.liadm.com/idex/ie/ 206 B
688 B 487ms
118ms XHR
application/json 52.44.181.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idx.liadm.com/idex/ie/any

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.44.181.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-44-181-48.compute-1.amazonaws.com

Software

Resource Hash

a43ff18aa18f1b2a6f554fcb0da68033556c4461b2d580453511cdcde1611fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
trace-id: b387470eb05b3965
Content-Length: 206

GET
H2 451 identity Show response
api.rlcdn.com/api/ 0
222 B 61ms
29ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 27 May 2021 11:58:54 GMT
via: 1.1 google
alt-svc: clear
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.theonion.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 145ms
47ms XHR
application/json 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=183957&gdpr=0
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 19630e8a48a8047d4d2e12f4dc231308aa68f3ad516aa49c6d61205a8669df1b

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.theonion.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 26 Jun 2021 11:58:55 GMT

GET
H2 200 connatix.playspace.css
cds.connatix.com/p/118660/ 93 KB
13 KB 22ms
21ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/118660/connatix.playspace.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9335eafdaee7dc4b18ecf6497d1cff75f36cf675c79ab059ddc1c195dda5cf33

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: br
last-modified: Thu, 27 May 2021 11:39:45 GMT
age: 1058
etag: "9d920d04b5a7886d2b02686681adc4e8"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 13097

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
254 B 36ms
34ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-142218-33&cid=533000506.1622116735&jid=927123084&_u=aGDACEABFAQCAC~&z=1795213553

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
505 B 49ms
30ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-142218-33&cid=533000506.1622116735&jid=927123084&_u=aGDACEABFAQCAC~&z=1795213553

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 628F
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

251 B
940 B

222ms
222ms

Document
text/html

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 9289f9c58f51cfe5a65efcc0ff8559af4ce2f3ade98196e38e263f1bca399ac6

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.theonion.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

Server: Server
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 203
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 11:58:55 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Jul-2026 11:58:55 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Set-Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 11:58:55 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

POST
H/1.1 200
OK story Show response
capi.connatix.com/core/ 2 KB
2 KB 607ms
145ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/story?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 84c6c193201ba7756e82f9f5c52e0d5fcf6d2387738f216ec946976483d158a9

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1268

GET
H2 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 125F 2 KB
1 KB 15ms
15ms Document
text/html 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

:method: GET
:authority: assets.bounceexchange.com
:scheme: https
:path: /assets/bounce/local_storage_frame16.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

x-guploader-uploadid: ABg5-UwA1cxdkvIDw1kxhEeBDcOqCpWbbfB7Nq8wf1xmLt07YFMNAoX6W5EFRI5M_lmxmclb1oDJDvD0G4fBev9JCk7_QCePpg
date: Mon, 17 May 2021 07:59:42 GMT
expires: Tue, 17 May 2022 07:59:42 GMT
last-modified: Thu, 13 May 2021 20:11:20 GMT
etag: "eb73cd3261d40e03526a9ed839737b38"
x-goog-generation: 1620936680576274
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-goog-hash: crc32c=80TAzQ== md5=63PNMmHUDgNSap7YOXN7OA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1055
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
server: UploadServer
cache-control: public,max-age=31536000
age: 878353
alt-svc: clear

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
291 B 98ms
55ms Script
text/html 35.227.229.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklz=C4ewVgigvArgdgEwKYDMCWckIGQGNgDOUAjAGwBM5xZA7AMwCsxAHA9sAF4hQC0x5ABmwB3JACMCaYEgD6aBFDqkALGwBOSAiAA2MYGhBwSpAQIAe-U9g0okajWqh4Ahtu0YA5jJhrtUABbAwAAOBACkdACCYeQAYjGxwkkAdMD+SIYGcMm4IAC2CdgAbmiSwDK5IADWaEhQYTQAQjHk2sEtEdGUgSHh5AxRMQxxQ3FJwqnpmYY5+aPxlDEAwi1qHYOLizQAIngg1bX1TQ27Rc5qBADaCCjBMmpi2iC4VQC6UHAg5RrOCACeewOslAIBk2nOHjqKFcBCQ2DEwSgQiQISgl1e2GChCcuTywXczjguFkKHBHicRX8zigQA
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.229.34 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
via: 1.1 google
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
server: nginx
content-encoding: gzip
alt-svc: clear
content-type: text/html; charset=UTF-8

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 38ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 723ms
723ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=535748780932327&correlator=315820131218379&output=ldjh&impl=fif&eid=31061311%2C31061327%2C31061341%2C21064367%2C44743003&vrg=2021052501&ptt=17&sc=1&sfv=1-0-38&ecs=20210527&iu_parts=4246%2Cfmg.onion%2Cfrontpage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x251%7C970x90%7C728x90&prev_scp=article_position%3Dnone%26pos%3Dtop%26page%3Dfrontpage%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26ad_index%3D1%26amznbid%3D2%26amznp%3D2%26mnetDNB%3D1%26mnetPageID%3D2%26mnetCV%3D3%26mnetCC%3DCH%26mnetUGD%3D4&eri=1&cust_params=tags%3D%26blogName%3Dtheonion%26channel%3D%26section%3D%26subsection%3D%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1622116735&dt=1622116735479&dlt=1622116734068&idt=737&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=304&adks=3099211010&ucis=1&ifi=1&u_tz=120&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.theonion.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x290&msz=1600x290&ga_vid=533000506.1622116735&ga_sid=1622116735&ga_hid=2044920808&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

20afe0a4fdda3d9235d00783de04a3ffb210c19660906ad9c8d2ce6514dafdc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10775
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 49ms
15ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 28ms
5ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 513ms
512ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=535748780932327&correlator=2073065897290020&output=ldjh&impl=fif&eid=31061311%2C31061327%2C31061341%2C21064367%2C44743003&vrg=2021052501&ptt=17&sc=1&sfv=1-0-38&ecs=20210527&iu_parts=4246%2Cfmg.onion%2Cfrontpage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=article_position%3Dnone%26pos%3Dleft_top%26page%3Dfrontpage%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26ad_index%3D1%26amznbid%3D2%26amznp%3D2%26mnetDNB%3D1%26mnetPageID%3D3%26mnetCV%3D3%26mnetCC%3DCH%26mnetUGD%3D4&eri=1&cust_params=tags%3D%26blogName%3Dtheonion%26channel%3D%26section%3D%26subsection%3D%26amznbid%3D0%26amznp%3D0%26mnetDNB300x250%3D1%26mnetPageID300x250%3D1%26mnetCC300x250%3DCH&cookie_enabled=1&bc=31&abxe=1&lmt=1622116735&dt=1622116735509&dlt=1622116734068&idt=737&frm=20&biw=1600&bih=1200&oid=3&adxs=1149&adys=4476&adks=331020001&ucis=2&ifi=2&u_tz=120&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.theonion.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=301x384&msz=301x0&ga_vid=533000506.1622116735&ga_sid=1622116735&ga_hid=2044920808&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9d3d7ddda54a4e5efc06f9234ef28a21b3674ba7a2b17dce45cc2f97ce6900f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7341
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theonion.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame F42D 1 KB
765 B 44ms
43ms Document
text/html 52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 724e1d3c710a798d807e235c66c8839f66c14d10ded86de1dde5bb692e53cb85

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_ym_rbd_an-db5_3lift&dcc=t

Response headers

Server: Server
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 404
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 40E2 2 KB
3 KB 96ms
36ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 28435eba0bbe3b10e00a1b8bb75b87a207e9f6cf375fb75da900a06ef3ea1aa7

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YK.JfpFfBm2OM7LvnkCj8AAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|241|45|39|88|90|218|46
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1885
Expires: Thu, 27 May 2021 11:58:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 27 May 2021 11:58:55 GMT
Connection: keep-alive
Set-Cookie: CMID=YK.JfpFfBm2OM7LvnkCj8AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 27 May 2022 11:58:55 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 25 Aug 2021 11:58:55 GMT CMPRO=1158;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 25 Aug 2021 11:58:55 GMT CMRUM3=2e60af897f05a0&da60af897f2760&5860af897f05a0&2760af897f0b40&e660af897f2760&5a60af897f05a0&2d60af897f05a0&f160af897f05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 27 May 2022 11:58:55 GMT CMST=YK+Jf2CviX8A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 28 May 2021 11:58:55 GMT

GET
H2 403 tamptsync Show response
sync-amz.ads.yieldmo.com/ Frame CB49 243 B
483 B 154ms
114ms Document
application/xml 2600:9000:2182:9e00:0:70b1:7080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9e00:0:70b1:7080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 231366c84db9907c3d844e9edde05c2d215c9cc43a09ec1d129872c542f38cd4

Request headers

:method: GET
:authority: sync-amz.ads.yieldmo.com
:scheme: https
:path: /tamptsync?callback=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: application/xml
date: Thu, 27 May 2021 11:58:54 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: BXdEErbLEpUXNQokvhw1ZrpYM3uOcZoXebVM2s_S29yut_UvpIjydg==

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2DA9 281 B
554 B 82ms
26ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tlCBRUZWfOQpzq4eRUmvkSc3ya9WQi+HKKRWt2jyoYTD2eRvLWSDhFgX3ng06hUEE9RUpasHbexgivGKrYKdBNKOTT8+Kbwv/ANSf; ses2=; vis2=243700^1; khaos=KP6UF74U-1Q-596O; ses15=; vis15=243700^1; audit=1|hLZGFuTafB24cnlWBn5+unp4/TMPY9XwBIQY4l0Qym4lyBwh7wur6eXEKZlbTbZIVorotD8haePMboWaW1ii7YPohHjd5quG
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 27 May 2021 11:58:55 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 0C68
Redirect Chain

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
https://aax-eu.amazon-adsystem.com/s/ecm3?id=4554056646552464802&ex=appnexus.com

43 B
344 B

64ms
64ms

Document
image/gif

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4554056646552464802&ex=appnexus.com
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

Server: nginx/1.17.9
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4554056646552464802&ex=appnexus.com
AN-X-Request-Uuid: 216b61a7-20ca-4294-869b-099929d61a8c
Set-Cookie: uuid2=4554056646552464802; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 25-Aug-2021 11:58:55 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.47:80

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame A5E5
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1926174938368787089

43 B
344 B

100ms
46ms

Document
image/gif

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1926174938368787089
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_ym_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A0ki98R01UHkt12SIqYfXxo; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Thu, 27 May 2021 11:58:55 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Thu, 27 May 2021 11:58:55 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1926174938368787089
set-cookie: tluid=1926174938368787089; Max-Age=7776000; Expires=Wed, 25 Aug 2021 11:58:55 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2DA9 31 KB
9 KB 56ms
56ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 3ed1ebf0d6f605635332d2dc7d98bd3cb3fff298bffb5765c1969ab93b3fbeb6

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 May 2021 19:07:56 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43130
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9266
Expires: Thu, 27 May 2021 23:57:45 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 40E2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB&gdpr_consent=&us_privacy=&gdpr=
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESECwZQ3P__fwv5_6U3Z4Kyys&google_cver=1

43 B
315 B

32ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESECwZQ3P__fwv5_6U3Z4Kyys&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:55 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESECwZQ3P__fwv5_6U3Z4Kyys&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 40E2 43 B
720 B 362ms
123ms Image
image/gif 52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:55 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 40E2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YK.JfpFfBm2OM7LvnkCj8AAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2

43 B
999 B

38ms
37ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:56 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 40E2 70 B
264 B 93ms
46ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YK.JfpFfBm2OM7LvnkCj8AAA
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

ZMAwryCI
sync-tm.everesttech.net/ct/upi/pid/ Frame 40E2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YK_JfwABWvDOeAA4

85 B
189 B

19ms
19ms

Image
image/png

151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YK_JfwABWvDOeAA4
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
age: 1316
x-served-by: cache-hhn4046-HHN
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-timer: S1622116736.014262,VS0,VE0
content-length: 85
x-cache-hits: 15237

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1622116736.882816,VS0,VE89
x-served-by: cache-hhn4046-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=YK_JfwABWvDOeAA4
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 40E2
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=41EFF775772643339344FE470293C997

43 B
1004 B

33ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=41EFF775772643339344FE470293C997
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:56 GMT

Redirect headers

date: Thu, 27 May 2021 11:58:56 GMT
x-content-type-options: nosniff
server: nginx
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=41EFF775772643339344FE470293C997
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Wed, 26 May 2021 11:58:56 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 40E2
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158?gdpr_consent=&us_privacy=&gdpr=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158

42 B
975 B

53ms
53ms

Image
image/gif

34.254.147.143
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.254.147.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v007-046187b5b.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: zEsEra0JSMs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v007-06a7f32e7.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Ckq7zgaPR7Y=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YK.JfpFfBm2OM7LvnkCj8AAA%261158
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 40E2
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4554056646552464802

43 B
991 B

32ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4554056646552464802
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:56 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.72:80
AN-X-Request-Uuid: f2e077ac-b034-4967-a735-17ba61715e11
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4554056646552464802
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame 40E2 43 B
344 B 136ms
48ms Image
image/gif 52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YK-JfpFfBm2OM7LvnkCj8AAABIYAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:55 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 2DA9
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KP6UF74U-1Q-596O&ex=d-rubiconproject.com&status=ok

43 B
344 B

48ms
48ms

Image
image/gif

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KP6UF74U-1Q-596O&ex=d-rubiconproject.com&status=ok
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KP6UF74U-1Q-596O&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ 0
297 B 138ms
137ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 5b81d532-9f98-4273-9066-2a55a0979b69.bin Show response
vid.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 2 KB
1 KB 68ms
20ms XHR
application/octet-stream 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/5b81d532-9f98-4273-9066-2a55a0979b69.bin
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a767f5a2569cd31376fbb2df629e72e6eedfc6977dea6c805ac6cabb609ee50f

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 11:47:13 GMT
age: 644
etag: "d78972c95df00793e89d9fc03c896c52"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 824

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 336 KB
115 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0763cefe362deddc5a533e71213145d35dcea9c9b80ae9e59a33e90240489e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117984
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:55 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2DA9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=5fd160af-897f-4100-b347-cab16db7ef25

42 B
691 B

1009ms
22ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=5fd160af-897f-4100-b347-cab16db7ef25
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

Date: Thu, 27 May 2021 11:58:55 GMT
Server: MT3 3736 915c305 master zrh-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=5fd160af-897f-4100-b347-cab16db7ef25
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 27 May 2021 11:58:54 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2DA9
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/ofaXOkdQbVTwiB2_tQtHVcn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=90278421757898669

42 B
691 B

153ms
21ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=90278421757898669
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

date: Thu, 27 May 2021 11:58:57 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=90278421757898669
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 2DA9 70 B
264 B 48ms
47ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2DA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA28xQHdr96mdHJKmzZR4sE&google_cver=1

42 B
691 B

1237ms
21ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA28xQHdr96mdHJKmzZR4sE&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA28xQHdr96mdHJKmzZR4sE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2DA9
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTJlMTc2NTE4MmE1Y2I5NmYzNmYwZTE3MTIwZDM1MzI1NmM5MDkwYw

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTJlMTc2NTE4MmE1Y2I5NmYzNmYwZTE3MTIwZDM1MzI1NmM5MDkwYw

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTJlMTc2NTE4MmE1Y2I5NmYzNmYwZTE3MTIwZDM1MzI1NmM5MDkwYw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 2DA9 0
66 B 1080ms
28ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2DA9
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2VUY3NFUtMVEtNTk2Tw==

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2VUY3NFUtMVEtNTk2Tw==

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A2VUY3NFUtMVEtNTk2Tw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2DA9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YK_JfwABWu3OgAA4
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YK_JfwABWu3OgAA4&_test=YK_JfwABWu3OgAA4

42 B
691 B

1037ms
21ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YK_JfwABWu3OgAA4&_test=YK_JfwABWu3OgAA4
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1622116736.014681,VS0,VE0
x-served-by: cache-hhn4046-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YK_JfwABWu3OgAA4&_test=YK_JfwABWu3OgAA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
27 KB 43ms
15ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/x-kinja-static/assets/new-client/adManager.7604a42f42ca8bf36262.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
last-modified: Thu, 20 May 2021 06:12:34 GMT
server: nginx
etag: W/"60a5fdd2-14a5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 28 May 2021 11:58:55 GMT

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ 0
297 B 138ms
137ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:58:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ 130 B
396 B 869ms
232ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 39a476dc1f2864fe392a6c7adb5fb772306b7a2ad574cb75229e95fd1b862667

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:58:56 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 118

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ 0
297 B 272ms
137ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:58:56 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 cca3962f-f1dc-41d5-a471-36b0f55e1381.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 29 KB
29 KB 1136ms
46ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/cca3962f-f1dc-41d5-a471-36b0f55e1381.jpg?crop=590:404,smart&width=590&height=404&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3ba9f232b3e3e3ef96106e460ba9ef73a2251c8ce8c5f149db312f906006e13

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 565
etag: "+SmNHwzhnqeJOTCwW5mfPliPrbNczGj9JXaEYv7Id2c"
access-control-max-age: 86400
fastly-io-info: ifsz=788260 idim=1200x675 ifmt=png ofsz=29678 odim=590x404 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 29678

GET
H2 200 cca3962f-f1dc-41d5-a471-36b0f55e1381.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 24 KB
24 KB 1127ms
46ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/cca3962f-f1dc-41d5-a471-36b0f55e1381.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e796b0b7a638968719ab66ca8c799231a6d91a646394cc8c335d53360f68df52

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 565
etag: "ISG7b3ePOl5LT3JJpcVyfpuAJX1MatKDh4hr3zJIYyw"
access-control-max-age: 86400
fastly-io-info: ifsz=788260 idim=1200x675 ifmt=png ofsz=24585 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 24585

GET
H2 200 09eefedd-e463-4358-8fb4-aa8a0ebf37a1.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 16 KB
16 KB 1083ms
21ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/09eefedd-e463-4358-8fb4-aa8a0ebf37a1.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4881582645ca0d28a01e58d482770dd70067bc7ff1ec5bb860e12ea31be2ddee

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 564
etag: "ZtY2T82LGO9xYWA1JPOjA90TEfyzdd1tGSvO4cui+bA"
access-control-max-age: 86400
fastly-io-info: ifsz=87657 idim=1200x675 ifmt=jpeg ofsz=16423 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 16423

GET
H2 200 fa5063a6-30b5-4c46-8ffb-ce8978a85381.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 34 KB
34 KB 1121ms
60ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/fa5063a6-30b5-4c46-8ffb-ce8978a85381.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 35b3ab17b1bd5769e1ee9bf807b8fb4619865c1af2775ee8c67303877a5cd775

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 564
etag: "372PQcDR0ov93gCIJP6Ps3Mf7nvc11oy7mK8puLD1wQ"
access-control-max-age: 86400
fastly-io-info: ifsz=151122 idim=1200x675 ifmt=jpeg ofsz=34854 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 34854

GET
H2 200 a5d475f7-56f5-4c4c-88f2-8824d53eebac.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 18 KB
19 KB 1106ms
46ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/a5d475f7-56f5-4c4c-88f2-8824d53eebac.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a6f80d6d8dca05d01eea1962704ec49f7c805d85b244d21f8ca4a27b5220e47a

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 564
etag: "5wVHZhoEbBeF6NBxq1qF0i9ePpDHRxvCgyHeRBZgT4c"
access-control-max-age: 86400
fastly-io-info: ifsz=95921 idim=1200x675 ifmt=jpeg ofsz=18931 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 18931

GET
H2 200 6df5382f-7fa9-4751-a0ec-d5e29651190c.jpg
img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/ 38 KB
38 KB 1085ms
25ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/afa9ca6c-aaa2-4fcb-b73f-26a17e0674ee/6df5382f-7fa9-4751-a0ec-d5e29651190c.jpg?crop=590:332,smart&width=590&height=332&format=jpeg&quality=60&fit=crop
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3e5872ff1c0076c2309abcdc498aae1781a73f26dff06ebbb602f457dcdec68b

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
age: 564
etag: "A+YrJXQl42LXw0W/YOCWLSFS/36Lp2JnX1CEHkcARWE"
access-control-max-age: 86400
fastly-io-info: ifsz=225197 idim=1200x675 ifmt=jpeg ofsz=38947 odim=590x332 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 38947

GET
H3-29 200 bridge3.461.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 10CA 575 KB
188 KB 22ms
7ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1676929b05575b877aee5503070d1260e83b7201265b27f87e64472e956bfdd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.461.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192624
date: Tue, 25 May 2021 04:12:13 GMT
expires: Wed, 25 May 2022 04:12:13 GMT
last-modified: Tue, 25 May 2021 03:58:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 200802
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 41ms
13ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:55 GMT

GET
H3-29 200 bridge3.461.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 316E 575 KB
188 KB 8ms
8ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1676929b05575b877aee5503070d1260e83b7201265b27f87e64472e956bfdd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.461.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192624
date: Tue, 25 May 2021 04:12:13 GMT
expires: Wed, 25 May 2022 04:12:13 GMT
last-modified: Tue, 25 May 2021 03:58:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 200802
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bridge3.461.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D975 575 KB
188 KB 7ms
6ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.461.0_en.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1676929b05575b877aee5503070d1260e83b7201265b27f87e64472e956bfdd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.461.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192624
date: Tue, 25 May 2021 04:12:13 GMT
expires: Wed, 25 May 2022 04:12:13 GMT
last-modified: Tue, 25 May 2021 03:58:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 200802
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 83 KB
27 KB 39ms
14ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: gzip
last-modified: Thu, 20 May 2021 06:12:34 GMT
server: nginx
etag: W/"60a5fdd2-14a5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 28 May 2021 11:58:56 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C251 36 KB
13 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1737
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Thu, 27 May 2021 12:29:59 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 92CB 36 KB
12 KB 29ms
9ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1737
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Thu, 27 May 2021 12:29:59 GMT

GET
H3-29 200 container.html Show response
c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3466 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 27 May 2021 11:58:55 GMT
expires: Fri, 27 May 2022 11:58:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 litype.php Show response
hbx.media.net/ 82 B
249 B 50ms
50ms Script
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/litype.php?&cid=8CUL2TG3D&lid=4519495657&sn=S0&callback=window.advBidxc.doRefresh

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

23abd3879c065de7044cf1997c8fbe169cbaaba9518d808a461f4a9a2ff3af70

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: Apache
date: Thu, 27 May 2021 11:58:56 GMT
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=10800
content-length: 82
x-mnet-hl2: E
expires: Thu, 27 May 2021 14:58:56 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052501.js?31061327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028727180027"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27990
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:56 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8997 36 KB
12 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1737
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Thu, 27 May 2021 12:29:59 GMT

GET
H2 200 bl-165eba0-d3cb199c.js Show response
tagan.adlightning.com/gomedia/ Frame 3466 51 KB
20 KB 33ms
32ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-d3cb199c.js
Requested by: Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1bcbb7c20266cf764ae05d6483d018827ffe86e9548b050192fe4e22e50d19b

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 22:22:15 GMT
content-encoding: gzip
age: 49002
x-cache: Hit from cloudfront
content-length: 19637
x-amz-meta-git_commit: 165eba0
last-modified: Wed, 26 May 2021 21:31:08 GMT
server: AmazonS3
etag: "6a5d55fdb41bb0d78eb555c735f401f0"
x-amz-version-id: IhMYlIgrAPlc9NMf.PFk9TSMiAYRXIMX
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Qt7TGLIFpfKS_9gZHAPZR-7LahcelVH68tIOwttQxE9AXvveMs1-8g==

GET
H2 200 b-165eba0-d33cdfb0.js Show response
tagan.adlightning.com/gomedia/ Frame 3466 68 KB
23 KB 33ms
32ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js
Requested by: Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6752c7307f4f3d9e84681023632884d9ee0ebea34414f6dd34224d546e90cef

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:12:50 GMT
content-encoding: gzip
age: 837967
x-cache: Hit from cloudfront
content-length: 22724
x-amz-meta-git_commit: 165eba0
last-modified: Mon, 17 May 2021 19:11:17 GMT
server: AmazonS3
etag: "6bc857b066e82e254e7e05b4e5371d8c"
x-amz-version-id: g13l3EMtjHIEyToJHgckrLBeb66Tvrah
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Jicyiu5sYTNMwTA1AKeTcAcWRY9CgXPQrKUZjQrup96E8IDgC3QYdQ==

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3466 42 B
63 B 50ms
50ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CUw9_cOMai_YVTZqMgiPPq2rv0Nov9VUCluFtLgqU9vZsjw8aOJttVaDXpVCumjWZCRZz3f668bOjjJq7L4nMNo-QL5QR31IP4EFd7YD72OiQ8sgk

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 3466 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 11:55:32 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3466 121 KB
37 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 3466 13 KB
6 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 11:54:40 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 3466 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS8Pi_ChYvLjBcNS6gOS3Co_-wzUibEJLo7GdM973JgUC70-6qv8eL4l9PYbq-L-VE9_N6L
Requested by: Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 bl-165eba0-d3cb199c.js Show response
tagan.adlightning.com/gomedia/ Frame 3D38 51 KB
20 KB 26ms
25ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/bl-165eba0-d3cb199c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1bcbb7c20266cf764ae05d6483d018827ffe86e9548b050192fe4e22e50d19b

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 22:22:15 GMT
content-encoding: gzip
age: 49002
x-cache: Hit from cloudfront
content-length: 19637
x-amz-meta-git_commit: 165eba0
last-modified: Wed, 26 May 2021 21:31:08 GMT
server: AmazonS3
etag: "6a5d55fdb41bb0d78eb555c735f401f0"
x-amz-version-id: IhMYlIgrAPlc9NMf.PFk9TSMiAYRXIMX
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: DrTUvCknaswrJY9MH9ElSQ7Ar-XFHBZbe5cCdQLMQbiuLbNFOQOqag==

GET
H2 200 b-165eba0-d33cdfb0.js Show response
tagan.adlightning.com/gomedia/ Frame 3D38 68 KB
23 KB 26ms
25ms Script
application/javascript 13.226.159.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-10.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6752c7307f4f3d9e84681023632884d9ee0ebea34414f6dd34224d546e90cef

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:12:50 GMT
content-encoding: gzip
age: 837967
x-cache: Hit from cloudfront
content-length: 22724
x-amz-meta-git_commit: 165eba0
last-modified: Mon, 17 May 2021 19:11:17 GMT
server: AmazonS3
etag: "6bc857b066e82e254e7e05b4e5371d8c"
x-amz-version-id: g13l3EMtjHIEyToJHgckrLBeb66Tvrah
via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 5QDlPl1CbXpHlz23kYjxdUS0DXLCSTrbdMc2Nweu3bN0aSVPgVcq-Q==

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012104130153000/ Frame 3D38 192 KB
54 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012104130153000/amp4ads-v0.mjs

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

842c872b3898f5b0e7d31292eebc5442195611e262f59bae3e7d5b63c507e00d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55414
x-xss-protection: 0
server: sffe
date: Thu, 27 May 2021 11:45:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "806d9da51f0ab461"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 11:45:40 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012104130153000/v0/ Frame 3D38 12 KB
5 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012104130153000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3d84be67c0c5be9cfca5550b4bcc0947d40d62806652b81f7c296bfbc427357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4561
x-xss-protection: 0
server: sffe
date: Thu, 27 May 2021 11:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f7d3159bb96ed225"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 11:45:39 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012104130153000/v0/ Frame 3D38 88 KB
27 KB 39ms
17ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012104130153000/v0/amp-analytics-0.1.mjs

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb759faf67697ba0b5359e9574f85b1fe60574b6d96fce3df6eaf102501b107c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27392
x-xss-protection: 0
server: sffe
date: Thu, 27 May 2021 11:45:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "025b1bcedb95d6d9"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 11:45:40 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012104130153000/v0/ Frame 3D38 4 KB
2 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012104130153000/v0/amp-fit-text-0.1.mjs

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7139c86828ab90555f59fbccbf0209ed8da1f5498ba5d78f80c3b189f38e705

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: sffe
date: Thu, 27 May 2021 11:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "26e8fee94434f5d6"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 11:45:39 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012104130153000/v0/ Frame 3D38 40 KB
13 KB 43ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012104130153000/v0/amp-form-0.1.mjs

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc29500273c93c58829591b68df2cd5b8885409f82654d852b5b9b65d18f7be

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12750
x-xss-protection: 0
server: sffe
date: Thu, 27 May 2021 11:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "73bdf441b447cfc6"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 11:45:39 GMT

GET
H3-29 200 8781180920025045883
tpc.googlesyndication.com/simgad/ Frame 3D38 109 KB
109 KB 8ms
7ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8781180920025045883?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlE54DN3Hy8UpH16i0RVXKDyTD6RA

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89e921857659efdf64655a6a4df30b03d0f006fa7f1a732d3dd7a58d1cb67818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 10:06:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Jan 2021 21:52:51 GMT
server: sffe
age: 352367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111409
x-xss-protection: 0
expires: Mon, 23 May 2022 10:06:09 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D38 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 May 2021 14:36:54 GMT
x-content-type-options: nosniff
server: cafe
age: 76922
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 27 May 2021 14:36:54 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D38 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 May 2021 22:17:05 GMT
x-content-type-options: nosniff
server: cafe
age: 49311
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 27 May 2021 22:17:05 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 3D38 0
0 22ms
21ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSbO5bOdmqlG_pM4XOuG9lKpkzE8DIJKykZW2WSsSDdXPBqHpBtrNx8DRRcid03yYHSvj7D
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3D38 0
0 31ms
30ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cfm-df4mvYJ-VIJL8gQfpxZjYAZPE9LNiwozY0b8MjNP2mP4OEAEgiM2OHmD1lc6B4ASgAYT5lsYDyAEC4AIAqAMByAMIqgSHAk_Qe3yeN2hdjKt4GViK2dgmBCxaWKhnRMNTIcxf40xv-rJ_rw0E-rA4OlSBvkJ659x2Z2NXH8Nny7lKoduHFbbkGtD6BbVJMcKcEx9bo16yPqCzA1b-oWUkh8jgigDDJqdE0QHlaHzSgruiGefGC14lNWp2zq8mdn88r-whGQWDK9b758M4f39igd0lH91wrAtMnlmctvXE3pteFl2Z7ijDwDnNjzvJ-UVOgeGWmyyRM9TAuzaXXMhWDRj4C5v37i_f-5ma5boTlfaCHOB1m5QpIAG-MueB1EYaymJe3VRZUtkljNHSD7fCIs7Z285S38JhSFn2qGylKqocyICbMLxM58SbnK9HwATRzuykpQPgBAGSBQQIBBgBkgUECAUYBKAGAoAH5IbpOagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCLxzXSCAkIgOGAQBABGB2ACgPICwHYEwzQFQGYFgGAFwGyFxoKGAgAEhRwdWItOTI2ODQ0MDg4MzQ0ODkyNQ&sigh=Au979ONq9y4
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 3D38 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70a3cb331facf693cc465da1843e4826edfc6add85d6fe1f9317b55a8f608053

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4C8F 478 B
795 B 36ms
16ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmPOvWbbcdw_xTopYG9q-JCEO0BtOfU_iUm_JBhufQbW61IRjhV_z3f1B-D_to; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 27 May 2021 11:58:56 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 11:58:56 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3466 58 KB
23 KB 58ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cpc_rzSiRlTmSIe97xWO-lLxdbMk0pD2R3u2pmTP3EuzoH5UsUqkBOxT5A0Ul0V2gwxmTDOlvqKfQ8JpyxIR4Vqg_TX1WfJWCMDwKukSPxlK2f4HZceQzMM1zjH0H_mT82HYJLrX7U3IrGFgcCsgOeXrASAQ&dbm_d=AKAmf-BFAlL1wphciayAK7VZT9kQAcQVpFVfGZXq--NrV9sBwnqMtxsIDfpJ_coUu_LfKKiewbSwA-DX3Z-Veosh25b6TL6sGhM4CYb9HTpbbfXraWJwPx1RWALpYTrMoj-9JZ_VqRArlCPTihQDwNUvU98JuiYvnkBHzfyeI1_kdEkoXSVv02fDZ82lCTgsehMC18I2BmX0rC6FJK3e3jLdV7Y368X45PuqsuyGnnndlOONEUaScmUN4J3rV6p4A_0zWZPkELxZL9BSiJTv58mHoVytK-tyhsD8-Vwm-seEyascMVJ4NAUB1q0kkf1A6qrdtEvm_vmu66oQRP6RNaUJQRYJg-C8L8sFilE_7hgt8Lk2oJMkjG4zovjfjwQ4RECmQQEx26EwfxAo1wDsgQeZwwNDc2dURyvZUOwTTiBYrESu3mGZ9VLnuMLxKNyetvsECWRb_v_YgzjL35sC8UkFOV0isngCbP8PjyjOMSewbKAAVluU8DIxRAm-q_Hz9kEbCJHXZQzPVY6732fIhBxKDplwc04Css1qdzzy432iKW-TmQQ5gp5YcvG49GgULtIB1TARGAEX7wZL0wbMlNSCc7hDKwDUYLkwXH2s5s9o46zJJG6XjfL1L8Zmzhs3cLy6XoWhdP563-AmybAndRKaUle8EyQnokDXLJ-Y5XwWPanM-6EEdwVQrBtutxrZWUxnOiOI1h4mEeyi91YRlqTISnE8sZuKdhcPY4twq1oaewOTGnmZ7LZaib2BjuOosTkdi4yv4wz3wiBbh6pZSppDINqmX7I-2KmsEbsM0ppiYuFqaVRnccNjF4XZF2kbfKEqpaqW7wmvx1yPB0IDgrfAW48XItL9alFWX4jmsBObnH2UcfKEJetAMGGolEwNZ8TXE9bT6N31k3TvA1Ni8Cj4hgPc8lFX2vbwsvMWzlHvwKpOilRT3r_agcF0bBKF8wxS55M9kM7xpTFa2xS9sLL4x9A8bjOQ5jLu3JDAdALR7tOZZ8xaOyP3RItp5CnmcLPfGRvYftRoE94E55nMHA8LD9aKHQxuZuA1sWVmNKlJSUhjnp0_UiTdP6kppEkOGD8del3B9roNjiv7p5glg9Ao-VgwD16wbac0pF4SAgLMoPoJHiDaN20mDfct7xUWIIKy0W_NDwBHA5faHzlMAbik1M_8wxpixqPIscCySgp9EuxWAqt98mjE-bEmnPCKakWebmSSdPpHOOlIpXFPVdSyrGe5-wql-WXqMaCAs3dJA2PdcrT-ijTM2Y-RDiCEKbtRbnDd9dfLOvlbl-68tM9yv-WOxJa1gkBnB-QODWyc_EaX1yWbYb7zGiIsGxe-5Wp8NFmx64XWGCdlQ4S5tcj338MIGLAEggHWGd4-2tso2fa5-cD22Fw91rtTGhIOKCqE9rPvcmrGtzLSIm3wwvnUs1timU_F_yvfg5l0XanyJF_c4Djb8zwQHKUSK9SwUQG_yiuWJAQ2KpIVlZXgzPYAjLXK0NG0f3Jn39StNAQTq5Z_dcKiDyI4DU0bye1anFlp45cR_wEikxxUQexivOeQDK48T1xxV9J-FsqP1PBxeJdZYCvxhB4q0ugOb9OiDwAJ0Lo1r-DWwGLgf7v87NV_jHD16_z5V0XaDN97ZN5CmWA48wwZ6WaHWyP92AKdfdCe6x9eq1ZZE9CuK9ZP37QH4hm5yQOWuYG7_DKKAa05K-9kZqp4EEgxmNzv15IdMVXdZQ_lmxtQBAfK5wGnN64R1NQoedc0PItrGFz5ctei9O5oDw_8y6XE7_sFyZYWStSBzlVhDRl-YjQ4GTmWsjyLE45cz0WsZRugbYfNOWOmGSF3scQNWh2bSGYjz-NfVTwHun6Dspu-HzhGG8V01zoB_g63IlvLP421a3GlshjY2UIPI5L8lxmqmrPxluDcY8gD2O1qgHIFbvh6v1UhLReVJqHI3o4kzznn9fQChNcKEu3U0Y4M-w3oyv7qaZieIiNAskRtNSm8U5G790vIaU6VVrjADdQEqjeja94LefRpWbdWlrz4-UH2b6-XsEl1n_qez4SX4w3l7eTC4jtvYnhmz_aUf6G9Y40yIEqtWbqm_wG3ckLzGpqg3BXWGvw-BizbCNYQf_VddwCffkiGmFSVuOpLqmMm6IGZrGwoDzTwdKxvi0NjFde-86YjsxVTCuy5Kvfv-3xn7s5_dAT-SaQ-VVapV8n6qklfBMmdlT3JVNHNQ5yERKlFhL6SYP-XRLwIoeiwqe2QRL5vwaix0XVTBMHr14djV8fAyPaPRzvwOydw_TkzasF030sVSTL7euHd2ORMI0rfz-HN3MFIuUcsqoxL2VMJ1VmNbod7VIoKx1EfuTtm5tV2rDb7s8aVr8-2kzvsnoiCEuci0uC9LTt3feVpKNMKaJ13sOH2YXwYgG7wduTSgpgInRfshKqX6eCHc-mqvHAVxG5vPx7XSn0UX3pP9c-XOw29xrTktncoQLfLltyzoncif3zDve5l7KtiM8EMtk1uhYCvtAo6hSh0P3iTfXp21Aoa_Fmj6DccVYwLQq1yt2S1aOx6wdp5A_M5BsSfJLriK6gkl1GkAdlspe7_hbGW0ZbGoMpH2BsxXHgnEBPOOBLH_s0lBODbLYehZqW2SV1mBV-jeyrHIhoAOr89grP6zDvt0izCRp4pa4eYN7vFbVlmhntLhUgCi3asaw2KEl4HGuj6JsIQuFPxvWn08K4l2vGceR2-AkAAotgEmJJxHJ75EWOvkRnTQSN_va7csH0gd-sadFt-XOv71adk7DRjZ11xnSJsqvIa-AtwcdcL8KZb5z0_uwSDOus5xGF_tRaZJ6iWyQXn_Dzk0KXZLkBNUBoL_HN1Hyu2tWGMSP1D9_jZc_imMa5XGI94qRKcD_YVPQYdRj1ojKUwONZ3oeN75V1T0q6SOEnDI5vo1gXAJEroK_RPX-wn7rqVUY-ywRUUzJQCTNlRsNEMGvKJA5RrfivXuqbryf91zLKuoXHHzRrsJzdssfHVQ2259lW7cZUyp9vj8RtQNnlR0VE17YK4jhniotqATEBJUYxXZpcN-dUtx7-dZEfSYE5s02gmKd0S_5eKYn_Bay2OcOFwyQ937bxUU8xrMCfQw2ipafGm9l0NY6EmRvjZjGrPkjyaWRqJG3Q2AdCBS1FQXtnbYaViSqUagyWm93yIh96iU5lTPlwyjU4-VbbPZGqDY7ScBgkoh-pIfkffLVoeOrfOkfjyMg&cid=CAASPeRoQgj_TfKdn1QirF8B3sgLhNyCLQpv9jCp5fhFpSYQdStU4G07T6fd7sr0e1huF4wncVcsTykxEoGb_ow&rfl=1%2Chttps%253A%252F%252Fwww.theonion.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ca295eb2230b9bce41b4b4e218d5453e2f73dbcc132c95ee311384bac692c76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23966
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 4C8F 170 B
188 B 31ms
29ms Image
image/png 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4C8F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1

43 B
1 KB

61ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:56 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4C8F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YK.JfpFfBm2OM7LvnkCj8AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2

43 B
1018 B

62ms
61ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGLOm9ZQBMAE&v=APEucNWJ-lihPAWqYNvTHvox0pfz0kVjjIlOwAVE0OZC1EL5hMsMfOat8ZCWLPwo9NSWVCskvYHG0fAIL8Tcrjm5BqJwcVE_mg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 27 May 2021 11:58:56 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELXi95BCc-UlL7ZNuGn9F3U&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3D38
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.theonion.com
URL: https://www.theonion.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Thu, 27 May 2021 11:58:56 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0

GET
H3-29 200 8781180920025045883
tpc.googlesyndication.com/simgad/ Frame 3D38 109 KB
109 KB 6ms
6ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8781180920025045883?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlE54DN3Hy8UpH16i0RVXKDyTD6RA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012104130153000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89e921857659efdf64655a6a4df30b03d0f006fa7f1a732d3dd7a58d1cb67818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 10:06:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Jan 2021 21:52:51 GMT
server: sffe
age: 352367
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111409
x-xss-protection: 0
expires: Mon, 23 May 2022 10:06:09 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D38 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012104130153000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 May 2021 14:36:54 GMT
x-content-type-options: nosniff
server: cafe
age: 76922
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 27 May 2021 14:36:54 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D38 295 B
319 B 9ms
9ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012104130153000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 May 2021 22:17:05 GMT
x-content-type-options: nosniff
server: cafe
age: 49311
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 27 May 2021 22:17:05 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 3466 111 KB
38 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 15:54:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72245
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 May 2021 15:54:51 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/elements/html/ Frame 3466 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 11:57:39 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 3466 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e515f6e09f5e26caff10460e9a027e236ec78caffaa756799730b20f4d33320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8609
x-xss-protection: 0
server: cafe
etag: 7365582700020686358
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Jun 2021 11:58:31 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3466 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 22:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48861
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 May 2022 22:24:35 GMT

GET
DATA 200
OK truncated
/ Frame 3466 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea0cc239ad1173728f28c8ddba806427ee4542bf5a7e65604f0c613d734e1297

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1605078249191/ Frame 3554 166 KB
25 KB 21ms
7ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f612b17f06a64bcf4683b3b04e54c313ede809fe59d10ffc691b80abdf4ff6e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1605078249191/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 25581
date: Thu, 27 May 2021 09:22:57 GMT
expires: Fri, 28 May 2021 09:22:57 GMT
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 9359
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3466 0
575 B 109ms
62ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuhBxTl-_YMFkCt-Dd93k79ZZDm1FWUkdQywFiBJUZRJlGfis0yyecjssUEfTRmB10na5uvw-4hdrjx3cchkMQ_v0cyj8Vx4Rsp2Cy7Qht7Mxx_WpCkMIP-NyEJ20AYjvdfIqkBXFblNps0rPna5BS22KPOEfheBUINj3LnLQnWSJzn6-H6B_ZUXeNtPCv-b9C3uQDhrIMQlUJXc31TzyFR4HLC7_80AF3m2BjcYsQvhH8X1GqpRd3midmf53eog-p0BNTo9nH_V0rqgId65GUfh0169rB4lHa7kURcxxW5UbpNvucuW_2w1vt4WVmBQuJkLJwp3hbugnf8cG783Q6mDoJGnYibdxwn4jXyVnDET_mxinXpQ9MC4dWHjDkTJIz7bItvKW2iOeFtxtw7IQVnab97gWrrUHjp6CsLcZkQ2MoClkJwUJwD4-FKgCQSCCLtqzgxLIp2ZwY2h_D7skT7jbSTP7DArFPK2wG7HCbUmIPJwzFD0AKu73zeBFF3zX_pooQdIx5BcrwmtEcOmVQYNn0wgMcxjW8RXCsrfzGOQloaapKN12_l66F5bMDSf5HKcQAd_sX_f0vqAJZsqcBN96Sx7IytmLlE2RzG2qZ7Er9Z1vHrK0tA5ic0dR0uNUrgvPYrWAnrEdIZrMF0gorzCwId0cqipMmV-Os6DF4yr4RuYvucMw171SSgTz6WLcWO0c46-HNeVSzkiSRt2VC1Rmzave9tSzopCfAeYKkn8Bj2yjGkjxhbB3ArnT-i3Sc66-UOvqri-Co-ek4siGbcGOchUl-1EL6eAaxiRquv95Z38pYh32MfqT-EFi8QzRKVgnVuJqAvVvKk87pWex7RSK3OYDbO9z1QDIyd_Dl5yEA74HaDZ4nyzjXF29KJT1lg4H9gIQkMClF06TZnK5Fm5m9KLhugdQjI_In1trVqBIx3Un4DWqD9zVt2NPSUVYotQYGvhOseB7ZqazZ8DlQ8pHZ5zs0WEdeNJi14A0J3eWJl5XeVgKV84RLBtb2KZ_oW3NMWeheRILJNLJPku-nDaxtJJoEsTe4d6hCW0e2DYAAXvuwo8JiprlqiyA9hWU7Gw5aB_uN3VkwGyA5DJIdVdNuXk3D6thutH6eKo8Ya6tuoEBONmowVC-niVH5Vmf_N0W7LOXr8EHkc-9zvMWfjuzDZnjctfJX6edyzWSn01loWyDTfDc8vFwZEZYD-z4LQjfOA92-Ve7tUSzXpYZRTtUG7hJH5LL2d5BQFFfCddT1KCyY0_jS5Y51iJn7MEL6PV2DOBUZRoC_nV9KDmcM&sai=AMfl-YS7bxOWFA_UI0uJ940KEHCxe8Qd_n2v0cWx4aqXWnmFDW0YVkRdSdz446BNHd6PhNnROyrCYZA7aSbiGtycNcQehHdcfR11XsLqvBVktZixButT43w66D5FvdehKWVo5U7ExOnuQKjWEZPpDrBbDvRszyvZB5pFx0qnr4RwMOkzo6LCUkeM_314RQR2SHNFX6jqsVSm-p1LDkIbkZeslGPzAecZaa_h14VjNa42z1oPHdbMg_4WLQLDxxisar06pw&sig=Cg0ArKJSzFOZ6Ez65ZD_EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=139&cbvp=1&cstd=130&cisv=r20210524.50389&adurl=

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 27 May 2021 11:58:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6755 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/b-165eba0-d33cdfb0.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 26 May 2021 22:24:35 GMT
expires: Thu, 26 May 2022 22:24:35 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 48861
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 3554 28 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 05:17:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24061
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 May 2021 05:17:55 GMT

GET
H3-29 200 2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js Show response
pagead2.googlesyndication.com/bg/ Frame 6755 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 340685
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5712
x-xss-protection: 0
expires: Mon, 23 May 2022 13:20:51 GMT

GET
H3-29 200 CoopCondBd.woff
s0.2mdn.net/9506911/1605078249191/ Frame 3554 29 KB
29 KB 9ms
8ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/CoopCondBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:05:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 71581
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29944
x-xss-protection: 0
expires: Thu, 27 May 2021 16:05:55 GMT

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1605078249191/ Frame 3554 32 KB
32 KB 9ms
8ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1605078249191/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1605078249191/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 18:44:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 62083
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Thu, 27 May 2021 18:44:13 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3466 0
60 B 57ms
56ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 11:58:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Kontrast-300.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 31 KB
31 KB 9ms
8ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Kontrast-300.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 15:38:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 73253
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31808
x-xss-protection: 0
expires: Thu, 27 May 2021 15:38:04 GMT

GET
H3-29 200 spaghetti-200.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 9 KB
9 KB 11ms
10ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/spaghetti-200.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df32c5ecbbd376bb8d8ed9c4ac41376dc50f4523b8d43e7165d710ba8a1095e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 08:43:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 11755
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8962
x-xss-protection: 0
expires: Fri, 28 May 2021 08:43:02 GMT

GET
H3-29 200 malbec-190.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 6 KB
6 KB 12ms
11ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/malbec-190.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ed2acc4abf47252212c74fa79892db172ac16781d484cec7810649a591e388f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 18:44:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 62084
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5813
x-xss-protection: 0
expires: Thu, 27 May 2021 18:44:13 GMT

GET
H3-29 200 peperoni-200.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 11 KB
11 KB 11ms
9ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/peperoni-200.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6681ebe8f1adb7cb3140002cd40223d5d4e240adb9d92527e83147e621a65c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 17:44:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 65639
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11012
x-xss-protection: 0
expires: Thu, 27 May 2021 17:44:58 GMT

GET
H3-29 200 pesto-60.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 5 KB
5 KB 10ms
9ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/pesto-60.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7eddef88f07ba5f97a16767e5dd2bd191cb49eca86caa5c56ecec4f3e6a06d34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 15:38:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 73253
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4720
x-xss-protection: 0
expires: Thu, 27 May 2021 15:38:04 GMT

GET
H3-29 200 Kontrast-300-Henkel.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 3 KB
3 KB 10ms
9ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Kontrast-300-Henkel.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 08:43:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 11755
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2632
x-xss-protection: 0
expires: Fri, 28 May 2021 08:43:02 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1605078249191/ Frame 3554 4 KB
4 KB 9ms
8ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/Coop-Icon.png

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 17:44:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 65639
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Thu, 27 May 2021 17:44:58 GMT

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1605078249191/ Frame 3554 7 KB
7 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1605078249191/coop.jpg

Requested by

Host: c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
URL: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1605078249191/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 08:43:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 07:04:09 GMT
server: sffe
age: 11755
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Fri, 28 May 2021 08:43:02 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6755 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBMSjgImvYJ7lJs_V3wP0nY3wCgAAAAA4AeAEAg&bg=!6-il6KzNAAaMan2LjGo7ACkAdvg8WkWGizG8Y-tNLTZg_jgOvO50-yxg3isbMKn3OJ8jHIlPq9AOkwIAAACRUgAAABJoAQeZAou8VrvwCQ-Y-kdVxN4ThW8V0fNvb9qmPNTBYdv0d6aVami94ynYRBGUJzqur2u_zgJQxMbWPlGultWzuI9gqRKLG7sYHEOS_4C_cn9NLPftkHxAldv8yUyr1fjPfehzLrhX4LuK0wcTa1bZgw61gNzRjj97R7BuTVFZRk8a_19-vBVZY5xc6luB05eK6n42LuzXEPBZ3xljzHhvTNapxZ28n191R_4n82RTCXm6pMI5d1oxKksODkT4WXVlsxz3qA6G0nQpIW-G2XsiOVKK1iLWdmAnvrN0JB1jkDaIj8tN7lRQfS0wLbtsYb4gWx4W1FZtPj7NpYXPKhTxNTzS3FtY-W13zIXxH4yNrFTjLB_aU7ZNJ8j-exCn8ru92r8GPyNc1uczl9mEDCpQJg4gdKd2EcxDpdJCxjRIKcnLpvnvEJLPuM2JDAGUMU3WpRilsNIp8vuJfyIq0Exsu3BdCKRyKpEFrVGzwz6XSV0gvwJbC4FxsCtFxQnIl3bbKr0DnfjHgs-crRA2p_WgbZHSJrWip99KBuWH5Fyjp9rOzg3xWtcejxME4qrYs9Yx21JamJwNB4f3owGPtiAvq_Pc3t1XFemCg8mVQpd-oMsuBJVtQjpN8qAI8RXrkm6njLgMm1cORhTr3WrWeposs6AX9nXHwsJbZ4o4kxM9NZIGFt5yiD6Mh-JbV72fUUTekY4O0GbDznNwKt6t7uTIY5koSK-5xt7R1hZt00mVhtJcpyUn9VolpIA-Q_ktAV76VC3L5QXdO3CxY-O5ks6qzUSrEBrZFe7oD2x0H364XBGy0Vbpi_pQxVC2k8_Sza-j-X_7ugb2Ep3KZdgVgICj271f0qFh5eAa456W-rUoFnM

Requested by

Host: www.theonion.com
URL: https://www.theonion.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

hms.gif
sync.colossusssp.com/
Redirect Chain

https://colossusssp.com/?c=o&m=cookie
https://sync.colossusssp.com/hms.gif?puid=d636620b50818fd571362d61328a2020d57881f3

42 B
648 B

331ms
115ms

Image
image/gif

88.214.193.99
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.colossusssp.com/hms.gif?puid=d636620b50818fd571362d61328a2020d57881f3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.214.193.99 , United Kingdom, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:57 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0

Redirect headers

Location: https://sync.colossusssp.com/hms.gif?puid=d636620b50818fd571362d61328a2020d57881f3
Date: Thu, 27 May 2021 11:59:01 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 checksync.php Show response
hbx.media.net/ Frame E681 22 KB
8 KB 44ms
44ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C229%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=2448&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bidexchange.js?cid=8CUL2TG3D&version=5.1&dn=www.theonion.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

25e8878f86ede3ecc09a2cb69e0b0a458c29cced4c3604c366b0df73cdf396ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUL2TG3D&prvid=3%2C23%2C29%2C51%2C56%2C77%2C79%2C80%2C82%2C96%2C97%2C106%2C109%2C122%2C126%2C132%2C145%2C147%2C148%2C157%2C159%2C171%2C172%2C175%2C182%2C184%2C186%2C188%2C201%2C203%2C208%2C215%2C220%2C221%2C222%2C225%2C228%2C229%2C236%2C238%2C239%2C246%2C251%2C273%2C2033%2C3014%2C3015%2C3018&itype=HB&rtime=2448&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 28 Nov 2021 11:58:57 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 29 May 2021 11:58:57 GMT
date: Thu, 27 May 2021 11:58:57 GMT
content-length: 7920

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D8EA 0
326 B 41ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.theonion.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=www.theonion.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1307
set-cookie: uid=f71b035d-a07b-4396-a263-3a98086f01e3; expires=Fri, 27 May 2022 11:58:57 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Thu, 27 May 2021 11:58:57 GMT
content-length: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 37ms
23ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052501&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af67961c9a5d9dafe5d4f3009673906005fc56b6ade8acf356a21d408bfd658f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 May 2021 11:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7686
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 11:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 27 May 2021 11:58:57 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame A827 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 27 May 2021 11:58:28 GMT
expires: Fri, 27 May 2022 11:58:28 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 29
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 06AD 783 B
533 B 16ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/gomedia/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b36b3c1fb67683229df3bc989e49e93bc838b8cdc4ecd8567b2846ad362ababf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LotWY759AsYRcKXvQ2PNgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.theonion.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.theonion.com/

Response headers

expires: Thu, 27 May 2021 11:58:57 GMT
date: Thu, 27 May 2021 11:58:57 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-LotWY759AsYRcKXvQ2PNgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js Show response
pagead2.googlesyndication.com/bg/ Frame A827 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 23 May 2021 13:20:51 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 340686
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5712
x-xss-protection: 0
expires: Mon, 23 May 2022 13:20:51 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052501&jk=535748780932327&bg=!g4ClgMTNAAaMan2LjGo7ACkAdvg8WnIqLzreHj9gxnp9wka1sO6uJsLxVEE2bl0f9uALtdmiI3h0xAIAAABmUgAAAApoAQeZAk-zWVegZ_ybSjZn0056dZA_vLUbHbaAN-UcMR7U5f8l2O6hpeyxCTGi6YuYYgNtd38Av1vHjFQuhuSzMQx_nKzy4-uwji-b2ZoSDGQHSBtqlzy05LD9Q7lOyNtG-C2jL8hcCXvTyOfkjn56jTvBnqw8hhXAEzzVd18z0SfrR3QZHXE1jIKj6gQmPnDYngfQqmIlDWkeBSVyA0OpzLdoCs6yTImyMAttNSNPIM3op87FGd4pW04SkXtxRZCyIVTcJJSFBEFbr2giJ6_ELdrPev5io_zTMaHTezCv-5Jhb2LDEwMqwMmAoilsI7y4wwsmzGlIVNW5fAZbk7UZFHwy9BkUsmkKLRq8JnN9EgC22Y0CWtya7bgT2L7V_amIDg-sidTRPDInfia_7UgQ1koyIGnwbucYJPv95tVO9OG31RkrYMOxwC9M1MaeYqHslL3Z6oOeirit4bQkeTMOncZa-429082XG5P64AhynVNZnndinnDmX4g1gArkxSJVhnG2FXHB99QvbsECiDDw2O0h_qGSVEgkJ3RtsGuEHRE4BLQr2BtumoTd4dCW-JgNcEdXAjJc0Q1MQgHPunlcJJW-nHQ49MZ1lfiYGS3V_XUIDPh-j7FjKpGuj3BxyfUeMsXZoIs771vZSWMO97_q4RLoEo5FXQyEaw0OS7GKEYlq6KLAth5EosYqMNir_xh2jwQeMRjtxL_H-d7qzy7z2ydZ_wo3n9XGwcXxvXkrJN6Uzc3Tehb8OUmw5S5VarT8F5Lh3kYsurJfcT1AKfteEODq7Tw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 3D38 42 B
64 B 23ms
23ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJ1hK-VWfCZJqEf1pOo1ma3ojwRyq981-VjJDlTcSf7IEtAz_HbMo4sCd5gLPKc4kK-JiaYyGsJo8pGbEnr1hwFwQ329wqgcD11Iuvqt2-VbaPtUZBC-L1wzXY4voqvqgozFefZ3Dhz26VYYGJ4C6k&sai=AMfl-YTw1gspd1GZbrW6hbFvie5pqib7as4eBC21Yzpm7dYpqvlXwL8OJ0FbStXqaMyMuJhAgSgvuYVAXzNO4pSNpSH8YUx4qEh3kcIBTQuRSllzqOeIVoXkukTwlnV037Gl&sig=Cg0ArKJSzG23gh3SlxL1EAE&cid=CAASPeRojC_997kPnqBetkDrf4sRKyeI_VFGavUHVQawbd52VbFVJrcPII72RaQ4oRuHtrUdiR1RLTXV68Ln_Qg&id=ampim&o=315,179&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=141&tls=1142&g=100&h=100&tt=1142&r=v&avms=ampa&adk=3099211010

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST id
api.britepool.com/v1/britepool/ 0
0

OPTIONS id
api.britepool.com/v1/britepool/ Frame 0
0

GET
H/1.1

200
OK

sync
sofia.trustx.org/
Redirect Chain

https://sofia.trustx.org/push_sync
https://pm.w55c.net/ping_match.gif?st=TRUSTX&rurl=https%3A%2F%2Fsofia.trustx.org%2Fsync%3Ftp_id%3D15%26tp_uid%3D_wfivefivec_%26ssp_custom_data%3D
https://pm.w55c.net/ping_match.gif?scc=1&st=TRUSTX&rurl=https%3A%2F%2Fsofia.trustx.org%2Fsync%3Ftp_id%3D15%26tp_uid%3D_wfivefivec_%26ssp_custom_data%3D
https://sofia.trustx.org/sync?tp_id=15&tp_uid=97GFsTlt1LMeFc5&ssp_custom_data=

43 B
432 B

132ms
132ms

Image
image/gif

35.211.168.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sofia.trustx.org/sync?tp_id=15&tp_uid=97GFsTlt1LMeFc5&ssp_custom_data=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 11:58:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Thu, 27 May 2021 11:58:57 GMT
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-077182e85f3323570@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://sofia.trustx.org/sync?tp_id=15&tp_uid=97GFsTlt1LMeFc5&ssp_custom_data=
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cksync.php
cs.media.net/ 45 B
377 B 47ms
38ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:58:58 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 45
x-mnet-hl2: E
expires: Thu, 27 May 2021 11:58:58 GMT

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ 0
297 B 138ms
137ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:59:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ 130 B
396 B 167ms
167ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 39a476dc1f2864fe392a6c7adb5fb772306b7a2ad574cb75229e95fd1b862667

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:59:06 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 118

GET
H2 200 dc_oe=ChMInqX83ufp8AIVz-p3Ch30TgOuEAAYACCixKVDQhMIj5e63ufp8AIVUXHgCh1Mqgqn;met=1;&timestamp=1622116747034;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 3466 42 B
498 B 101ms
53ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMInqX83ufp8AIVz-p3Ch30TgOuEAAYACCixKVDQhMIj5e63ufp8AIVUXHgCh1Mqgqn;met=1;&timestamp=1622116747034;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:59:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 114ms
113ms Image
image/gif 54.221.193.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=theonion.com&p=%2F&u=DiSmjYCi8k1yCdPQQZ&d=theonion.com&g=3012&g0=www.theonion.com&g1=No%20Author&n=1&f=00001&c=0.25&x=0&m=0&y=6542&o=1600&w=1200&j=30&R=1&W=0&I=0&E=5&e=5&r=&b=857&t=B4DFcmCJN58rB7k3S9nh5ImBTDssg&V=126&tz=-120&sn=2&sv=Dbpp9VBuUH77BFYiPrDrQhKJF0YCC&sd=1&im=067b2ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.221.193.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-221-193-128.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 May 2021 11:59:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ 0
297 B 137ms
137ms XHR
multipart/form-data 18.188.155.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=118660
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/new-client/vendors~adEditor~categoryPage~channelSectionPage~commerceDashboard~curatedHomepage~errorPage~experim~ac135e6b.fbeb7b916f95b8074d78.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.155.169 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.theonion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 27 May 2021 11:59:10 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.theonion.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.britepool.com
URL: https://api.britepool.com/v1/britepool/id

Domain: api.britepool.com
URL: https://api.britepool.com/v1/britepool/id

Verdicts & Comments Add Verdict or Comment

158 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rubiconproject.com/	1970-01-19 18:36:21	Name: ses15 Value:
.rubiconproject.com/	1970-01-20 03:20:52	Name: khaos Value: KP6UF74U-1Q-596O
.rubiconproject.com/	1970-01-19 18:36:21	Name: ses2 Value:
.rubiconproject.com/	1970-01-20 03:20:52	Name: audit Value: 1\|hLZGFuTafB24cnlWBn5+unp4/TMPY9XwBIQY4l0Qym4JVp5QjxBanRickQpB7UJXsSE8aJxLwizggJ3pD4CYmxH9zMwSSp570A+VO7RH1E0=
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tlCBRUZWfOQpzq4eRUmvkSc3ya9WQi+HKKRWt2jyoYTD2eRvLWSDhFgX3ng06hUEE9RUpasHbexgivGKrYKdBNKOTT8+Kbwv/ANSf
.casalemedia.com/	1970-01-20 03:20:52	Name: CMRUM3 Value: 2760af897f0b40&e660af897f2760&5a60af897f05a0&2d60af89802760CAESELXi95BCc-UlL7ZNuGn9F3U&f160af897f05a0&2e60af898027604554056646552464802&da60af897f2760&5860af897f05a0
.casalemedia.com/	1970-01-19 20:44:52	Name: CMPRO Value: 1158
.casalemedia.com/	1970-01-19 20:44:52	Name: CMPS Value: 3202
www.theonion.com/	1970-01-19 18:35:18	Name: lux_uid Value: 162211673435241205
.doubleclick.net/	1970-01-19 18:35:20	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-19 18:36:43	Name: CMST Value: YK+Jf2CviYAA
.theonion.com/	1970-01-19 18:35:16	Name: _gat_unique Value: 1
.doubleclick.net/	1970-01-20 12:06:28	Name: IDE Value: AHWqTUmPOvWbbcdw_xTopYG9q-JCEO0BtOfU_iUm_JBhufQbW61IRjhV_z3f1B-D_to
.amazon-adsystem.com/	1970-01-21 15:15:07	Name: ad-privacy Value: 0
.theonion.com/	1970-01-20 03:56:52	Name: __gads Value: ID=b536689a65e5ecdd-2243dc8527c8002b:T=1622116735:S=ALNI_MZG7jchgPzVmHOtStyT3d3oQlaJsg
eus.rubiconproject.com/	1970-01-19 20:44:52	Name: pux Value: 1512%3D99948%262249%3D99948%262307%3D99948%262974%3D99948%263778%3D99948%262249-DV360-Hosted%3D99948%26idl%3D99948%26goog%3D99948%26
.rubiconproject.com/	1970-01-19 18:36:21	Name: vis2 Value: 243700^1
.casalemedia.com/	1970-01-20 03:20:52	Name: CMID Value: YK.JfpFfBm2OM7LvnkCj8AAA
www.theonion.com/	1970-01-20 04:04:04	Name: _chartbeat2 Value: .1622116734736.1622116734736.1.Dbpp9VBuUH77BFYiPrDrQhKJF0YCC.1
.amazon-adsystem.com/	1970-01-19 23:50:38	Name: ad-id Value: A0ki98R01UHkt12SIqYfXxo
www.theonion.com/	1970-01-19 19:18:28	Name: _pbjs_userid_consent_data Value: 3524755945110770
www.theonion.com/	1970-01-20 04:04:04	Name: _cb Value: DiSmjYCi8k1yCdPQQZ
.theonion.com/	1970-01-20 03:20:52	Name: KinjaBucket Value: e
www.theonion.com/	1970-01-20 03:20:52	Name: ka Value: 4bafb379-fb70-4a1b-a4f9-5cdfb46c8496\|ab13a128-3396-4571-9929-f8d7d46d31d1\|1622116734722
www.theonion.com/	1970-01-20 04:04:04	Name: _cb_ls Value: 1
www.theonion.com/	1970-01-19 18:35:17	Name: _dd_r Value: 0
.theonion.com/	1970-01-19 18:36:43	Name: _gid Value: GA1.2.306649726.1622116735
.theonion.com/	1970-01-20 12:06:28	Name: _ga Value: GA1.2.533000506.1622116735
www.theonion.com/	1969-12-31 23:59:59	Name: geocc Value: CH
.rubiconproject.com/	1970-01-19 18:36:21	Name: vis15 Value: 243700^1
.theonion.com/	1970-01-19 18:35:16	Name: _gat Value: 1
.theonion.com/	1970-01-19 18:35:20	Name: AMP_TOKEN Value: %24NOT_FOUND
www.theonion.com/	1969-12-31 23:59:59	Name: pageDepth Value: 1
www.theonion.com/	1970-01-19 18:35:18	Name: _cb_svref Value: null

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://www.theonion.com/x-kinja-static/assets/new-client/adManager.7604a42f42ca8bf36262.js(Line 8) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052501.js?31061327(Line 6) Message: updateCorrelator has been deprecated. Please see the Google Ad Manager help page on "Pageviews in GPT" for more information: https://support.google.com/admanager/answer/183281?hl=en
console-api	info	URL: https://cdn.ampproject.org/rtv/012104130153000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2104130153000 https://www.theonion.com/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-eu.amazon-adsystem.com
ade.googlesyndication.com
adservice.google.ch
adservice.google.com
ampcid.google.com
ampcid.google.de
api.bounceexchange.com
api.britepool.com
api.rlcdn.com
assets.bounceexchange.com
bidder.criteo.com
btloader.com
c.amazon-adsystem.com
c2shb.ssp.yahoo.com
c7506b2bcdef00018853ab0678103604.safeframe.googlesyndication.com
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.britepool.com
cdn.speedcurve.com
cds.connatix.com
cm.g.doubleclick.net
colossusssp.com
connect.scroll.com
cs.media.net
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
f.kinja-static.com
fastlane.rubiconproject.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbx.media.net
htlb.casalemedia.com
i.kinja-img.com
ib.adnxs.com
id.rlcdn.com
idx.liadm.com
imasdk.googleapis.com
img.connatix.com
insight.adsrvr.org
js-sec.indexww.com
kinja-com.videoplayerhub.com
kinja.com
match.adsrvr.org
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-eu.rubiconproject.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
px.britepool.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
sofia.trustx.org
ssum-sec.casalemedia.com
static.chartbeat.com
static.criteo.net
static.scroll.com
stats.g.doubleclick.net
sync-amz.ads.yieldmo.com
sync-tm.everesttech.net
sync.colossusssp.com
sync.mathtag.com
tag.bounceexchange.com
tagan.adlightning.com
theonion.com
thrtle.com
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.theonion.com
x.kinja-static.com
api.britepool.com
104.108.144.24
104.111.230.142
13.226.158.204
13.226.159.10
13.226.159.43
13.226.159.50
13.248.242.197
142.250.185.130
142.250.185.98
142.250.186.34
151.101.114.137
151.101.114.217
151.101.114.49
151.101.194.137
151.101.194.166
169.50.137.190
178.250.0.165
18.188.155.169
18.196.184.242
185.29.132.144
185.33.220.242
185.33.221.52
199.232.198.217
2.18.234.21
216.58.212.162
23.37.38.181
2600:9000:2182:7200:18:1fcd:34f:cdc1
2600:9000:2182:9e00:0:70b1:7080:93a1
2606:4700:20::ac43:4686
2606:4700:3039::6815:c076
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:802::2002
2a00:1450:4001:803::2001
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::200a
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2006
2a00:1450:400c:c0b::9b
2a02:2638:1::13
2a02:2638:1::3
3.125.99.7
34.107.148.139
34.120.133.55
34.120.253.250
34.225.97.84
34.228.209.42
34.254.147.143
34.98.72.95
35.157.246.167
35.201.100.179
35.211.168.6
35.227.229.34
35.244.174.68
52.44.181.48
52.50.64.214
52.94.232.32
52.95.124.170
54.221.193.128
69.173.144.138
69.173.144.139
69.173.144.141
88.214.193.99
88.214.207.207
01522e70e4807e89bf3303d4f2e01fb141b4ce91dba4023d23794e255028ed9e
01598efbc8a136f9e26a2f5705be400d2fc80856e17ea6513d921ebd09e78632
030b5c1519b67066edcac36ea1098064479ef497bb5a510bf3e86e6c1001ff58
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0439f0a18bd35e29994291058cff34e8b3399359ebdb0cb79b30abd92435f73f
05c95bae874d85bb326f9f38cf493d8bf8c049f0a85ca2d3887ab7cd17d02399
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0763cefe362deddc5a533e71213145d35dcea9c9b80ae9e59a33e90240489e5c
0b0c96dfa2f15997cdeb9191b6d7cef70cecce557a6e0af62ca2d2fb6eb2faee
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0cce724acf954078845e24d5525989f93013ab1c327e82289bb0e9e835065d80
0e7cec00a56dcc4f9b8bafc9003193ccee8cc269f6990c64fc9302b4aa448e6e
0fb8c36bbd7111ab1af799c0a1f5965d2e6a82b2c13d5ec60b2af0dde5f386ab
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
159f073ca9a9d774b1cad9f7991e48b1f060f297d4fdcb15b14d4e25edf20a48
1676929b05575b877aee5503070d1260e83b7201265b27f87e64472e956bfdd6
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
19630e8a48a8047d4d2e12f4dc231308aa68f3ad516aa49c6d61205a8669df1b
1ab5e8f02049723599890880252a821a1977b08f1f9fb3b0b14575581315eb7b
1ca295eb2230b9bce41b4b4e218d5453e2f73dbcc132c95ee311384bac692c76
1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1
1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4
20afe0a4fdda3d9235d00783de04a3ffb210c19660906ad9c8d2ce6514dafdc9
231366c84db9907c3d844e9edde05c2d215c9cc43a09ec1d129872c542f38cd4
23abd3879c065de7044cf1997c8fbe169cbaaba9518d808a461f4a9a2ff3af70
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
2556f59b2cd53ed4796e3321c14f626f90f8e739ee20e14d70ddc96908785cad
25e8878f86ede3ecc09a2cb69e0b0a458c29cced4c3604c366b0df73cdf396ee
26c03cbcfe8f8ca51b7136894fc5820ff35af5b44ef181c2f53c7788421b865e
280aa0d6cbff263e9cbea356ed88de741efd7abc1814f5f897bc727edab2c5e2
28435eba0bbe3b10e00a1b8bb75b87a207e9f6cf375fb75da900a06ef3ea1aa7
2a6dc6fb00cde6afb3b582119bf4c8c6ee7f5b4043cf09b789482b85850a48d4
2a9a71312cdfc062f7d8dd7d322a2017cbc8e0834eaf76f42a9ecc6ad7174d3b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ce6ec59c3b4fb4d5b4dd981f15c37b81d46e7390906fb31099b5c5baba78124
2d529ab1cd0988898b9b53dc0f0c5e1bdf0f8724f50809f8a424aa600355c4ee
2e515f6e09f5e26caff10460e9a027e236ec78caffaa756799730b20f4d33320
30a74a724f831d9b59d6a44c890fe18ff341bd1d68579aed2cb09e682b59f312
340e212a1751fd85ea203bf8e17f67d12ee0e82affca6e8c1199eced124ff2e0
3426fb9ab290b175146bce114372bac9bae5f2f661cd390d5caa75d3b2bc7544
35983cd8f6ef4c7cb9989a29f0e9151b5cd81ace67f614dc88cb0797bb1eea32
35b3ab17b1bd5769e1ee9bf807b8fb4619865c1af2775ee8c67303877a5cd775
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
39a476dc1f2864fe392a6c7adb5fb772306b7a2ad574cb75229e95fd1b862667
3d764be1388f0488c90be29ca58c3ad082f9d954ece8448448779bb79e3ca7a4
3e5872ff1c0076c2309abcdc498aae1781a73f26dff06ebbb602f457dcdec68b
3ed1ebf0d6f605635332d2dc7d98bd3cb3fff298bffb5765c1969ab93b3fbeb6
3ed4dce1bfb07c181da64095e302461a5b744ee60299ca8cdff598633d745bf9
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4857f78184689c788f0dbd1fd37edc5596691e9dc4388290a60219e315bf56e0
4881582645ca0d28a01e58d482770dd70067bc7ff1ec5bb860e12ea31be2ddee
48e84cc3aa2c0dee869123a153f0d9a449a94e55f63e01c3c3e1fdd9fdd8bebc
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51d18b4b8cf3ca195fc5ae24f763152a7d6f49f5f558842782d64ca774036869
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
568068711d00d07ac001e1937acdb4621d0d7ea602ff8beb225c1b9f22701d1d
5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3
5ed2acc4abf47252212c74fa79892db172ac16781d484cec7810649a591e388f
6123ac967d1ab79ef7093374f3156aa4143f4b0ea081a5e0356fbf55fcb40cb4
61ccb8c3252e27a327becaf9318517719a131160e0bc05659b0d2493dc6e9245
63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad
63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40
653d009a18090ef35be4c9f965cb2e81d1dc698bb774101464d05ab828f725bf
660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8
672cdbef225357459320a88eb5c4b50833c3d50110ee9dbd55c5b0421db054bb
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c50de5ea5214d5c8bca51d1f4021d3a84781ddaaed9aa8aea8d183b9bba7077
6db55e01bed50fd095397a0c2382148aea2865278d05a346499a5a677bc49fcd
7018aa213c2ca5ef26c59017119603e6bc2ea751989b9b567040520a91dbe137
70a3cb331facf693cc465da1843e4826edfc6add85d6fe1f9317b55a8f608053
724e1d3c710a798d807e235c66c8839f66c14d10ded86de1dde5bb692e53cb85
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
7bc29500273c93c58829591b68df2cd5b8885409f82654d852b5b9b65d18f7be
7e81304e7824242c9059d1ba7875b48357656ac82d4e143dccb3d0eb7c77296c
7ed012ae3fc555235596c23c34ef64a7141b2c689b9afc068a4bf05b3a41cb70
7eddef88f07ba5f97a16767e5dd2bd191cb49eca86caa5c56ecec4f3e6a06d34
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
842c872b3898f5b0e7d31292eebc5442195611e262f59bae3e7d5b63c507e00d
84c6c193201ba7756e82f9f5c52e0d5fcf6d2387738f216ec946976483d158a9
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89e921857659efdf64655a6a4df30b03d0f006fa7f1a732d3dd7a58d1cb67818
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb
8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150
8f4ea46ad7e421dbf383dff81c4e8169ba515c49c72151c020d364aaa7c7bf27
8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81
9289f9c58f51cfe5a65efcc0ff8559af4ce2f3ade98196e38e263f1bca399ac6
92a0bfc0861a802d3fe9c2c70913bebc317707244d8d4d4656927713ecc2a2f5
9335eafdaee7dc4b18ecf6497d1cff75f36cf675c79ab059ddc1c195dda5cf33
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a
982d34951038f20a2cfd09cb3fb85a55ccecd7016b73a10f5bac83cdc5d55fee
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
994bbd6945e5afa6c43bc66e221915b670f42a914b1eb2e8130f469df2b61b30
9b5473db0e51abf3da61b7537df9dcb6a8758d37438aa247d0aad4bfd51f2b56
9d3d7ddda54a4e5efc06f9234ef28a21b3674ba7a2b17dce45cc2f97ce6900f7
9f3d63652277cd51fb82f48f9c18480d5a5bd4960cab9e0c8d96f5f03bce7836
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a1b8ef6d40a6f447aa71becd00f6fa9a4e1be4405fad120ab1aa8ae6ef2146bf
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a43ff18aa18f1b2a6f554fcb0da68033556c4461b2d580453511cdcde1611fd6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f80d6d8dca05d01eea1962704ec49f7c805d85b244d21f8ca4a27b5220e47a
a720edff5fac0933dfb339213c8239f78abfa3cb60c27a9c467704fb5c57aae0
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a767f5a2569cd31376fbb2df629e72e6eedfc6977dea6c805ac6cabb609ee50f
a94d3ed056bdc581e506464f8fa3b87404036be7b3975345a51b25d987769c93
ab367e8880530a7949a5a5cffe5aed8ffe313413238fe8b1f6e9d8b5c1060614
abf419ca6f6d5e3c5c89f26cdf1eae7a4c079c6d3566a55959e3ee222398041a
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af2117f40f0d7349718eece577b4409506728b235b898207a8514cadca66408d
af67961c9a5d9dafe5d4f3009673906005fc56b6ade8acf356a21d408bfd658f
b0384dc4f44a2d2192eea70893ce43e74d63925434d7cfe10163227ee2791cd7
b04ce4742e537944eb1e8d16873c0b0358ab393505f4a5b655a66f22682a0adb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b159cb193d1025e2c1525701e3cc7c9a4f2ce1abad2f3fdac6597595c2f05895
b33365d8cd0c0340b52853dea27d45a26ab8212eb536b759e37bfd87907d01b0
b36b3c1fb67683229df3bc989e49e93bc838b8cdc4ecd8567b2846ad362ababf
b6541ccc3e28b7eb3657d8624c3b23a6c955f0a05fdef7a7cfa04a798c3d0f30
b6681ebe8f1adb7cb3140002cd40223d5d4e240adb9d92527e83147e621a65c6
b983dcdffdc3303d3607316532eac493a0cfa1552484f965e8b07b62e03b0c7a
bab52415ad1528e0e14bedfabdd748d62572a27dcd2ff1991d8cd9bdb0b0609a
bae09704781ed6f787287d3171931573e6ae033fb7caad4c94b0598b4c7fb0fd
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb759faf67697ba0b5359e9574f85b1fe60574b6d96fce3df6eaf102501b107c
bc7167a426fb45825902fddef4a2d12b790bb470ff9e8656fdaadf293b676f42
bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a
bf085c3ec47acdc729ec9929e13405f071ce559d6e4bf8aa0cf91d10f4dff396
bf7055642f98c8e3f7717323c7df5ac421d68f48a30a94c74d11691d2ab25888
c0cbcc724fb08be68859b1e9529f4cafef1a350ba3f28cff23e6f3bf0675c186
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2623c377b66546fddb83939116bccb47fc698265387ca1d6b224ef7aaac5cf9
c2ca9b139db69e244f2d8ab87b3099bc58fb5afe4afbdc77829a795b9961b8a0
c3d84be67c0c5be9cfca5550b4bcc0947d40d62806652b81f7c296bfbc427357
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c7316099520e2f8f2a370c95834bb1b625e2bcac97d01333183f124744643365
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd120e229b6bd4ad4fb821ef25b81169ee13b999b0584cbf59e39bcb00b01e64
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d5e60497b457ac4b570492c04c8dc6f0a841cb70a9d9fbc3b943b687ebb28400
d7139c86828ab90555f59fbccbf0209ed8da1f5498ba5d78f80c3b189f38e705
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
dc17080459f7dbd9c1dc41eb50d1b6d654364e69bf527018257df2af4c2c3028
df32c5ecbbd376bb8d8ed9c4ac41376dc50f4523b8d43e7165d710ba8a1095e6
dfb8689a3cbf4f504d5e8523c5b74e684d32766e37521bd00943d6e3c96da80e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ba9f232b3e3e3ef96106e460ba9ef73a2251c8ce8c5f149db312f906006e13
e4ffaf2dc39a01132cbf9bffcabab489bdcadddc0fcba631fde4ba0bf3a144ac
e6752c7307f4f3d9e84681023632884d9ee0ebea34414f6dd34224d546e90cef
e796b0b7a638968719ab66ca8c799231a6d91a646394cc8c335d53360f68df52
ea0cc239ad1173728f28c8ddba806427ee4542bf5a7e65604f0c613d734e1297
eabddc93a53d4ab48ebfb1bdeb39773a7d04d27f6a9e82b00f368d61955c5d5a
ebcbaff31461efe7ba68773335f1d7bbdeb4b951ae58fe1a71f5fe73b752c87f
ec93813683cccb74a7896a34a2ed1b2163288620f6959ae06de3ded30cf518b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c19455876a23a70e104a436baa4d5cfdbade5685e228c25cd5f1aeadc42c7c
f1bcbb7c20266cf764ae05d6483d018827ffe86e9548b050192fe4e22e50d19b
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f338dbc9c08e6a745f325aff7f1aeeb3ef7ef06d59361e5711c0076190e5d94b
f474e9f09091dcabb763ee295bafb1f7ab2cdd8383c99a8398bb284454b0b589
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f612b17f06a64bcf4683b3b04e54c313ede809fe59d10ffc691b80abdf4ff6e2
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
ffbc1da39f4aa0ea52589a753a0d6b760df894a3249beb867ab551bb6a13506b

www.theonion.com Open in urlscan Pro 151.101.194.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

241 Requests

97 %HTTPS

31 %IPv6

47 Domains

84 Subdomains

63 IPs

7 Countries

3955 kBTransfer

11886 kBSize

34 Cookies

14 Outgoing links

Page URL History

Redirected requests

241 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.theonion.com Open in urlscan Pro
151.101.194.166 Public Scan

Screenshot
Live screenshot

Full Image

241
Requests

97 %
HTTPS

31 %
IPv6

47
Domains

84
Subdomains

63
IPs

7
Countries

3955 kB
Transfer

11886 kB
Size

34
Cookies

241 HTTP transactions
-1 data transactions