www.orlygift.com Open in urlscan Pro
46.101.128.40  Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

• https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp HTTP 302
• https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp&cc=1

Request Chain 95

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtKjeeBovMWq11sDaq7HzQ&google_cver=1

Request Chain 96

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2

Request Chain 97

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1

Request Chain 98

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D

Request Chain 119

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1

Request Chain 120

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2

Request Chain 121

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1

Request Chain 122

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D

Request Chain 123

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1

Request Chain 124

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2

Request Chain 125

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1

Request Chain 126

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D

199 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request giveaway Show response www.orlygift.com/	17 KB 5 KB	858ms 404ms	Document text/html	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash fbd6bbf6316a01853288e71d0961519c4599b9e84a84d80f6e40aa427c923516 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 03 Oct 2023 13:10:18 GMT server nginx/1.13.12 vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	app-7980a24f5e.css www.orlygift.com/build/css/	355 KB 56 KB	53ms 52ms	Stylesheet text/css	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.orlygift.com/build/css/app-7980a24f5e.css Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash 2021f8da439ca7ceae6a0d15467e4b29638cbe0ea70db5f85ddf38472a628d9a Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:18 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 11 Dec 2017 08:09:56 GMT server nginx/1.13.12 etag W/"5a2e3d54-58df0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css x-xss-protection 1; mode=block
GET H2	403	orlygiftcom.min.js dsh7ky7308k4b.cloudfront.net/publishers/	0 0	926ms 826ms	Script application/xml	99.86.1.41 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dsh7ky7308k4b.cloudfront.net/publishers/orlygiftcom.min.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.1.41 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-1-41.fra6.r.cloudfront.net Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/	98 KB 29 KB	201ms 102ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash cde79ccba303a5bab2876dcccbe391fe387292d2e80520e1b047fede5ad9c913 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 29616 x-xss-protection 0 server cafe etag 43 / 19633 / m202309260101 / config-hash: 12427587730153560373 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	143 KB 50 KB	167ms 70ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 8a690bab2afc029053c78274f8f9109f3eed7903c561cebee46bb8e7215a11a3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 50579 x-xss-protection 0 server cafe etag 3575156688540672492 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	logo.png www.orlygift.com/img/	3 KB 3 KB	53ms 48ms	Image image/png	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.orlygift.com/img/logo.png Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash 0f651939c4e696f270fbf96507ee5494ff975f2cbec249152c1457f8b924987c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Tue, 04 Oct 2016 13:28:00 GMT server nginx/1.13.12 etag "57f3ae60-aeb" x-frame-options SAMEORIGIN content-type image/png accept-ranges bytes content-length 2795 x-xss-protection 1; mode=block
GET H2	200	giveaway.jpg www.orlygift.com/img/teaser/	34 KB 34 KB	53ms 49ms	Image image/jpeg	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.orlygift.com/img/teaser/giveaway.jpg Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash df379a222a8bf17f56a490a9cb2c365091a8d4bbf1e7d42925ee3428cb5a8275 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Tue, 04 Oct 2016 13:28:00 GMT server nginx/1.13.12 etag "57f3ae60-880c" x-frame-options SAMEORIGIN content-type image/jpeg accept-ranges bytes content-length 34828 x-xss-protection 1; mode=block
GET H2	200	steam_group.jpg www.orlygift.com/img/teaser/	21 KB 22 KB	52ms 49ms	Image image/jpeg	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.orlygift.com/img/teaser/steam_group.jpg Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash e30b4fc3feb3a57c106b322de3c6bb2aed2738db06af7791b41f0ee349bb2f84 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Tue, 04 Oct 2016 13:28:00 GMT server nginx/1.13.12 etag "57f3ae60-556d" x-frame-options SAMEORIGIN content-type image/jpeg accept-ranges bytes content-length 21869 x-xss-protection 1; mode=block
GET H2	200	logo_small.png www.orlygift.com/img/	2 KB 2 KB	57ms 54ms	Image image/png	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.orlygift.com/img/logo_small.png Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash 3c6e871f8ba3291c28b4a35135e7e968477c7c4de20b830681b890eb22f03b53 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Tue, 04 Oct 2016 13:28:00 GMT server nginx/1.13.12 etag "57f3ae60-7f8" x-frame-options SAMEORIGIN content-type image/png accept-ranges bytes content-length 2040 x-xss-protection 1; mode=block
GET H2	200	checkout.js Show response checkout.stripe.com/	88 KB 24 KB	132ms 28ms	Script application/javascript	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://checkout.stripe.com/checkout.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 18781492fefe9e0fb34b391582891c3d0700908f2c991f91f506de046f5c3c8c Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 03 Oct 2023 13:10:18 GMT via 1.1 varnish age 49 x-cache HIT content-length 24535 x-request-id 172b277d-2a00-4295-9304-7a832c83809a x-served-by cache-fra-etou8220086-FRA last-modified Wed, 13 Jul 2022 15:14:21 GMT server Fastly x-timer S1696338618.367438,VS0,VE0 etag "9df39fdc36e7b7d12c767cc16f78989c" vary Accept-Encoding, Origin content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=60 accept-ranges bytes x-cache-hits 2
GET H2	200	api.js Show response www.google.com/recaptcha/	1 KB 1 KB	362ms 44ms	Script text/javascript	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 0d78aaa1f19559ffa4d51c47944c3e6a9c2104d971f1cc105fb92d4bca4501f6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:18 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Tue, 03 Oct 2023 13:10:18 GMT
GET H/1.1	200 OK	widgets.js Show response platform.twitter.com/	91 KB 28 KB	442ms 45ms	Script application/javascript	2606:2800:234:59:254c:406:2366:268c EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67BC) / Resource Hash 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers Date Tue, 03 Oct 2023 13:10:19 GMT Content-Encoding gzip Age 1356 x-amz-server-side-encryption AES256 X-Cache HIT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server-Timing x-cache;desc= HIT,x-tw-cdn;desc=VZ Content-Length 27630 Last-Modified Tue, 24 Jan 2023 21:41:51 GMT Server ECS (frb/67BC) Etag "9e99725b7a4cd730a934afba2a438bb5+gzip" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * x-tw-cdn VZ Cache-Control public, max-age=1800
GET H2	200	platform.js Show response apis.google.com/js/	56 KB 22 KB	222ms 34ms	Script text/javascript	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/platform.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ecfb48718a6edc5e924f385d0ed226cde5dfdebde87049970779bd5d9f86c435 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team content-encoding gzip x-content-type-options nosniff date Tue, 03 Oct 2023 13:10:19 GMT p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21949 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="gapi-team" etag "ce58d6b1676e880c" vary Accept-Encoding report-to {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} content-type text/javascript access-control-allow-origin * cache-control private, max-age=1800, stale-while-revalidate=1800 accept-ranges bytes timing-allow-origin * expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	all-b2ee3ce83b.js Show response www.orlygift.com/build/js/	621 KB 184 KB	48ms 48ms	Script application/javascript	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.orlygift.com/build/js/all-b2ee3ce83b.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash a467be290a122eea1803d1f67a7985fc358c76452a556b009cdab3759eb083a9 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 11 Dec 2017 08:09:56 GMT server nginx/1.13.12 etag W/"5a2e3d54-9b46c" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript; charset=utf-8 x-xss-protection 1; mode=block
GET H2	200	script.js Show response cdn.usefathom.com/	6 KB 2 KB	149ms 27ms	Script application/javascript	2400:52e0:1e00::1082:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://cdn.usefathom.com/script.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 19ddbd3f35a8f49ec6c6b5074c782c5b9324b8fda7859ee5f632d10e95c02e81 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br cdn-edgestorageid 1081 x-vapor-base64-encode True cdn-cachedat 09/06/2023 13:24:40 cdn-pullzone 506217 last-modified Tue, 25 Jul 2023 16:46:29 GMT server BunnyCDN-DE1-1082 cdn-proxyver 1.04 cdn-requestpullcode 200 etag W/"d41d8cd98f00b204e9800998ecf8427e" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid aa90c48b-f401-4fa1-aac1-c94c8f3ae560 cache-control public, max-age=0 cdn-requestid e5c1215f15d4e5c864c39384b5fa2e53 cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	2 KB 837 B	95ms 30ms	Stylesheet text/css	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lato:300,400,700 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/build/css/app-7980a24f5e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 4ea2880bbb5055eb6493499d243a86911663924955d78ac35d672a5a0e9995ae Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 03 Oct 2023 13:10:18 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 03 Oct 2023 12:15:31 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 03 Oct 2023 13:10:18 GMT
GET H2	200	u0bQN6bxXweHe Show response giphy.com/embed/ Frame BED8	14 KB 3 KB	254ms 116ms	Document text/html	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/embed/u0bQN6bxXweHe Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 92980e9774172848da352d5476539ba9c62ec88663ca878bab5634fd1dfe0651 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 950 cache-control s-maxage=3600, no-cache, max-age=0, must-revalidate content-encoding gzip content-length 3006 content-type text/html date Tue, 03 Oct 2023 13:10:19 GMT strict-transport-security max-age=15465600 vary Accept-Encoding, X-UA-Device, Fastly-SSL x-cache HIT, MISS x-cache-hits 1, 0 x-robots-tag noindex, noimageindex, noai, noimageai x-served-by cache-iad-kjyo7100168-IAD, cache-fra-etou8220110-FRA x-timer S1696338619.369147,VS0,VE94
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	138ms 23ms	Script text/javascript	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 03 Oct 2023 11:44:21 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 5158 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 03 Oct 2023 13:44:21 GMT
GET H2	200	fontawesome-webfont.woff2 www.orlygift.com/build/fonts/	55 KB 56 KB	64ms 24ms	Font application/octet-stream	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.orlygift.com/build/fonts/fontawesome-webfont.woff2?v=4.3.0 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/build/css/app-7980a24f5e.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.orlygift.com/build/css/app-7980a24f5e.css Origin https://www.orlygift.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Mon, 11 Dec 2017 08:09:56 GMT server nginx/1.13.12 etag "5a2e3d54-ddcc" x-frame-options SAMEORIGIN content-type application/octet-stream accept-ranges bytes content-length 56780 x-xss-protection 1; mode=block
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ.woff2 fonts.gstatic.com/s/lato/v24/	23 KB 23 KB	171ms 37ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lato:300,400,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.orlygift.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Thu, 28 Sep 2023 16:54:52 GMT x-content-type-options nosniff age 418527 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23040 x-xss-protection 0 last-modified Tue, 02 May 2023 15:07:25 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 27 Sep 2024 16:54:52 GMT
GET H2	200	S6u9w4BMUTPHh7USSwiPGQ.woff2 fonts.gstatic.com/s/lato/v24/	23 KB 23 KB	172ms 37ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lato:300,400,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.orlygift.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 07:52:55 GMT x-content-type-options nosniff age 105444 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23236 x-xss-protection 0 last-modified Tue, 02 May 2023 15:08:26 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 01 Oct 2024 07:52:55 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/pxZcVU8Dk73FyvFvdCgp2MSG/	461 KB 185 KB	133ms 34ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/pxZcVU8Dk73FyvFvdCgp2MSG/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e001f660a1c1ebf12cde6a74dc3e6d90a1115c3e3378193e3b7c0d9d357d82ad Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Origin https://www.orlygift.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 03:50:00 GMT content-encoding gzip x-content-type-options nosniff age 33619 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 188760 x-xss-protection 0 last-modified Fri, 22 Sep 2023 04:03:44 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 02 Oct 2024 03:50:00 GMT
GET H2	200	sprite.svg Show response www.orlygift.com/img/	5 KB 2 KB	24ms 24ms	XHR image/svg+xml	46.101.128.40 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://www.orlygift.com/img/sprite.svg Requested by Host: www.orlygift.com URL: https://www.orlygift.com/build/js/all-b2ee3ce83b.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 46.101.128.40 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.13.12 / Resource Hash 87c8e928ec58df12468f1f3e44bc77670cb39eee16b5e0a510cdc8b268f47660 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/giveaway User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 04 Oct 2016 13:28:00 GMT server nginx/1.13.12 etag W/"57f3ae60-145b" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H/1.1	200 OK	widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response platform.twitter.com/widgets/ Frame 3DC0	320 KB 104 KB	34ms 23ms	Document text/html	2606:2800:234:59:254c:406:2366:268c EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.orlygift.com Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/675D) / Resource Hash 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Methods GET Access-Control-Allow-Origin * Age 331959 Cache-Control public, max-age=315360000 Content-Encoding gzip Content-Length 105435 Content-Type text/html; charset=utf-8 Date Tue, 03 Oct 2023 13:10:19 GMT Etag "95e1b50b0c179aefb47b5b211bb347b5+gzip" Last-Modified Tue, 24 Jan 2023 21:41:13 GMT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server ECS (frb/675D) Server-Timing x-cache;desc= HIT,x-tw-cdn;desc=VZ Vary Accept-Encoding X-Cache HIT x-amz-server-side-encryption AES256 x-tw-cdn VZ
GET H2	200	all.js Show response connect.facebook.net/en_US/	3 KB 2 KB	125ms 26ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/all.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/build/js/all-b2ee3ce83b.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b00508368cc8b37db758953753f5c83b1d3efed5944dba7019936fbb3d405fa8 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Tue, 03 Oct 2023 13:10:19 GMT content-md5 1AgE+kPk8IbJvdz9Uqti+w== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1689 x-fb-debug oECdMwSau4xwmWMeKS2MTPoth4B24WLSwysFEdoM+NXIbIrcaEzZm/sbSexPxuDdeic/u57fB4yOdWmK3sit2w== x-fb-content-md5 1f2659bcb464a367a67a4b79d4a20450 cross-origin-opener-policy same-origin-allow-popups etag "a1c9f3fc5b4242f3c4b275c5cb440bfc" vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Tue, 03 Oct 2023 13:20:33 GMT
GET H2	200	/ cdn.usefathom.com/	43 B 427 B	71ms 40ms	Image image/gif	2400:52e0:1e00::1082:1 BUNNYCDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.usefathom.com/?h=https%3A%2F%2Fwww.orlygift.com&p=%2Fgiveaway&r=&sid=KLZMOEHX&qs=%7B%7D&cid=49468572 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT cdn-edgestorageid 1082 cdn-cachedat 10/03/2023 13:10:19 cdn-pullzone 506217 content-length 43 pragma no-cache server BunnyCDN-DE1-1082 cdn-proxyver 1.04 cdn-requestpullcode 200 tk N content-type text/plain; charset=utf-8, image/gif cdn-cache MISS cdn-uid aa90c48b-f401-4fa1-aac1-c94c8f3ae560 cache-control public, max-age=0 cdn-requestid 0252880c45173d310c11d57b1ff82369 cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
OPTIONS H3	200	collect www.google-analytics.com/j/ Frame	0 0	172ms 70ms	Preflight text/plain	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1389528926&t=pageview&_s=1&dl=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&ul=en-us&de=UTF-8&dt=orlygift%20-%20Indie%20Steam%20games%20for%20free&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1478313164&gjid=1800348098&cid=466446073.1696338619&tid=UA-52519821-6&_gid=1721095455.1696338619&_r=1&_slc=1&z=334946358 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-csrf-token Access-Control-Request-Method POST Origin https://www.orlygift.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, must-revalidate content-length 1 content-type text/plain cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:19 GMT expires Fri, 01 Jan 1990 00:00:00 GMT last-modified Sun, 17 May 1998 03:00:00 GMT pragma no-cache server Golfe2 x-content-type-options nosniff
POST		collect www.google-analytics.com/j/	0 0
GET H2	200	js Show response www.googletagmanager.com/gtag/ Frame BED8	266 KB 90 KB	192ms 40ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-VNYPEBL4PG Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c57c7d8398f56da22dcce8d8c808fe5233ba3f9d011e81a922d8700e2b8cdab6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 91307 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	runtime.72c70ebd.bundle.js Show response giphy.com/static/dist/ Frame BED8	5 KB 3 KB	62ms 31ms	Script application/javascript	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/dist/runtime.72c70ebd.bundle.js Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f9847820b94cde5c0c8068e8e3f8b062c7e0221e1f6e0dd1af38b102b9e760c0 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/embed/u0bQN6bxXweHe User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kjyo7100139-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:19 GMT content-encoding gzip strict-transport-security max-age=15465600 last-modified Mon, 02 Oct 2023 20:21:16 GMT age 59709 x-timer S1696338620.583443,VS0,VE0 etag W/"9870003cd13065fa083c5b4dad1028bb" vary Accept-Encoding, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type application/javascript cache-control public, max-age=31536000 accept-ranges bytes content-length 2670 x-cache-hits 2, 63
GET H2	200	gifEmbed.8b9b9e30.bundle.js Show response giphy.com/static/dist/ Frame BED8	682 KB 208 KB	88ms 58ms	Script application/javascript	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/dist/gifEmbed.8b9b9e30.bundle.js Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 260b4de41fe7fb71f365085bce2df0d02591cceeed220ecfbc431b9a8e7a6d87 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/embed/u0bQN6bxXweHe User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kiad7000084-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:19 GMT content-encoding gzip strict-transport-security max-age=15465600 last-modified Mon, 02 Oct 2023 20:21:06 GMT age 59709 x-timer S1696338620.583443,VS0,VE2 etag W/"6ea8bfa1d9aed24ba4d4abb178a39fee" vary Accept-Encoding, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type application/javascript cache-control public, max-age=31536000 accept-ranges bytes content-length 212678 x-cache-hits 11874, 1
GET H2	200	show_ads_impl_with_ama_fy2021.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/	378 KB 128 KB	182ms 86ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5bc85198f991a46f72de383bee3972edccbdd8b0515ab581190c4be8b3e89c88 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 131249 x-xss-protection 0 server cafe etag 3075487181905383771 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20230928/r20190131/ Frame ED5F	10 KB 5 KB	103ms 30ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20230928/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 22505 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4471 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 06:55:14 GMT etag 2603938475786422795 expires Tue, 17 Oct 2023 06:55:14 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	gtm.js Show response www.googletagmanager.com/ Frame BED8	112 KB 44 KB	85ms 59ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WJSSCWX Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2baba099346086a271990354b0c469a992ab8f8cc663e4924724ca02ed49923b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 44574 x-xss-protection 0 last-modified Tue, 03 Oct 2023 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 03 Oct 2023 13:10:19 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/ Frame BED8	52 KB 21 KB	51ms 25ms	Script text/javascript	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 03 Oct 2023 11:44:21 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 5158 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 03 Oct 2023 13:44:21 GMT
GET H2	200	settings Show response syndication.twitter.com/ Frame 3DC0	869 B 658 B	225ms 144ms	Fetch application/json	104.244.42.8 TWITTER
General Check archive.org Show headers Download Go to Full URL https://syndication.twitter.com/settings?session_id=55588d273e6aad498d3d603d63ceda16715c76b0 Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.orlygift.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.8 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash 302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://platform.twitter.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-response-time 109 date Tue, 03 Oct 2023 13:10:19 GMT content-encoding gzip strict-transport-security max-age=631138519 last-modified Tue, 03 Oct 2023 13:10:19 GMT server tsa_o vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://platform.twitter.com x-transaction-id 85ef068969728209 cache-control must-revalidate, max-age=600 access-control-allow-credentials true perf 7626143928 x-connection-hash 9004312412fddd42af2bc862693765097ac82dbce56a86815b3291f2e548f82f content-length 337
GET H2	200	pubads_impl.js Show response securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/	410 KB 130 KB	105ms 23ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 4972893832cc7f114925446001ef0c43c031cbc7d2b2a8bed395c116c911402d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 12:00:32 GMT content-encoding br x-content-type-options nosniff age 4187 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 132541 x-xss-protection 0 server cafe etag 15229329507080665565 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 timing-allow-origin * expires Wed, 02 Oct 2024 12:00:32 GMT
GET H2	200	200w_s.gif media2.giphy.com/media/u0bQN6bxXweHe/ Frame BED8	11 KB 11 KB	132ms 35ms	Image image/gif	199.232.194.2 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://media2.giphy.com/media/u0bQN6bxXweHe/200w_s.gif?cid=dda24d50vd96avw4w0tt5njlme65pjxs8raan08sjelrm6me&amp;ep=v1_gifs_gifId&amp;rid=200w_s.gif&amp;ct=g Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.194.2 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8a54d25677718f58116484a30726fb861ee476b4ec8beb6a1933cc80c4a8aadf Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:19 GMT strict-transport-security max-age=15465600 age 1815821 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 11241 x-served-by cache-iad-kjyo7100178-IAD, cache-fra-eddf8230131-FRA last-modified Mon, 15 Jul 2019 15:08:21 GMT x-timer S1696338620.879758,VS0,VE1 etag "8abd2fa87ec74450cdeceb2c966d745a" content-type image/gif access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes x-robots-tag noai, noimageai x-cache-hits 143, 1
GET H3	200	all.js Show response connect.facebook.net/en_US/	306 KB 86 KB	65ms 24ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/all.js?hash=8d75f0831763ec3a19d785a795a5169e Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9a53fe07b4eccf3629a2c1601ab9ff1769c791c1c73d0b009f9800639b3c5593 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://www.orlygift.com/ Origin https://www.orlygift.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Tue, 03 Oct 2023 13:10:19 GMT content-md5 aDaQGeOTkCy0oeaE1/+iZw== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 87633 x-fb-debug 8E/X3q/QRPuHRvI62QmtpZ5C5dZBCn5EL9sPAv4HVu39AnxXzsk5tapANVAl00jt9pyfIjMMcr+vu4acGFEH0A== x-fb-content-md5 938536dae4aa865c35f2020293ea4115 cross-origin-opener-policy same-origin-allow-popups etag "c8c8b59ea936b238ddc47005b0013755" vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * priority u=3,i expires Wed, 02 Oct 2024 12:59:10 GMT
POST H3	200	collect Show response www.google-analytics.com/j/ Frame BED8	3 B 23 B	37ms 36ms	XHR text/plain	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=692742675&t=pageview&_s=1&dl=https%3A%2F%2Fgiphy.com%2Fembed%2Fu0bQN6bxXweHe&dr=https%3A%2F%2Fwww.orlygift.com%2F&ul=en-us&de=UTF-8&dt=Adventure%20Time%20Hug%20GIF%20-%20Find%20%26%20Share%20on%20GIPHY&sd=24-bit&sr=1600x1200&vp=480x270&je=0&_u=IGBAgEABAAAAACAAIC~&jid=1484392896&gjid=510011487&cid=1020522840.1696338620&tid=UA-38174542-5&_gid=471665052.1696338620&_slc=1&z=575338060 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://giphy.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://giphy.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/ Frame BED8	4 B 345 B	100ms 29ms	XHR text/plain	2a00:1450:400c:c02::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-38174542-5&cid=1020522840.1696338620&jid=1484392896&gjid=510011487&_gid=471665052.1696338620&_u=IGBAgEABAAAAAGAAIC~&z=2043036031 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://giphy.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 03 Oct 2023 13:10:19 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://giphy.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated / Frame BED8	66 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers Content-Type image/webp
GET H2	200	giphy.webp media2.giphy.com/media/u0bQN6bxXweHe/ Frame BED8	146 KB 146 KB	30ms 30ms	Image image/webp	199.232.194.2 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://media2.giphy.com/media/u0bQN6bxXweHe/giphy.webp?cid=dda24d50vd96avw4w0tt5njlme65pjxs8raan08sjelrm6me&ep=v1_gifs_gifId&rid=giphy.webp&ct=g Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.194.2 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0584f9d9239ea33e56f00ded519625d797eb1b8eead51e38d861c79030a7b620 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15465600 age 538799 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 149208 x-served-by cache-iad-kjyo7100145-IAD, cache-fra-eddf8230131-FRA last-modified Mon, 15 Jul 2019 15:08:21 GMT x-timer S1696338620.168157,VS0,VE6 etag "940713df533ca93dfcdd0811ecf990c6" content-type image/webp access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes x-robots-tag noai, noimageai x-cache-hits 34, 1
GET H2	200	cookie.js Show response partner.googleadservices.com/gampad/	391 B 602 B	286ms 28ms	Script text/javascript	2a00:1450:4001:828::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=www.orlygift.com&callback=_gfp_s_&client=ca-pub-6136721614818041 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f731d6b350d8e59ec4bf3078d4145ce778e7ac8355bfe34cf92ed8e616fd2b41 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 251 x-xss-protection 0
GET H2	200	InterFace_W_Rg.woff2 giphy.com/static/webfonts/ Frame BED8	22 KB 22 KB	26ms 25ms	Font font/woff2	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/webfonts/InterFace_W_Rg.woff2 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ac847a969ab93af28fbd7bf6d8724265407a6dd6cdbd569a0c1c94ae466de2f9 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers Referer https://giphy.com/embed/u0bQN6bxXweHe Origin https://giphy.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kjyo7100065-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15465600 last-modified Thu, 15 Dec 2022 00:00:32 GMT age 23993036 x-timer S1696338620.209210,VS0,VE0 etag "9fc43020f3fb290aba53a8a695d7ae67" vary X-UA-Device, Fastly-SSL, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type font/woff2 cache-control public, max-age=31536000 accept-ranges bytes content-length 22308 x-cache-hits 10076, 29
GET H2	200	nexa_black-webfont.woff2 giphy.com/static/webfonts/ Frame BED8	24 KB 24 KB	25ms 24ms	Font font/woff2	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/webfonts/nexa_black-webfont.woff2 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 053474c992783bb94898bc5c615479aae991a69417848db0eccca934a5bca725 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers Referer https://giphy.com/embed/u0bQN6bxXweHe Origin https://giphy.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kjyo7100055-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15465600 last-modified Mon, 11 Sep 2023 19:35:52 GMT age 1831662 x-timer S1696338620.209206,VS0,VE0 etag "d4f05fa3514a138cf47a4134b334c4f6" vary X-UA-Device, Fastly-SSL, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type font/woff2 cache-control public, max-age=31536000 accept-ranges bytes content-length 24160 x-cache-hits 1129, 25
GET H2	200	ss-standard.woff2 giphy.com/static/webfonts/ Frame BED8	12 KB 12 KB	26ms 25ms	Font font/woff2	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/webfonts/ss-standard.woff2 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 84f28a147c3083b02d80fc6414943eb9bb09078f80dfcc4cb186984bd48de6a9 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers Referer https://giphy.com/embed/u0bQN6bxXweHe Origin https://giphy.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kjyo7100110-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15465600 last-modified Thu, 15 Dec 2022 00:00:34 GMT age 23939338 x-timer S1696338620.209341,VS0,VE0 etag "941eea93fa0e52ded6b14148a223fbb4" vary X-UA-Device, Fastly-SSL, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type font/woff2 cache-control public, max-age=31536000 accept-ranges bytes content-length 12332 x-cache-hits 3600, 25
GET H2	200	InterFace_W_Bd.woff2 giphy.com/static/webfonts/ Frame BED8	23 KB 23 KB	25ms 25ms	Font font/woff2	151.101.1.185 FASTLY
General Check archive.org Show headers Download Go to Full URL https://giphy.com/static/webfonts/InterFace_W_Bd.woff2 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.185 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 72c3d25c9ca9d49c8d2373e1e1efa231d9c125a25d017ab8f152887d97eb6b47 Security Headers Name Value Strict-Transport-Security max-age=15465600 Request headers Referer https://giphy.com/embed/u0bQN6bxXweHe Origin https://giphy.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-served-by cache-iad-kcgs7200155-IAD, cache-fra-etou8220110-FRA date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15465600 last-modified Mon, 09 Jan 2023 15:43:56 GMT age 23003131 x-timer S1696338620.209343,VS0,VE0 etag "45c6053e1b94086b438166f9fa38e871" vary X-UA-Device, Fastly-SSL, X-UA-Device, Fastly-SSL x-cache HIT, HIT content-type font/woff2 cache-control public, max-age=31536000 accept-ranges bytes content-length 23396 x-cache-hits 1357, 26
GET H2	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame 7DFB	322 KB 73 KB	1209ms 1177ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6136721614818041&output=html&adk=1812271804&adf=3025194257&lmt=1696331420&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696338619593&bpp=5&bdt=1434&idt=583&shv=r20230928&mjsv=m202309210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=109373634000&frm=20&pv=2&ga_vid=466446073.1696338619&ga_sid=1696338620&ga_hid=1389528926&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C44803492%2C31076839&oid=2&pvsid=4182418164393931&tmod=840799842&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=637 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1aff516c23814014fa9a74da6f34dde8f8d366ba86cd8e73269065f6a30370cc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 74209 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:21 GMT expires Tue, 03 Oct 2023 13:10:21 GMT observe-browsing-topics ?1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	123ms 123ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20navbar-default%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:20 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	esp.js Show response oa.openxcdn.net/	24 KB 8 KB	155ms 23ms	Script application/javascript	34.102.146.192 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://oa.openxcdn.net/esp.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 192.146.102.34.bc.googleusercontent.com Software UploadServer / Resource Hash 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 26 Sep 2023 02:29:26 GMT content-encoding gzip age 643254 x-guploader-uploadid ADPycduytI9z2bFYyBmZcmC9SoTee7qNPzSw3JUzr5kvUTXbF9QwN3_Wx59Ty9hTpO3VOHI19GEDVpnUTQSEd8VaemdjCQ x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7927 last-modified Thu, 27 May 2021 18:30:51 GMT server UploadServer etag "df5542b88bc0e368c6999754a5b9e2ba" x-goog-generation 1622140251693895 x-goog-hash crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug== content-type application/javascript cache-control no-transform x-goog-stored-content-length 7927 accept-ranges bytes expires Wed, 25 Sep 2024 02:29:26 GMT
GET H2	200	esp.js Show response cdn.id5-sync.com/api/1.0/	143 KB 32 KB	167ms 36ms	Script text/javascript	2606:4700:10::6816:3556 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.id5-sync.com/api/1.0/esp.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 076f49c5c4285d33d4367cd4e943aafd74cb2a8faba78eebcdec26c95322bb5d Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=15552000; includeSubDomains; preload content-encoding gzip cf-cache-status HIT last-modified Wed, 27 Sep 2023 09:24:45 GMT server cloudflare x-amz-request-id W6VQQDY94G7FCAPP age 127 etag W/"dad32e558756cf2e52e60155a9d39f6a" x-amz-server-side-encryption AES256 vary Accept-Encoding content-type text/javascript;charset=utf-8 cache-control public, max-age=3600 cf-ray 81056cb9dc5a36dc-FRA x-amz-id-2 Qw8yopajYFmCW+2xjCO6PRHg+H6adHkiSlmMQqFAmkSftqpXdCo32qj/JDUY8LTjiuQ6ToFtYmQ=
GET H2	200	pubcid.min.js Show response cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/	732 B 1 KB	164ms 34ms	Script application/javascript	2606:4700::6810:5814 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 18496 x-jsd-version master content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230042-FRA, cache-jnb7027-JNB x-jsd-version-type branch server cloudflare etag W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sLRVck7vwUm%2BFPfAEDTGj9MeZGiScDPBkdVXhQqEn2200uKabG%2FWDYZ5xp2%2Bgx6ihegbhpMYeDCQ9tlftnohOwzasvv27ozm7gxha20H6hyl7BLpa3LhmPOjZevu%2FfxEX4%2BtV1NmmR59zreLXEU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 timing-allow-origin * cf-ray 81056cb9db4f916a-FRA
GET H2	200	encrypted-tag-g.js Show response invstatic101.creativecdn.com/encrypted-signals/	1 KB 1 KB	181ms 51ms	Script text/javascript	34.96.70.87 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 87.70.96.34.bc.googleusercontent.com Software Google Frontend / Resource Hash b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT via 1.1 google, 1.1 google last-modified Thu, 03 Aug 2023 03:28:51 GMT server Google Frontend etag fc4e6bfe266081c4873c6f08c8298e5c content-type text/javascript; charset=utf-8 x-cloud-trace-context 99967ceadc69ed27cb68330ff30e7063 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1207
GET H/1.1	200 OK	uid2SecureSignal.js Show response cdn.prod.uidapi.com/	3 KB 3 KB	152ms 23ms	Script text/javascript	2600:9000:2250:da00:a:e047:753:6381 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.uidapi.com/uid2SecureSignal.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:da00:a:e047:753:6381 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers x-amz-version-id tte_Zq9MCmRAYf9XeFwo9sUIgrBbXCUY Date Tue, 03 Oct 2023 06:34:15 GMT Via 1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA60-P2 Age 23766 x-amz-server-side-encryption AES256 X-Cache Hit from cloudfront x-amz-replication-status COMPLETED Connection keep-alive Content-Length 2776 Last-Modified Wed, 06 Sep 2023 03:40:59 GMT Server AmazonS3 ETag "a3a9a9ee8e72db69d54e805f0586c651" Content-Type text/javascript Accept-Ranges bytes X-Amz-Cf-Id gCmEX5uFO9A60FWZ4xyRFJTw_7ohe1aWVvmmZTQ9Y_4kGn6Q1M1ovw==
GET H2	200	connectId-gpt.js Show response connectid.analytics.yahoo.com/	7 KB 8 KB	159ms 30ms	Script application/javascript	2600:9000:2090:c00:10:dd8:5e40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://connectid.analytics.yahoo.com/connectId-gpt.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2090:c00:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a5531a7467f0e324959b8c056c8ada8709116598b07d560936ff787ad7d5818b Security Headers Name Value Content-Security-Policy default-src 'self' Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 12:45:36 GMT via 1.1 a4f5633e78f92f983940236e96220232.cloudfront.net (CloudFront) content-security-policy default-src 'self' x-amz-cf-pop AMS58-P1 age 1485 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 7504 x-amz-expiration expiry-date="Mon, 31 Jul 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle" last-modified Mon, 31 Jul 2023 15:05:44 GMT server AmazonS3 etag "831ad85cf4ef2e916bda07dc20b4cc5d" content-type application/javascript cache-control max-age=3600 accept-ranges bytes x-amz-cf-id Xu4Y6YKmFUr2ozYJmWpvNbOuf4LSaK70ofjntmSilyD9wma68ZJQ_Q==
GET H2	200	ga-audiences www.google.com/ads/ Frame BED8	42 B 296 B	48ms 47ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38174542-5&cid=1020522840.1696338620&jid=1484392896&_u=IGBAgEABAAAAAGAAIC~&z=38846924 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:20 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/ Frame BED8	42 B 408 B	155ms 48ms	Image image/gif	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38174542-5&cid=1020522840.1696338620&jid=1484392896&_u=IGBAgEABAAAAAGAAIC~&z=38846924 Requested by Host: giphy.com URL: https://giphy.com/embed/u0bQN6bxXweHe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://giphy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:20 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	status www.facebook.com/x/oauth/	0 0	196ms 128ms	Fetch text/plain	2a03:2880:f177:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/x/oauth/status?client_id=1623920071210326&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&sdk=joey&wants_cookie_data=true Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js?hash=8d75f0831763ec3a19d785a795a5169e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=15552000; preload date Tue, 03 Oct 2023 13:10:20 GMT x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 pragma no-cache x-fb-debug 7htMSzgNGmyINJdKKP3D0KqpCAPXZCFJsX7sTrlA3EuS6nywo6ggIKXZBu1z5qt8RasaidRY2ay3QuMJYCbPug== fb-s unknown report-to {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.orlygift.com origin-agent-cluster ?0 access-control-expose-headers fb-s cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	esp Show response oajs.openx.net/ Redirect Chain https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp&cc=1	85 B 202 B	136ms 136ms	Fetch application/json	34.120.135.53 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp&cc=1 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Server 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 53.135.120.34.bc.googleusercontent.com Software / Express Resource Hash 8ad3f96341da235718387c5205582eb3093390debd3a1909a52b36dcf5da45ab Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT via 1.1 google x-powered-by Express etag W/"55-Hj/bDl9hiIIp3ZEtU8mHDdAMF1E" vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://www.orlygift.com access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 85 Redirect headers date Tue, 03 Oct 2023 13:10:20 GMT via 1.1 google x-powered-by Express vary Origin access-control-allow-origin https://www.orlygift.com location /esp?url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&rid=esp&cc=1 access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS H2	200	fed ups.analytics.yahoo.com/ups/58813/ Frame	0 0	99ms 32ms	Preflight text/plain	3.71.149.231 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ups.analytics.yahoo.com/ups/58813/fed?v=1&url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway Protocol H2 Security TLS 1.3, , AES_256_GCM Server 3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-71-149-231.eu-central-1.compute.amazonaws.com Software ATS/9.1.10.75 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers x-csrf-token Access-Control-Request-Method GET Origin https://www.orlygift.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers age 0 allow HEAD, GET, OPTIONS content-type text/plain;charset=UTF-8 date Tue, 03 Oct 2023 13:10:20 GMT p3p CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV server ATS/9.1.10.75 strict-transport-security max-age=31536000
GET		fed ups.analytics.yahoo.com/ups/58813/	0 0
GET		increment id5-sync.com/api/esp/	0 0
OPTIONS H2	403	increment id5-sync.com/api/esp/ Frame	0 0	380ms 313ms	Preflight	141.95.33.111 OVH
General Check archive.org Show headers Download Go to Full URL https://id5-sync.com/api/esp/increment?counter=no-config Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.95.33.111 , Germany, ASN16276 (OVH, FR), Reverse DNS ns3203177.ip-141-95-33.eu Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Accept */* Access-Control-Request-Headers x-csrf-token Access-Control-Request-Method GET Origin https://www.orlygift.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:20 GMT strict-transport-security max-age=63072000; includeSubDomains; preload vary Origin Access-Control-Request-Method Access-Control-Request-Headers
GET H2	200	pd Show response google-bidout-d.openx.net/w/1.0/ Frame 6223	0 176 B	399ms 135ms	Document text/html	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://google-bidout-d.openx.net/w/1.0/pd?plm=5 Requested by Host: oa.openxcdn.net URL: https://oa.openxcdn.net/esp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/0.0.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding gzip content-length 20 content-type text/html date Tue, 03 Oct 2023 13:10:21 GMT server OXGW/0.0.0 vary Accept, Accept-Encoding via 1.1 google
GET H3	200	reactive_library_fy2021.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/	154 KB 53 KB	94ms 93ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/reactive_library_fy2021.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 62c6b2136bbb4cd7b8d0026df0cfccf29aa6df4cee89a3498e6265a8da847740 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:21 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 53739 x-xss-protection 0 server cafe etag 8775428214253246491 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=1209600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:21 GMT
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/ Frame 18DD	10 KB 4 KB	22ms 21ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 83493 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4471 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 13:58:49 GMT etag 2603938475786422795 expires Mon, 16 Oct 2023 13:58:49 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/ Frame A4DD	10 KB 4 KB	23ms 21ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 83493 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4471 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 13:58:49 GMT etag 2603938475786422795 expires Mon, 16 Oct 2023 13:58:49 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/ Frame 3B17	10 KB 4 KB	33ms 30ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 83493 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4471 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 13:58:49 GMT etag 2603938475786422795 expires Mon, 16 Oct 2023 13:58:49 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/ Frame 5F67	10 KB 4 KB	29ms 27ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 83493 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4471 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 13:58:49 GMT etag 2603938475786422795 expires Mon, 16 Oct 2023 13:58:49 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	css2 fonts.googleapis.com/ Frame 18DD	4 KB 767 B	35ms 30ms	Stylesheet text/css	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 03 Oct 2023 11:53:49 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 03 Oct 2023 13:10:22 GMT
GET H3	200	feedback_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 18DD	205 B 229 B	75ms 25ms	Image image/png	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Sun, 01 Oct 2023 21:19:32 GMT x-content-type-options nosniff age 143450 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 205 x-xss-protection 0 last-modified Thu, 20 Jul 2023 22:48:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Mon, 30 Sep 2024 21:19:32 GMT
GET H3	200	settings_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 18DD	604 B 628 B	72ms 24ms	Image image/png	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Sat, 30 Sep 2023 09:34:53 GMT x-content-type-options nosniff age 272129 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 604 x-xss-protection 0 last-modified Thu, 20 Jul 2023 22:48:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Sun, 29 Sep 2024 09:34:53 GMT
GET H2	200	fullscreen_api_adapter_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame 18DD	15 KB 7 KB	113ms 33ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/fullscreen_api_adapter_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c6ece8077c8a8d8d057b5a03c892dcf1fed9da76ff1bc964cd17416008752c48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 23:06:10 GMT content-encoding br x-content-type-options nosniff age 50652 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6551 x-xss-protection 0 server cafe etag 511223485441000916 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 23:06:10 GMT
GET H2	200	interstitial_ad_frame_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame 18DD	20 KB 8 KB	113ms 34ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/interstitial_ad_frame_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash bd91080d2c7f2120ad82727f5c07bbb439b810ed4035993ddb1825ca1611396b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 21:52:41 GMT content-encoding br x-content-type-options nosniff age 55061 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8566 x-xss-protection 0 server cafe etag 5625731030761120726 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 21:52:41 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 19C8	624 B 246 B	81ms 77ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNVqronacjJJfDg_BzwNhv9DkG1x63Aet4A8-8hfxUdUVGGJMv061dhNV5_70SsuII2h6EGvAud6iUbBQ20wXJITn37l5CozTkJFA-24Y-z8eTznq4ub8PSiBdOrRaGCwj9-8Z8tqvpgtTCvd0rKadiFnIUA0WcCMryuLPZaEHX6279ooV0 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 222 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:22 GMT expires Tue, 03 Oct 2023 13:10:22 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dv3.js Show response pagead2.googlesyndication.com/pagead/js/ Frame C4A7	89 KB 31 KB	120ms 107ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/dv3.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31491 x-xss-protection 0 server cafe etag 6167930392490353973 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame C4A7	3 KB 1 KB	110ms 58ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 11:45:54 GMT content-encoding br x-content-type-options nosniff age 5068 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 17 Oct 2023 11:45:54 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame C4A7	20 KB 8 KB	108ms 57ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8282 x-xss-protection 0 server cafe etag 5314254467506293444 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame C4A7	187 KB 59 KB	42ms 30ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 60018 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1696246517909956" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame C4A7	42 B 63 B	131ms 128ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D5k5Anx6Qj7H-kEUZqPHKCM4BzWCNQLR0lEVEx8Cs7g529TYWRuBQs5oMWhlhoYkEqVFrMRJSidKTy2jRywtfPClwOLIIYqKM0Cj8YTTNOPntSGxo Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C4A7	0 20 B	130ms 127ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12986283969283769184&x=1&ct=119 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 5049	624 B 246 B	76ms 72ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNV_Ivd6fJzDImANLZEKFIa8w77_fasErpdQSMjQvyEDOVuHclmx81_doC9lhHBuUhkyDsUTSUXDkd97yM28hIuBYhrtex7yPT--DTmkW7h2HZMbkiN3u8AEhQ02T3N1dzZOwdM6buu6oLdPMU0stguybkC9e5drNEH3TY2UivQrCdxFvV0 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 222 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:22 GMT expires Tue, 03 Oct 2023 13:10:22 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dv3.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 97F2	89 KB 31 KB	177ms 176ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/dv3.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31491 x-xss-protection 0 server cafe etag 6167930392490353973 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 97F2	3 KB 1 KB	78ms 58ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 11:45:54 GMT content-encoding br x-content-type-options nosniff age 5068 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 17 Oct 2023 11:45:54 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 97F2	20 KB 8 KB	56ms 35ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8282 x-xss-protection 0 server cafe etag 5314254467506293444 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 97F2	187 KB 59 KB	58ms 48ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 60018 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1696246517909956" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 97F2	42 B 63 B	176ms 169ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BnjqVPAD6vuXPldaJn6rkVhVUJnTIP47oUVJYzLgoyQYrGzipd1zz8xoDtj8aPgVSThvGGRPJRxdsOxTTCo0kczZl-_Z5WGm2KDSh9yOz56p9g7VU Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 97F2	0 20 B	184ms 176ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6561358273335519672&x=1&ct=119 Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame CA09	624 B 246 B	73ms 64ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGKj69fUBMAE&v=APEucNUMQ769omOIFBUeoGA_-pcMGNcyFOkFnz__eMHBuu_AVHIEeQcYF3YWPhi_gndX7FCCfTrbPzjimY51u9JsFHVYCaG_S1m0MqllXCZ10638FBV7q92qQrTFiQIrSrBi7Yiwhv4tggX7dB0IcxuSJib0c43hzbmSXhXzecqK9P0HAcDNuBA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 222 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:22 GMT expires Tue, 03 Oct 2023 13:10:22 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dv3.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 5F67	89 KB 31 KB	199ms 197ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/dv3.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31491 x-xss-protection 0 server cafe etag 6167930392490353973 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=600 timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 5F67	42 B 63 B	234ms 232ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CxjVwow4KtTAZNE0PW2fkU3DxAqGQVk6c5kenxH9LIxyXwVo44d0y8HexGhPATQJ7LWK5Xxoj7NKeq55_bx5fi2pjmmU9rY44nNhyQyLDhSszZqrY Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 5F67	0 20 B	234ms 232ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9540628744081417538&x=1&ct=76 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 5F67	3 KB 1 KB	58ms 53ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 11:45:54 GMT content-encoding br x-content-type-options nosniff age 5068 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 17 Oct 2023 11:45:54 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 5F67	20 KB 8 KB	57ms 52ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8282 x-xss-protection 0 server cafe etag 5314254467506293444 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 5F67	187 KB 59 KB	85ms 81ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 60018 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1696246517909956" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 19C8 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtKjeeBovMWq11sDaq7HzQ&google_cver=1	43 B 405 B	46ms 36ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtKjeeBovMWq11sDaq7HzQ&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNVqronacjJJfDg_BzwNhv9DkG1x63Aet4A8-8hfxUdUVGGJMv061dhNV5_70SsuII2h6EGvAud6iUbBQ20wXJITn37l5CozTkJFA-24Y-z8eTznq4ub8PSiBdOrRaGCwj9-8Z8tqvpgtTCvd0rKadiFnIUA0WcCMryuLPZaEHX6279ooV0 Protocol H2 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSv7CD%2BeRDp6SUhe9mp3JNJH5nPlnbHZH0rhdxS%2FQ4zP%2FFAhbiL4bcj1PEhRk%2BAUnCxoGeVlLa4JVUaTBq3AfDOtfd6hZ8Nrm6R7f4frUB3OAaGYSh%2FpULF%2FCZQ3A8Tl6g0Td3d976Poh%2FPmwloOSwEzeXsLKA%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc7bf013764-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtKjeeBovMWq11sDaq7HzQ&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 19C8 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2	43 B 447 B	37ms 37ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNVqronacjJJfDg_BzwNhv9DkG1x63Aet4A8-8hfxUdUVGGJMv061dhNV5_70SsuII2h6EGvAud6iUbBQ20wXJITn37l5CozTkJFA-24Y-z8eTznq4ub8PSiBdOrRaGCwj9-8Z8tqvpgtTCvd0rKadiFnIUA0WcCMryuLPZaEHX6279ooV0 Protocol H2 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIaIS0neq%2Bbd3PyAGRDQiWKYJ9sNiHB5YIYWfYW1a8CkfhQwwOFzFOkiwfmRCgFFVg0ZIbkDXqHnngX6QmlQOUz6yQEj1kmvmmZOBAMMzoMYqOXusr0laKN1KWQNANz79H0K%2FpYgclxJTuMJmNVd3cy3%2BWrD2A%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc8f9163764-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 329 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce ib.adnxs.com/ Frame 19C8 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1	43 B 892 B	86ms 54ms	Image image/gif	37.252.172.123
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNVqronacjJJfDg_BzwNhv9DkG1x63Aet4A8-8hfxUdUVGGJMv061dhNV5_70SsuII2h6EGvAud6iUbBQ20wXJITn37l5CozTkJFA-24Y-z8eTznq4ub8PSiBdOrRaGCwj9-8Z8tqvpgtTCvd0rKadiFnIUA0WcCMryuLPZaEHX6279ooV0 Protocol H2 Server 37.252.172.123 -, , ASN (), Reverse DNS Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid c38b29e6-1217-4923-a600-74158d3b28f3 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid 5fbc7a6b-9d2d-4f50-94aa-63fa1db2348b server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 cache-control no-store, no-cache, private x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 19C8 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D	170 B 188 B	64ms 59ms	Image image/png	142.250.184.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNVqronacjJJfDg_BzwNhv9DkG1x63Aet4A8-8hfxUdUVGGJMv061dhNV5_70SsuII2h6EGvAud6iUbBQ20wXJITn37l5CozTkJFA-24Y-z8eTznq4ub8PSiBdOrRaGCwj9-8Z8tqvpgtTCvd0rKadiFnIUA0WcCMryuLPZaEHX6279ooV0 Protocol H3 Server 142.250.184.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid c1172936-a6c6-4c88-8cf6-7bb3fb43339b server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	88cf7d8f92971695aa333eeba8ca195d.js Show response www.gstatic.com/mysidia/ Frame 4393	9 KB 4 KB	70ms 69ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/88cf7d8f92971695aa333eeba8ca195d.js?tag=client_fast_engine_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ac4a4d48faf1670dd95aac541fd22c6728ab6528d9fbacfdbd2e58ab5cbc83c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 14:58:47 GMT content-encoding gzip x-content-type-options nosniff age 79895 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3923 x-xss-protection 0 last-modified Mon, 02 Oct 2023 14:46:38 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Sun, 31 Dec 2023 14:58:47 GMT
GET H3	200	f41bdb3f841744f069dcdb3aa68264c8.js Show response www.gstatic.com/mysidia/ Frame 4393	119 KB 41 KB	137ms 57ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/f41bdb3f841744f069dcdb3aa68264c8.js?tag=leadgen/snom_image_restricted Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8fdd70b2705ea904970c6cb468bde292bdaa6070804cea5bb54d08257ba0c941 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 16:44:08 GMT content-encoding gzip x-content-type-options nosniff age 73574 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42424 x-xss-protection 0 last-modified Mon, 02 Oct 2023 14:46:38 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Sun, 31 Dec 2023 16:44:08 GMT
GET H3	200	a262df46fe0a0cd38c190fa2e10da9d0.js Show response www.gstatic.com/mysidia/ Frame 4393	19 KB 8 KB	160ms 80ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/a262df46fe0a0cd38c190fa2e10da9d0.js?tag=pingback Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8eeeff557381f3f5978a067d71b9cfa41bc0e7805ab0a4211f07fa4cf591d32f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 15:01:55 GMT content-encoding gzip x-content-type-options nosniff age 79707 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8045 x-xss-protection 0 last-modified Mon, 02 Oct 2023 14:46:38 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Sun, 31 Dec 2023 15:01:55 GMT
GET H3	200	css fonts.googleapis.com/ Frame 4393	9 KB 1 KB	158ms 80ms	Stylesheet text/css	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto%3A400%7CGoogle%20Sans%3A400 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 99fae6468b3bd803389038dbee0d9d96f845779869b3d448db662e735bb8ec6d Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 03 Oct 2023 12:50:42 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 03 Oct 2023 13:10:22 GMT
GET H3	200	mdc_list_min.js Show response pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 4393	27 KB 6 KB	135ms 58ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_list_min.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0a0610548e89956b26496552978f70638cbbba6f7d3fc204e137457a52d53f8d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 19:02:22 GMT content-encoding br x-content-type-options nosniff age 65280 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6467 x-xss-protection 0 server cafe etag 4758454654811317262 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 19:02:22 GMT
GET H3	200	mdc_menu_min.js Show response pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 4393	51 KB 11 KB	136ms 58ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_menu_min.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash fd543b21d162ee922201fe54b79778548f8102ea91376960e856c069a135cb76 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 06:01:10 GMT content-encoding br x-content-type-options nosniff age 25752 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11146 x-xss-protection 0 server cafe etag 2759356358486721826 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Wed, 04 Oct 2023 06:01:10 GMT
GET H3	200	mdc_menu_surface.min.js Show response pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 4393	18 KB 5 KB	160ms 82ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_menu_surface.min.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 35ef325738aec617e593976f23534b7d5b159f4642f24bc7c1bbbb40a7dc181f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 06:08:24 GMT content-encoding br x-content-type-options nosniff age 25318 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4739 x-xss-protection 0 server cafe etag 18373107336927916518 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Wed, 04 Oct 2023 06:08:24 GMT
GET H3	200	mdc_select_min.js Show response pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 4393	103 KB 18 KB	156ms 79ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_select_min.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f61ce0d0d062c15912a8fd7067d050eb058a4947d7d516ffa6efc31fd32ea731 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 07:44:48 GMT content-encoding br x-content-type-options nosniff age 19534 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18791 x-xss-protection 0 server cafe etag 10996637669125113147 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Wed, 04 Oct 2023 07:44:48 GMT
GET H3	200	mdc_textfield_min.js Show response pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 4393	58 KB 10 KB	158ms 81ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_textfield_min.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash bbd11d287d579b875f5ba1e88c62f56834dd8d925d7776fdc4eb201cf9aa5192 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 14:09:55 GMT content-encoding br x-content-type-options nosniff age 82827 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 10107 x-xss-protection 0 server cafe etag 7588401036457704084 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 14:09:55 GMT
GET H3	200	mdc_list_min.css pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 4393	31 KB 3 KB	150ms 72ms	Stylesheet text/css	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_list_min.css Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 39473f41f6492001648e93d50aa18f14ae5e917cd9c93da48ec2dd50ca1f364b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 19:02:21 GMT content-encoding br x-content-type-options nosniff age 65281 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3021 x-xss-protection 0 server cafe etag 18113988596513574663 vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 19:02:21 GMT
GET H3	200	mdc_menu_min.css pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 4393	3 KB 791 B	154ms 76ms	Stylesheet text/css	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_menu_min.css Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3c4a4057f02182efe3e8959561124f215a4a8e50e03257b71d550cbf74ecc4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 19:04:57 GMT content-encoding br x-content-type-options nosniff age 65125 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 766 x-xss-protection 0 server cafe etag 14497039402300002370 vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 19:04:57 GMT
GET H3	200	mdc_menu_surface_min.css pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 4393	2 KB 636 B	152ms 75ms	Stylesheet text/css	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_menu_surface_min.css Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 389090922185d81fe757eb0e033fccb17583e98a7dc5b9900a1dbd7bb49aafa5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 00:08:47 GMT content-encoding br x-content-type-options nosniff age 46895 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 611 x-xss-protection 0 server cafe etag 18268606943400439583 vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Wed, 04 Oct 2023 00:08:47 GMT
GET H3	200	mdc_select_min.css pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 4393	37 KB 4 KB	151ms 76ms	Stylesheet text/css	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_select_min.css Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b5737b0c371611ffbda25040aefb4a72202b3f4f4223da5802f9841823f125ec Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 19:02:21 GMT content-encoding br x-content-type-options nosniff age 65281 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3940 x-xss-protection 0 server cafe etag 17986137158686949241 vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 19:02:21 GMT
GET H3	200	mdc_textfield_min.css pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 4393	51 KB 5 KB	149ms 73ms	Stylesheet text/css	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_textfield_min.css Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5fb44f5faa5569cf002f97433c48ff5f53a0c6a181d3f67858c93a8379dbde0d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 14:52:10 GMT content-encoding br x-content-type-options nosniff age 80292 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4595 x-xss-protection 0 server cafe etag 17552977722549843295 vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=86400 timing-allow-origin * expires Tue, 03 Oct 2023 14:52:10 GMT
GET H2	200	load_preloaded_resource_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 4393	2 KB 945 B	142ms 10ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/load_preloaded_resource_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 865 x-xss-protection 0 server cafe etag 5051423035144352294 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H3	200	ef1f6d24bef59513d7c49e9cf5bba5ca.js Show response www.gstatic.com/mysidia/ Frame 4393	22 KB 9 KB	154ms 67ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/ef1f6d24bef59513d7c49e9cf5bba5ca.js?tag=exit_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 19aaa87c8184f65551d5c44d78d03aa8230d28c7c04d142f731f0fa129fd9cdb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 15:12:54 GMT content-encoding gzip x-content-type-options nosniff age 79048 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9440 x-xss-protection 0 last-modified Mon, 02 Oct 2023 14:46:38 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Sun, 31 Dec 2023 15:12:54 GMT
GET H2	200	abg_lite_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame 4393	23 KB 9 KB	136ms 11ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ac4a2fcf56f3a5815338b809cd7e8b9a80b676bc6ad801f4c9666b3e9c7bdfd4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9131 x-xss-protection 0 server cafe etag 6297790743806441599 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 4393	3 KB 1 KB	137ms 13ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 11:45:54 GMT content-encoding br x-content-type-options nosniff age 5068 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 17 Oct 2023 11:45:54 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 4393	20 KB 8 KB	116ms 0ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:33:22 GMT content-encoding br x-content-type-options nosniff age 70620 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8282 x-xss-protection 0 server cafe etag 5314254467506293444 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:33:22 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 4393	187 KB 59 KB	153ms 74ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:22 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 60018 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1696246517909956" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Tue, 03 Oct 2023 13:10:22 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 5049 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1	43 B 343 B	57ms 56ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNV_Ivd6fJzDImANLZEKFIa8w77_fasErpdQSMjQvyEDOVuHclmx81_doC9lhHBuUhkyDsUTSUXDkd97yM28hIuBYhrtex7yPT--DTmkW7h2HZMbkiN3u8AEhQ02T3N1dzZOwdM6buu6oLdPMU0stguybkC9e5drNEH3TY2UivQrCdxFvV0 Protocol H2 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOqsrm8f%2Fsc7g04Zde984cz9zv2rSrdmopYQ1t%2BAJEg5Ryx2beweyWoBSs6ZylFtukxM%2BjdZ7UpLz6kXJp%2FZM7UzJRm%2BRLywp2wyUyhI8wySZojXhZItSu%2FmxtlGitwVU3gFlzfgTiyIYsKJ0qqpgx5wlTuudQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc7ff5f3764-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	rum dsum-sec.casalemedia.com/ Frame 5049 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2	43 B 786 B	146ms 138ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNV_Ivd6fJzDImANLZEKFIa8w77_fasErpdQSMjQvyEDOVuHclmx81_doC9lhHBuUhkyDsUTSUXDkd97yM28hIuBYhrtex7yPT--DTmkW7h2HZMbkiN3u8AEhQ02T3N1dzZOwdM6buu6oLdPMU0stguybkC9e5drNEH3TY2UivQrCdxFvV0 Protocol H3 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzPyuHiJLG%2F4WMQlCo5KMs09lUcgxHKeehzWkN1YZyupcmYEsZKUqokdbvNiZD6zGrFWC9TCcm%2Fzt7W%2BbsoRJ2VLv2%2BD5snG1U6oEAMFw0Adj2M%2BQixI7j231CDftIOLNh8h7pLm4CZAsD%2FlO8syHgzY%2BYFq6g%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc999ed90d6-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 329 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce ib.adnxs.com/ Frame 5049 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1	43 B 892 B	85ms 51ms	Image image/gif	37.252.172.123
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNV_Ivd6fJzDImANLZEKFIa8w77_fasErpdQSMjQvyEDOVuHclmx81_doC9lhHBuUhkyDsUTSUXDkd97yM28hIuBYhrtex7yPT--DTmkW7h2HZMbkiN3u8AEhQ02T3N1dzZOwdM6buu6oLdPMU0stguybkC9e5drNEH3TY2UivQrCdxFvV0 Protocol H2 Server 37.252.172.123 -, , ASN (), Reverse DNS Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid e9f1bf70-23eb-407e-8a43-1656571a5109 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT an-x-request-uuid d97a5e72-c98a-43c0-a3a8-2f999296f5b5 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 cache-control no-store, no-cache, private x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 5049 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D	170 B 188 B	48ms 45ms	Image image/png	142.250.184.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKvU5fQCEMaIsIIEGLzag_MBMAE&v=APEucNV_Ivd6fJzDImANLZEKFIa8w77_fasErpdQSMjQvyEDOVuHclmx81_doC9lhHBuUhkyDsUTSUXDkd97yM28hIuBYhrtex7yPT--DTmkW7h2HZMbkiN3u8AEhQ02T3N1dzZOwdM6buu6oLdPMU0stguybkC9e5drNEH3TY2UivQrCdxFvV0 Protocol H3 Server 142.250.184.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid be6f1ae5-3b3e-4f02-bfe3-e1dd166bae8c server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame CA09 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1	43 B 341 B	42ms 41ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGKj69fUBMAE&v=APEucNUMQ769omOIFBUeoGA_-pcMGNcyFOkFnz__eMHBuu_AVHIEeQcYF3YWPhi_gndX7FCCfTrbPzjimY51u9JsFHVYCaG_S1m0MqllXCZ10638FBV7q92qQrTFiQIrSrBi7Yiwhv4tggX7dB0IcxuSJib0c43hzbmSXhXzecqK9P0HAcDNuBA Protocol H2 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HI12YhyWTrOskFqvznjk6akAJp74f1pWgh%2FPbHEN3BbQN3Pb5cGtxspYbtpyoW60YkgzyjbBRu22S%2FKtz%2BGTpjHjU1s5rIJRcNfjyRGcvSeY%2FLJERWaYtw25SLLj8E0u4cFMTrXPYLA%2BfJOQi9ofGBgqgJivCA%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc7ff603764-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame CA09 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRwSvnCoUOYupCSSNL.oawAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2	43 B 430 B	61ms 61ms	Image image/gif	2606:4700::6812:1ac1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGKj69fUBMAE&v=APEucNUMQ769omOIFBUeoGA_-pcMGNcyFOkFnz__eMHBuu_AVHIEeQcYF3YWPhi_gndX7FCCfTrbPzjimY51u9JsFHVYCaG_S1m0MqllXCZ10638FBV7q92qQrTFiQIrSrBi7Yiwhv4tggX7dB0IcxuSJib0c43hzbmSXhXzecqK9P0HAcDNuBA Protocol H2 Server 2606:4700::6812:1ac1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xr4r7TK8KSjTSGanFhqqEkztAC4hm3LdmHKwxgEP%2FHWeYAdqeg37g37RDUYGUqAeQqyCzMzZN3cPqoK9zFxagTBIvC58%2BYUdtqV1zN1KcpAXvULVOsIStwxnz9Ra07EqkMKriQwOO0EQNvd5F5CUBMWhOoUGFQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 81056cc8f9123764-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFeN6n8Plj0vA6JrdDDMB_8&google_cver=1&google_hm=2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 329 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce ib.adnxs.com/ Frame CA09 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEPRMMLQpWsMpOdbTbHfTNi8&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1	43 B 893 B	116ms 82ms	Image image/gif	37.252.172.123
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGKj69fUBMAE&v=APEucNUMQ769omOIFBUeoGA_-pcMGNcyFOkFnz__eMHBuu_AVHIEeQcYF3YWPhi_gndX7FCCfTrbPzjimY51u9JsFHVYCaG_S1m0MqllXCZ10638FBV7q92qQrTFiQIrSrBi7Yiwhv4tggX7dB0IcxuSJib0c43hzbmSXhXzecqK9P0HAcDNuBA Protocol H2 Server 37.252.172.123 -, , ASN (), Reverse DNS Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid 6f9dd6cf-fe3b-454d-9db3-f164254b044f server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT an-x-request-uuid efd7edef-20ba-4942-a57d-e564af8e6b80 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPRMMLQpWsMpOdbTbHfTNi8%26google_cver%3D1 cache-control no-store, no-cache, private x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame CA09 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D	170 B 188 B	62ms 60ms	Image image/png	142.250.184.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGKj69fUBMAE&v=APEucNUMQ769omOIFBUeoGA_-pcMGNcyFOkFnz__eMHBuu_AVHIEeQcYF3YWPhi_gndX7FCCfTrbPzjimY51u9JsFHVYCaG_S1m0MqllXCZ10638FBV7q92qQrTFiQIrSrBi7Yiwhv4tggX7dB0IcxuSJib0c43hzbmSXhXzecqK9P0HAcDNuBA Protocol H3 Server 142.250.184.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 03 Oct 2023 13:10:23 GMT an-x-request-uuid e3243b91-60aa-4051-a1f0-c8f4527b2184 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM4Nzg4NzU1ODcwMTM0MDgwNQ%3D%3D x-proxy-origin 217.114.215.131; 217.114.215.131; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C4A7	0 20 B	147ms 126ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4588409587122&version=m202309260101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C4A7	0 20 B	148ms 127ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4588409587122&version=m202309260101&ct=119&x=1&cor=12986283969283768000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame C4A7	89 KB 37 KB	145ms 83ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AePEosVSrGwXGqyl5Z2MBkZ9FqVQwCQfl2lDKmjAW2eaQWr-kDIGZutQCEqwFLR0O6cgZ8FKlFQVfU_UeKw-rVuTSMEblQBugRNAI61eS5A0J1NaIJRKkFXAp0SAno77ceIU__dFxiJWYAJSdYvUkl1p_N3CJyLCNN_viN2x4Lz2EQ2xc&cry=1&dbm_d=AKAmf-BjHtysYzq0TeWfRgzxoKw1F2GfjOQxg41bL_5rbmMWaShWODGFEXvlF8srUBjD-1gZhkRFmPQEwTid97UioYIUi3GgGYCWL4v1urRa-prXNhKslWA-3hIE7dDdvj2hvzwVVxYrTjAEwFnQCW44xyz9RW1DS6DjawYDZTwvc7tUdijHtODmQDlBc34cFsf8h7Ghpes2t8fA4ef6hLOnw9WKQR-WbNU69sOWnjZZSCBIryMhuGy-aWi-fkoTXUreRB81hNjv_4333vTypTCWkAW_myb4nJAX5F3FOFPKgfi0MdAaSL6Sr19twrbcEnVVVYzRFvrkynMDdyR7nnFf9mYsm8cgr-C7LzIN7TbT5O7DvVgf-gwaLqr4xBxyu-HaaTa28bprKdOvcToTYLOx5HLiIXTJEbwmd4Ox5YTgmCowJAIlN-1kbwlLL4ZTwrwoS6sANLD5YLz5vKARxdatiZCVoZbZrVAYDf7GhOqHwrf72AvutYQORA0qNzgJeGQ0brBDcXp62McWTFsJy7nXCZU9d66voZivKYrtHo2IYIRkqT3y2oNnUFFkc7nbpFSc_eArFY01Qd61XnwzPMXG9WPtVv-rxBbDrPxZLDITMuBrv4G8Bg4XxUVJktM48t3yEr2-MoV2Bw1IVmH1Fm5DoAS34ibJDbcEnN5jSszq6LjEXDaM21Q_jek1Vt1_x1QiaEplLq3Y1mtCc71MfS2TJ1y7Sopi7btybG0K2MJLPSgdj6THgGNHgWb2hJ2rfDhzQk39Q1rivjp4TjObnxUy9ETD82xr_nLxWenzRWHkmvr8R44uGBepWoRFlkPXQVfXnB_Q8un_Qf9mzgatXS-y7rdZ-f5MDGK9bN5FVtpkn1BIw0eu7AcWCzpluMAs3Ip6Q-EMn5LpVhnSK7UQz4PbVmz_SYYEy_sqME-J-SCSq4dSOw7y13DrtZODpKrUKtIJT6AsvBTNW8KhiJkQToGhBjq9WscwBczVVORg2pNlcESQRL1ED8e7fbphIyIP9i6D6ZfNVhVz_u3tIumVQS8ekkRu5zY7Rf5ArpjporESH3YzbRXyepEfy2JueogF_BFyTbiN8zcQFMCMAatILdsSOllXlm8y7oS42S71-AQLtddp0Pp6YGRVubPTXGFHA46UadUa2k5_rJJ6Ynd4yYoY8XEHbVyKscPz_hapq0LtaWiCB1vprBbr4FkWjtyF4mL_NCyby8LiQg-NUA5uNpCzVAJ_7WiDj0myNHk0V6uPyJgtqhBI6XALqfK0XsNNjTV9kKfsUCe4J7ZYVBf5rYPMxtG3ntI-EUV2XdcRbygZSERYLIb54G8p3tg27lysLaiwmWNScttbGDkTjSJHlcpsGUzgVCXvcbYFz-SuueV-zA4Ao5KerqzBm3LJ7l20BrBRU6gbUCjpF7ELwCrLe7k65rHAX2fdaS0kvHRYP85ezqYWQLpq_qxrOo5DnIFVBQsSSlhWMpCHDA_KY7mZh13-W-Uy2Cnadl0RAkADpUYpkQnRVaOt0gGNoJbd6gcO3V7RsZH86W96fdMmUEZTUs_BS3uBCuDkY44FKhvpTyPXCgBANIVdioih2UzWsKDn999rJoi2eay-oiKfBco3E_HlxopAjDDMdf62P6OwXIHs1e8G6VDckteVoUwnxCCBJf7Zo7xnnxxIbPe6ndDJpYHXrKIOkU5g0qeTi8AM1YdpSINlnuqmqlQWogNG5eSIHZ1x1CHTh2Ag7ved24ffuWeOPAs-bwI0HDU9m3pUPXMmxj9tGIlG33TLWtGvTOeDP2JmwDrOgR_4GgH59V5oBZAzV4xQuVp8Kd2L-NRhFsbtjUrF9W9S4n66Hx2T7sFptGfWp_wgRpJCzv8zNJqJC14woU3FsaF04wqGeCIb4wKF-TGyesAQxxlMN1CtLi35caoSu9RYbVCkn0HwOG6qklauS2jznvzJ0zaUuuUPs8eMJrSLnHXKVfNIOjvwhNJGy8kMoOuEIAhYFRS9oZjyl7k-BMpYkuaZY-Mv8DevYjck6aYh6SnsPEvu7MeiEVhpabD3MehVOhp9Cp-hg3xjXTcHQUPtQG-B2gdxepAIT6TkoGbzN6lLdQ2SgxhhDS10cg6eu9hd0d24ErKH9zVAmh9vZb-mfVYum_MhrnUG_1C98WCThYIwZ7LMoqXu50MFRnnxGA9tZUQi0OICh3TlqObF3tvsVT1hhs_6Q5s4MyA0SuNGzXONbJz_HzIrjmlelPrPy9Fl4G4ASdoTZZuOpwszadZqTBqZcjGsPCBwCJo_TssLnE9QMOwrutJD2dUJsc4CrEn-qIRZ4_kK9G_sp9OmLw6EbrZiOeqE2XE0en1bZ23E3-YQdZrSpQQguPnrQdj2SM793K2nlJORpA-ZtVi2-9_IPLY-0y0ezdA7QQGRCESSh8lkZM_aGwRo5H7kJdWCD-T3ul0n7TairHixEGp1jbgvrYp8xVgatq7JWMLwecrBkIqjDgu8yJJ0mMymE-_uUGczn40enVVikZ_QkhI45tuSoczwTr_2ciH8924qbFkfipd0-9AzZLJFDow8FHdFMMQIKPzEo6zsu6j5LQa6yZbU-2FGL4R4IdLlZ1ODhUUnQ3wjFU8CdYxo322qmriqjxRLpHWEky9_oQ3GLLoThBNv-YL2vbGPGeEaJKspF9qKlcGbyAvNEl4BS784DvRPi_PuztPrFqAcG2gq_Tc7j7Ey1q6iFS-dqUbVqpAE5x8hHoRxIaOpgpN2GcDkC8UU3CinvdXGx4buXIesH8qD7BEaU52J7NRXexgfBk2gZsMn4TGy8Sj9NLyFPMD0K2vnQtC_4m_Pa43FBIjPQGSxnT3Y3ysyFQQPc55pydpCQnvReBLZTgCODU7vYvjttXCg-Mcef5jLtDyBwrd3D-MlMmb0wHZY1-j5dxkQQ7yz3asOgbaR8tLlbvq9M_yoVyvlgdQXgcbNdSQPlVlzdYjCbtMl0BlLmLYNPssNKUfTh2TLEbjmZd9mfI1xVRUocHe7eyAdSMLLZQDDDkjR5iylwLdnKTYawjEmW4R6lT8ZyN8iJ-1zWws4nwkWIqoJOGs5270kf7wbqt_xUHwIOMyLHAnvLUWsz62iU-xG854gYGFJ913szRohdB3auGPcbcilazLaW9LXKWIt62vGYcuA1-xT2P6Hj_yyHTSpNvEHDOAKzD29JDRDhXSEiKGAI5evD5c2R9J_mnz3cUlXv1kgOg3nQT4ngR2qa2pWZ4mpSr5V4Q_LR4jYOan11PojY2tyjfhCtQQ5M-DdtO0PE_7HevQXUvFSapISgXIFxhCOBpWdCrdhY7aWcm8_uiNYcnEhU1oCj2XGYPuTsIbN1BK36ZBFoHgoZeCMTNGqOjSIgOrKg8c9BxY5FpH8wRiYH8fCblB19jxIYhdHdy3Qv611pNeHAX0CSvG4_ZpWeODfynPRM8elQojhfDCquE9x7qXXL-RtqkXPB0IEJSV1ielAL7xxI94TDEkMq1jy5RqFjjzjbUFBvuN0lEtQl1UNleUSv4aDm2E6ngKvL-s2jmBY1OQmRUYo9HvqSszXah9cv-TE0E7c1o6nVPc0X3q3i2-3fWrlic0q9ye9tsyCzq3se9c4UHpvE8jpoI2cXVSJ71VkWKXkRZUSiIXi33vE8OkGg22Ggd1AK5xF-vv6uMMFYUVVhEDIkWztFwMAnZbgZntkoAZ0NAzx13M5ris-0uhxzDzQIuxKIiyt8C2eXoB39gKDcVODYYls1vkv8N-KeO-EES1bu8C4KCSpvMoejGSrwmt2IUfDrS1wWPl1yaVpnn9lpGLPXBUtsUjIyWEQkr6-bMbmr2M1YgHwpHGGpS70fQ7SddcnPgWGsQIZ2E8M6Jv6xvmqDCKCeoMsczcuv52th2LwoWBm_1VY_U51QrWfRRWN7RRX&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=12986283969283768000&adk=1877897943&idt=132&cac=0&dtd=15 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 21875625a49a262e121530bea2718f23e56f44e3e27ff613c529ff6d9f36cf94 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 38289 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 97F2	0 20 B	173ms 126ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5648764780283&version=m202309260101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 97F2	0 20 B	174ms 126ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5648764780283&version=m202309260101&ct=119&x=1&cor=6561358273335519000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 97F2	89 KB 37 KB	153ms 91ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYKSFAeZ2_A-FOSTYggpm4Usx32FQzpcH2SOuI-Nlz_vRVLCohdrEToZy1MXo7PslUaCCuKZ8U0li0dTaCQvbRdH1Ebi0hTarsFOO3jhdTHjmoqM_JEfJDUZZYL6VI7wQP-YqTJ9vjKh8fD4g83AjXpJdB6T0lVhWFTxGuXlyH-U-4Lsc&cry=1&dbm_d=AKAmf-Cv-VS2PgOtI5b8NB7bkBc9a2uolIybl9i0IfbOp1Ci43StkkyibpbOVhpejd91plyUAjZNLys3MJlJtwGvDsUjqqArtaiJQvWdc3Ab6emIbAnKsWXIqQC2qqqqEN0QnMppw5bBIGMNgWUw_VJJHFC83yU66NVsNyGSj7Z9Edo2E_svpfd8qsZyYySMkWlKXVmN0jSEZou6kx3C64SRirAplzthWrQuw9IcZlGoGaay98TX3r3_4PbtfhTmxasa9TeeQO7b2gMNRFI_OX9ord_XFzmFMuh_YhmN7-D1XFOLQbDMb_SyCXzIouSG5_xgmGwqN-ks80XkwvhVRXHdPTINeFDajxKaBwBO3ZkwSUmZ2MzVkN39M25fwXSqiuSWzkFd_o8Ql_CKioj7WHPqn214FnOr6QgUQAAQ4nBsWIuVF6jVfH4rr-sqBbEWvRMti1coR8kY48wgOfXLpdmKo_wj1rpfLS6gdoPPoUwRXoaGAjTzknAjOktHbCu_WEsVhr_hT0hTMh04p2ROCYNfulTx7EI6ZzsbezPK4jCBMg5Urd51dJYzVwykb2WrU-QlYXstjBF7ivTGq4v3pCi7SIJHbxqbrRFfggAwt_1UlVquDZlzB5wle2JCkVv3yYleuj4vWwpVESIFGoBYqlaFRElR1uP4jHdizV9t5UVuVKkfFTAaay-x-OPsFUcPU0Xi8u3kON2Prf7p3QIwYvhxGk-sd_zl9pwVjT-Y2PKg9pCtbMsEIbX8GbsNyHcqiWlQU3SujMhTJte5mGe7uRAisiZ_GzlgfoZ-AUM8tAZdoDGgWlzTxQOALSUpQRD4OcpW0J0EgYImMHxrpFnpDfLGXDoyZ88WAnmUhksA1Z4jisNNNI7k-qqOfpS71fFiHxF6ZzR8L8-Nm4iXioRaBT-MzvviJjrGtTrLA3iZf1iBjTl1F9XBhF4XmSMPV2RczxcC0E37AfujohDmsUp9wYvzd_5FtAWsk0lyAeLR_8_BTZbKfanfrNF4KdAkz8gz08H5KB5IkpnRxTLh6R994Epd6wtmdpxZSg7J3x4r5-V5I0hvBtNfPFeFmjI2lKNxy-ZMuILpCtnhhzHVP40Dlh7r8qnVrS_RqZw3E13w_Ee6F7mkeFCzf6fuqFIGMuroz5-l-TbcoSR3A_kHHdVuO-EYzgGVnZ225uOnFYCXiVEoi1Ja-P4Mw5UChqnpLcaZqxC6ORnG2df6iWZla-JqioUZ_3-0v89ZjpT7LDxhAKqSc3SnCVKD3jmZVB8YqHxDdtcLlDxiSubFxmZdHAx2h-ADSZQ-R54hC23FTIQvp_7wWzK0tfBdIYiivlnzVskjEjb3viH0_FE6gOp_ArGHemriAPfSkOxWeHHFzIXsQHSwopgqESOSEw_93OW-_r3jbdPkLd7PohrodYFKsEaFc681GbYHsc5g5Yo9iM8pTz5sRahDslgd827mBFopk51TK6xf87pEKh2kYydq66lFgyUIE15Zz-6ulXoYDNoy_KgJKm6lwsRR1yjQU9HcaHZAig0oSQIwOyNzJZUfV4nRLo83DlDmNTN9voSzS1RXHq7In44MjPNkl8_MhMPQ-5K-ivGn84Q9NHv53Lsf6kLGVUVvCN_XHqQoofT4oyAlCIB-si_UB8WRhO4cicG0nzgjbFjlyGR4h8jQ9iB5bLzc-0XjXK8PP1WNyMd6l7go3O0aQ4IkpqfdgqKnxRKs8b0i6fFFmsFJpFhHkDmdQALCpwP0gM11miG4wWE9DMu7fQhP9iDh76Gh-xYuJpQudGxfAxDIJ9RNDOyRzpgSldohhrWMNXRd1yF07O8w_cL7Iz-WfoQEr3CvuHycRTh8vb6HvegtNJrv0B0EqNjVGDqI1if6FAVloD6ptN_ZZPQsM-LZdmFYID7iEgKCpV54_13KAvUYyc2UpRB4URlvCbWC0iBolrLnzV63R-9p6KT_yIQu8Byh9x_EPD6fm8p4yJQzm4IOEDlH7z7chC8CvZbTaC6IbQMzYhhu1E7j9XnkW6IPz39kx1QdCXI3k8knrEkETWEgyO7arNpOjIOPU6TTRf24oKryi5cc2Ptvy4_jHGutSE_4OHZ5dhKAbmkE5-_iGGV9UX2lfdPxP0Ogs4H7USC22St_KBMOye5qwGidv0KdOWREbWQjMXTcgu7r7whb2zK4IbhwcHRaG0fg6kxetcUgwUUX2sTODRR3Sm7iBqzUJUnSP-7IAii7Kgjd8zXN6EaStNK6ucB4Wo7HkA7xVdNAvwmzpgBGMAD4jDaMtiE5PfLaYIL9fkVnPyZPfdY9BdnbSlyS0M55olC6h6wPLt8QAZH9LDFvD28BfL81SQ8gtv4qWMzvTFo_go97T1nmCTpr5seZkhx47pSBpX9FDmCPH6Oqc8Oin7TM-5-gQ5GZn-FG9m4v2hEQd6glqbmD6wT8mr8bAl_qXfnfiwEdozobk75EfUjcOZ_90Wd-3bTWXwyXevX_KTzMY9JnZisZWVExoGMaDWrC4n6Tso5DstaTA7mYbhni0lJ7veQm7DQbHDhm6gnY72Vblx95BYLfWxeLbsE5scaVZfzs1VkvV5MmAOhAZWa46TwAXhmeOuLbXyxkKwUqyvto5Ao5kLeSXw2U01Q8b2tsPkfvtIjJ41c002vjbtV_mj4jRouTFxS0nJpqaX3LWBnUWmlxC5HJNh_DgsjA9GO2rQ-qsfPpvPUOgMs2smmntR42jmyPW4OU67O9Nj_UtqC9kmf2PoRPUHQO3MkABIWeW2jCvtmsX5Ms7nu09w4fVBYYsDUhky8-kkHwZa-7HbxWm_nXozP-VE9G3ODVwmoqArF1aat63RKAG6QAUAFC9Nb_a7jvPvF82kr8EF01tdcAaUCXsmZTFNtg8QoTiGHRlr6ulKGwXSfTLPxMiaUH5l8sm8uyEyrba8DkVQp5WqgHc14iDvnyA4dcEkCdW6rgz58rcN2c6OzRw5Th_a2m_xmblHG7333oq6Jb8Wyio1uHX3GnXVZFQxRr7zcUYycgj0hhz6BLlFsb-UAMG88gAetxfz8IXyBbDpLNUMCoLBESWXiBZHpHUKXLmtxrtoKnGPiLyct5VXvHhz5RhwDcEQXB7T-uKLr1EZAkP5KJtCZePAecedfiJ2J9wjH3Nro0c0nweceadbLlgYDlYu0CQOIxcK7U8m-OUyDWzU_8xe4Q9OmQ074GIpqVOZgffj2YvtGWhWTOEDKY4FMbE_-s5qs1X4miid30zlokLnizy7NA-XTHcnZGnBx_i86A5VBx0SPM4YPmwGPw3mFfjdAFkrVREfbG6FW33tQR1Rk92J8ZmfhHv_BojRRrNEvPAMZvvzsfLfw_FkyMqd_NfbJ6OxvXfxcdTHe_cK_o12hnHuDHQfY1FFTE9w9YEVDUb5rwhrZxPmj9_D1bvHpow4Gy4JqgHf6yRIKyKBjKmudHIG9gwf0tD5W86-avNU6OvQtwOHalDsKWJnjSPc2nGtwTDNtti0fyTGnGPkJpoDVkBK_gQ6FcByZMKS1DDGsoK4EgDkZhssY_gstiCWhKqXXx4tuM2cvJTBsDFVhMcCJu889_J5tcu9CDancb2hJRT9FH0DVi0R7aLPuN9I8_mMmunjIwqv2JJlULxQjB9eZFYNlYKbc_F6OmFdI-BcKPiHQ279cpKLj-cINtf8mt79ZsR8NnOVVuVNNE66f340qrZ94J5EPK7pEPFWAz6rJ1L43No7P1MvyFx-oDW-aN9G8rYDaTV780JABc-dGWhNsB8l9sCYsXvJVi19Dpi3K6lzaW89Vext_Zv7kEn6-eJUHK4AOUutr2wgqy0_aTbBWlBnFCTcQtJSdm8tpux9DS5M9I7gJfwuBn1YnBCahHvaPuB_-ty5avVzRgwTpunWibtOwbbtTvC8uIE7eE7kPhXP7i&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=6561358273335519000&adk=929882891&idt=233&cac=0&dtd=8 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e40266962f3192f2e376f05bcf3952ae204b6a5580394ba0efb4282e759fc231 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 38169 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 5F67	0 20 B	160ms 137ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1671860659080&version=m202309260101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 5F67	0 20 B	159ms 137ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1671860659080&version=m202309260101&ct=76&x=1&cor=9540628744081418000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 5F67	80 KB 37 KB	84ms 57ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 68a1d120757327deb3de6f84799573002a61419350ad6e2a5ba9d768f7ae17ec Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37664 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	express_html_inpage_rendering_lib_200_278.js Show response s0.2mdn.net/879366/ Frame C4A7	111 KB 39 KB	209ms 27ms	Script text/javascript	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Origin https://googleads.g.doubleclick.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 07:03:24 GMT content-encoding gzip x-content-type-options nosniff age 22018 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39806 x-xss-protection 0 last-modified Tue, 14 Mar 2023 18:44:05 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 04 Oct 2023 07:03:24 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame C4A7	11 KB 4 KB	22ms 21ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AePEosVSrGwXGqyl5Z2MBkZ9FqVQwCQfl2lDKmjAW2eaQWr-kDIGZutQCEqwFLR0O6cgZ8FKlFQVfU_UeKw-rVuTSMEblQBugRNAI61eS5A0J1NaIJRKkFXAp0SAno77ceIU__dFxiJWYAJSdYvUkl1p_N3CJyLCNN_viN2x4Lz2EQ2xc&cry=1&dbm_d=AKAmf-BjHtysYzq0TeWfRgzxoKw1F2GfjOQxg41bL_5rbmMWaShWODGFEXvlF8srUBjD-1gZhkRFmPQEwTid97UioYIUi3GgGYCWL4v1urRa-prXNhKslWA-3hIE7dDdvj2hvzwVVxYrTjAEwFnQCW44xyz9RW1DS6DjawYDZTwvc7tUdijHtODmQDlBc34cFsf8h7Ghpes2t8fA4ef6hLOnw9WKQR-WbNU69sOWnjZZSCBIryMhuGy-aWi-fkoTXUreRB81hNjv_4333vTypTCWkAW_myb4nJAX5F3FOFPKgfi0MdAaSL6Sr19twrbcEnVVVYzRFvrkynMDdyR7nnFf9mYsm8cgr-C7LzIN7TbT5O7DvVgf-gwaLqr4xBxyu-HaaTa28bprKdOvcToTYLOx5HLiIXTJEbwmd4Ox5YTgmCowJAIlN-1kbwlLL4ZTwrwoS6sANLD5YLz5vKARxdatiZCVoZbZrVAYDf7GhOqHwrf72AvutYQORA0qNzgJeGQ0brBDcXp62McWTFsJy7nXCZU9d66voZivKYrtHo2IYIRkqT3y2oNnUFFkc7nbpFSc_eArFY01Qd61XnwzPMXG9WPtVv-rxBbDrPxZLDITMuBrv4G8Bg4XxUVJktM48t3yEr2-MoV2Bw1IVmH1Fm5DoAS34ibJDbcEnN5jSszq6LjEXDaM21Q_jek1Vt1_x1QiaEplLq3Y1mtCc71MfS2TJ1y7Sopi7btybG0K2MJLPSgdj6THgGNHgWb2hJ2rfDhzQk39Q1rivjp4TjObnxUy9ETD82xr_nLxWenzRWHkmvr8R44uGBepWoRFlkPXQVfXnB_Q8un_Qf9mzgatXS-y7rdZ-f5MDGK9bN5FVtpkn1BIw0eu7AcWCzpluMAs3Ip6Q-EMn5LpVhnSK7UQz4PbVmz_SYYEy_sqME-J-SCSq4dSOw7y13DrtZODpKrUKtIJT6AsvBTNW8KhiJkQToGhBjq9WscwBczVVORg2pNlcESQRL1ED8e7fbphIyIP9i6D6ZfNVhVz_u3tIumVQS8ekkRu5zY7Rf5ArpjporESH3YzbRXyepEfy2JueogF_BFyTbiN8zcQFMCMAatILdsSOllXlm8y7oS42S71-AQLtddp0Pp6YGRVubPTXGFHA46UadUa2k5_rJJ6Ynd4yYoY8XEHbVyKscPz_hapq0LtaWiCB1vprBbr4FkWjtyF4mL_NCyby8LiQg-NUA5uNpCzVAJ_7WiDj0myNHk0V6uPyJgtqhBI6XALqfK0XsNNjTV9kKfsUCe4J7ZYVBf5rYPMxtG3ntI-EUV2XdcRbygZSERYLIb54G8p3tg27lysLaiwmWNScttbGDkTjSJHlcpsGUzgVCXvcbYFz-SuueV-zA4Ao5KerqzBm3LJ7l20BrBRU6gbUCjpF7ELwCrLe7k65rHAX2fdaS0kvHRYP85ezqYWQLpq_qxrOo5DnIFVBQsSSlhWMpCHDA_KY7mZh13-W-Uy2Cnadl0RAkADpUYpkQnRVaOt0gGNoJbd6gcO3V7RsZH86W96fdMmUEZTUs_BS3uBCuDkY44FKhvpTyPXCgBANIVdioih2UzWsKDn999rJoi2eay-oiKfBco3E_HlxopAjDDMdf62P6OwXIHs1e8G6VDckteVoUwnxCCBJf7Zo7xnnxxIbPe6ndDJpYHXrKIOkU5g0qeTi8AM1YdpSINlnuqmqlQWogNG5eSIHZ1x1CHTh2Ag7ved24ffuWeOPAs-bwI0HDU9m3pUPXMmxj9tGIlG33TLWtGvTOeDP2JmwDrOgR_4GgH59V5oBZAzV4xQuVp8Kd2L-NRhFsbtjUrF9W9S4n66Hx2T7sFptGfWp_wgRpJCzv8zNJqJC14woU3FsaF04wqGeCIb4wKF-TGyesAQxxlMN1CtLi35caoSu9RYbVCkn0HwOG6qklauS2jznvzJ0zaUuuUPs8eMJrSLnHXKVfNIOjvwhNJGy8kMoOuEIAhYFRS9oZjyl7k-BMpYkuaZY-Mv8DevYjck6aYh6SnsPEvu7MeiEVhpabD3MehVOhp9Cp-hg3xjXTcHQUPtQG-B2gdxepAIT6TkoGbzN6lLdQ2SgxhhDS10cg6eu9hd0d24ErKH9zVAmh9vZb-mfVYum_MhrnUG_1C98WCThYIwZ7LMoqXu50MFRnnxGA9tZUQi0OICh3TlqObF3tvsVT1hhs_6Q5s4MyA0SuNGzXONbJz_HzIrjmlelPrPy9Fl4G4ASdoTZZuOpwszadZqTBqZcjGsPCBwCJo_TssLnE9QMOwrutJD2dUJsc4CrEn-qIRZ4_kK9G_sp9OmLw6EbrZiOeqE2XE0en1bZ23E3-YQdZrSpQQguPnrQdj2SM793K2nlJORpA-ZtVi2-9_IPLY-0y0ezdA7QQGRCESSh8lkZM_aGwRo5H7kJdWCD-T3ul0n7TairHixEGp1jbgvrYp8xVgatq7JWMLwecrBkIqjDgu8yJJ0mMymE-_uUGczn40enVVikZ_QkhI45tuSoczwTr_2ciH8924qbFkfipd0-9AzZLJFDow8FHdFMMQIKPzEo6zsu6j5LQa6yZbU-2FGL4R4IdLlZ1ODhUUnQ3wjFU8CdYxo322qmriqjxRLpHWEky9_oQ3GLLoThBNv-YL2vbGPGeEaJKspF9qKlcGbyAvNEl4BS784DvRPi_PuztPrFqAcG2gq_Tc7j7Ey1q6iFS-dqUbVqpAE5x8hHoRxIaOpgpN2GcDkC8UU3CinvdXGx4buXIesH8qD7BEaU52J7NRXexgfBk2gZsMn4TGy8Sj9NLyFPMD0K2vnQtC_4m_Pa43FBIjPQGSxnT3Y3ysyFQQPc55pydpCQnvReBLZTgCODU7vYvjttXCg-Mcef5jLtDyBwrd3D-MlMmb0wHZY1-j5dxkQQ7yz3asOgbaR8tLlbvq9M_yoVyvlgdQXgcbNdSQPlVlzdYjCbtMl0BlLmLYNPssNKUfTh2TLEbjmZd9mfI1xVRUocHe7eyAdSMLLZQDDDkjR5iylwLdnKTYawjEmW4R6lT8ZyN8iJ-1zWws4nwkWIqoJOGs5270kf7wbqt_xUHwIOMyLHAnvLUWsz62iU-xG854gYGFJ913szRohdB3auGPcbcilazLaW9LXKWIt62vGYcuA1-xT2P6Hj_yyHTSpNvEHDOAKzD29JDRDhXSEiKGAI5evD5c2R9J_mnz3cUlXv1kgOg3nQT4ngR2qa2pWZ4mpSr5V4Q_LR4jYOan11PojY2tyjfhCtQQ5M-DdtO0PE_7HevQXUvFSapISgXIFxhCOBpWdCrdhY7aWcm8_uiNYcnEhU1oCj2XGYPuTsIbN1BK36ZBFoHgoZeCMTNGqOjSIgOrKg8c9BxY5FpH8wRiYH8fCblB19jxIYhdHdy3Qv611pNeHAX0CSvG4_ZpWeODfynPRM8elQojhfDCquE9x7qXXL-RtqkXPB0IEJSV1ielAL7xxI94TDEkMq1jy5RqFjjzjbUFBvuN0lEtQl1UNleUSv4aDm2E6ngKvL-s2jmBY1OQmRUYo9HvqSszXah9cv-TE0E7c1o6nVPc0X3q3i2-3fWrlic0q9ye9tsyCzq3se9c4UHpvE8jpoI2cXVSJ71VkWKXkRZUSiIXi33vE8OkGg22Ggd1AK5xF-vv6uMMFYUVVhEDIkWztFwMAnZbgZntkoAZ0NAzx13M5ris-0uhxzDzQIuxKIiyt8C2eXoB39gKDcVODYYls1vkv8N-KeO-EES1bu8C4KCSpvMoejGSrwmt2IUfDrS1wWPl1yaVpnn9lpGLPXBUtsUjIyWEQkr6-bMbmr2M1YgHwpHGGpS70fQ7SddcnPgWGsQIZ2E8M6Jv6xvmqDCKCeoMsczcuv52th2LwoWBm_1VY_U51QrWfRRWN7RRX&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=12986283969283768000&adk=1877897943&idt=132&cac=0&dtd=15 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:43:30 GMT content-encoding br x-content-type-options nosniff age 70012 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4206 x-xss-protection 0 server cafe etag 17947678125179771625 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:43:30 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame C4A7	30 KB 11 KB	24ms 24ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AePEosVSrGwXGqyl5Z2MBkZ9FqVQwCQfl2lDKmjAW2eaQWr-kDIGZutQCEqwFLR0O6cgZ8FKlFQVfU_UeKw-rVuTSMEblQBugRNAI61eS5A0J1NaIJRKkFXAp0SAno77ceIU__dFxiJWYAJSdYvUkl1p_N3CJyLCNN_viN2x4Lz2EQ2xc&cry=1&dbm_d=AKAmf-BjHtysYzq0TeWfRgzxoKw1F2GfjOQxg41bL_5rbmMWaShWODGFEXvlF8srUBjD-1gZhkRFmPQEwTid97UioYIUi3GgGYCWL4v1urRa-prXNhKslWA-3hIE7dDdvj2hvzwVVxYrTjAEwFnQCW44xyz9RW1DS6DjawYDZTwvc7tUdijHtODmQDlBc34cFsf8h7Ghpes2t8fA4ef6hLOnw9WKQR-WbNU69sOWnjZZSCBIryMhuGy-aWi-fkoTXUreRB81hNjv_4333vTypTCWkAW_myb4nJAX5F3FOFPKgfi0MdAaSL6Sr19twrbcEnVVVYzRFvrkynMDdyR7nnFf9mYsm8cgr-C7LzIN7TbT5O7DvVgf-gwaLqr4xBxyu-HaaTa28bprKdOvcToTYLOx5HLiIXTJEbwmd4Ox5YTgmCowJAIlN-1kbwlLL4ZTwrwoS6sANLD5YLz5vKARxdatiZCVoZbZrVAYDf7GhOqHwrf72AvutYQORA0qNzgJeGQ0brBDcXp62McWTFsJy7nXCZU9d66voZivKYrtHo2IYIRkqT3y2oNnUFFkc7nbpFSc_eArFY01Qd61XnwzPMXG9WPtVv-rxBbDrPxZLDITMuBrv4G8Bg4XxUVJktM48t3yEr2-MoV2Bw1IVmH1Fm5DoAS34ibJDbcEnN5jSszq6LjEXDaM21Q_jek1Vt1_x1QiaEplLq3Y1mtCc71MfS2TJ1y7Sopi7btybG0K2MJLPSgdj6THgGNHgWb2hJ2rfDhzQk39Q1rivjp4TjObnxUy9ETD82xr_nLxWenzRWHkmvr8R44uGBepWoRFlkPXQVfXnB_Q8un_Qf9mzgatXS-y7rdZ-f5MDGK9bN5FVtpkn1BIw0eu7AcWCzpluMAs3Ip6Q-EMn5LpVhnSK7UQz4PbVmz_SYYEy_sqME-J-SCSq4dSOw7y13DrtZODpKrUKtIJT6AsvBTNW8KhiJkQToGhBjq9WscwBczVVORg2pNlcESQRL1ED8e7fbphIyIP9i6D6ZfNVhVz_u3tIumVQS8ekkRu5zY7Rf5ArpjporESH3YzbRXyepEfy2JueogF_BFyTbiN8zcQFMCMAatILdsSOllXlm8y7oS42S71-AQLtddp0Pp6YGRVubPTXGFHA46UadUa2k5_rJJ6Ynd4yYoY8XEHbVyKscPz_hapq0LtaWiCB1vprBbr4FkWjtyF4mL_NCyby8LiQg-NUA5uNpCzVAJ_7WiDj0myNHk0V6uPyJgtqhBI6XALqfK0XsNNjTV9kKfsUCe4J7ZYVBf5rYPMxtG3ntI-EUV2XdcRbygZSERYLIb54G8p3tg27lysLaiwmWNScttbGDkTjSJHlcpsGUzgVCXvcbYFz-SuueV-zA4Ao5KerqzBm3LJ7l20BrBRU6gbUCjpF7ELwCrLe7k65rHAX2fdaS0kvHRYP85ezqYWQLpq_qxrOo5DnIFVBQsSSlhWMpCHDA_KY7mZh13-W-Uy2Cnadl0RAkADpUYpkQnRVaOt0gGNoJbd6gcO3V7RsZH86W96fdMmUEZTUs_BS3uBCuDkY44FKhvpTyPXCgBANIVdioih2UzWsKDn999rJoi2eay-oiKfBco3E_HlxopAjDDMdf62P6OwXIHs1e8G6VDckteVoUwnxCCBJf7Zo7xnnxxIbPe6ndDJpYHXrKIOkU5g0qeTi8AM1YdpSINlnuqmqlQWogNG5eSIHZ1x1CHTh2Ag7ved24ffuWeOPAs-bwI0HDU9m3pUPXMmxj9tGIlG33TLWtGvTOeDP2JmwDrOgR_4GgH59V5oBZAzV4xQuVp8Kd2L-NRhFsbtjUrF9W9S4n66Hx2T7sFptGfWp_wgRpJCzv8zNJqJC14woU3FsaF04wqGeCIb4wKF-TGyesAQxxlMN1CtLi35caoSu9RYbVCkn0HwOG6qklauS2jznvzJ0zaUuuUPs8eMJrSLnHXKVfNIOjvwhNJGy8kMoOuEIAhYFRS9oZjyl7k-BMpYkuaZY-Mv8DevYjck6aYh6SnsPEvu7MeiEVhpabD3MehVOhp9Cp-hg3xjXTcHQUPtQG-B2gdxepAIT6TkoGbzN6lLdQ2SgxhhDS10cg6eu9hd0d24ErKH9zVAmh9vZb-mfVYum_MhrnUG_1C98WCThYIwZ7LMoqXu50MFRnnxGA9tZUQi0OICh3TlqObF3tvsVT1hhs_6Q5s4MyA0SuNGzXONbJz_HzIrjmlelPrPy9Fl4G4ASdoTZZuOpwszadZqTBqZcjGsPCBwCJo_TssLnE9QMOwrutJD2dUJsc4CrEn-qIRZ4_kK9G_sp9OmLw6EbrZiOeqE2XE0en1bZ23E3-YQdZrSpQQguPnrQdj2SM793K2nlJORpA-ZtVi2-9_IPLY-0y0ezdA7QQGRCESSh8lkZM_aGwRo5H7kJdWCD-T3ul0n7TairHixEGp1jbgvrYp8xVgatq7JWMLwecrBkIqjDgu8yJJ0mMymE-_uUGczn40enVVikZ_QkhI45tuSoczwTr_2ciH8924qbFkfipd0-9AzZLJFDow8FHdFMMQIKPzEo6zsu6j5LQa6yZbU-2FGL4R4IdLlZ1ODhUUnQ3wjFU8CdYxo322qmriqjxRLpHWEky9_oQ3GLLoThBNv-YL2vbGPGeEaJKspF9qKlcGbyAvNEl4BS784DvRPi_PuztPrFqAcG2gq_Tc7j7Ey1q6iFS-dqUbVqpAE5x8hHoRxIaOpgpN2GcDkC8UU3CinvdXGx4buXIesH8qD7BEaU52J7NRXexgfBk2gZsMn4TGy8Sj9NLyFPMD0K2vnQtC_4m_Pa43FBIjPQGSxnT3Y3ysyFQQPc55pydpCQnvReBLZTgCODU7vYvjttXCg-Mcef5jLtDyBwrd3D-MlMmb0wHZY1-j5dxkQQ7yz3asOgbaR8tLlbvq9M_yoVyvlgdQXgcbNdSQPlVlzdYjCbtMl0BlLmLYNPssNKUfTh2TLEbjmZd9mfI1xVRUocHe7eyAdSMLLZQDDDkjR5iylwLdnKTYawjEmW4R6lT8ZyN8iJ-1zWws4nwkWIqoJOGs5270kf7wbqt_xUHwIOMyLHAnvLUWsz62iU-xG854gYGFJ913szRohdB3auGPcbcilazLaW9LXKWIt62vGYcuA1-xT2P6Hj_yyHTSpNvEHDOAKzD29JDRDhXSEiKGAI5evD5c2R9J_mnz3cUlXv1kgOg3nQT4ngR2qa2pWZ4mpSr5V4Q_LR4jYOan11PojY2tyjfhCtQQ5M-DdtO0PE_7HevQXUvFSapISgXIFxhCOBpWdCrdhY7aWcm8_uiNYcnEhU1oCj2XGYPuTsIbN1BK36ZBFoHgoZeCMTNGqOjSIgOrKg8c9BxY5FpH8wRiYH8fCblB19jxIYhdHdy3Qv611pNeHAX0CSvG4_ZpWeODfynPRM8elQojhfDCquE9x7qXXL-RtqkXPB0IEJSV1ielAL7xxI94TDEkMq1jy5RqFjjzjbUFBvuN0lEtQl1UNleUSv4aDm2E6ngKvL-s2jmBY1OQmRUYo9HvqSszXah9cv-TE0E7c1o6nVPc0X3q3i2-3fWrlic0q9ye9tsyCzq3se9c4UHpvE8jpoI2cXVSJ71VkWKXkRZUSiIXi33vE8OkGg22Ggd1AK5xF-vv6uMMFYUVVhEDIkWztFwMAnZbgZntkoAZ0NAzx13M5ris-0uhxzDzQIuxKIiyt8C2eXoB39gKDcVODYYls1vkv8N-KeO-EES1bu8C4KCSpvMoejGSrwmt2IUfDrS1wWPl1yaVpnn9lpGLPXBUtsUjIyWEQkr6-bMbmr2M1YgHwpHGGpS70fQ7SddcnPgWGsQIZ2E8M6Jv6xvmqDCKCeoMsczcuv52th2LwoWBm_1VY_U51QrWfRRWN7RRX&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=12986283969283768000&adk=1877897943&idt=132&cac=0&dtd=15 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 20:13:33 GMT content-encoding br x-content-type-options nosniff age 61009 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11583 x-xss-protection 0 server cafe etag 13692823745828058245 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 20:13:33 GMT
GET H3	200	Q12zgMmT.js Show response tpc.googlesyndication.com/sodar/ Frame C4A7	41 KB 14 KB	24ms 22ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 27 Sep 2023 23:31:37 GMT content-encoding br x-content-type-options nosniff age 481125 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13937 x-xss-protection 0 last-modified Fri, 25 Aug 2023 23:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 26 Sep 2024 23:31:37 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 4393	0 20 B	127ms 126ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgoNCAEqCUxhbmRzY2FwZQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfcmVsZWFzZV9jYW5hcnkKLhohZGlzcGxheV9sZWFkX2Zvcm1fcXVlc3Rpb25fbnVtYmVyIQAAAAAAAAhAMAEKDRArIQAAAAAAAFFAMAESGkNLQ1ZrZWY1MllFREZhMmVfUWNkTU44R0V3Ih1sZWFkZ2VuL3Nub21faW1hZ2VfcmVzdHJpY3RlZCgs Requested by Host: www.gstatic.com URL: https://www.gstatic.com/mysidia/a262df46fe0a0cd38c190fa2e10da9d0.js?tag=pingback Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:22 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame 5F67	30 KB 11 KB	85ms 82ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 20:13:33 GMT content-encoding br x-content-type-options nosniff age 61009 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11583 x-xss-protection 0 server cafe etag 13692823745828058245 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 20:13:33 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame 5F67	11 KB 4 KB	86ms 83ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:43:30 GMT content-encoding br x-content-type-options nosniff age 70012 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4206 x-xss-protection 0 server cafe etag 17947678125179771625 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:43:30 GMT
GET H2	200	view googleads4.g.doubleclick.net/pcs/ Frame 5F67	0 0	180ms 76ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstthzyFtKchBLJgaNa45ZuOXH2q-q6nrqburuX5L2yvN2VfIkHWXiVYnd3MB7z7Lq6p5vlNdcvwyLs6WXDNk2D5Jq0zX6GcpJ8_gUOSHF7dIcB8nXWdwPd76_D6hTVBfV7Vlemm3xos2ZUO46TppY7cdyyJ3yo6HjYimL0hK4qCmQ330Mh9RDr4igbXFVBTrNd7h3o9HmE-15hVZH-RXYt6rv-0bojJSZ9nUK7DsI0PVQfia76-eM-4ggfjK8siLsEr5BhETgU5hj4kK8OTU4_dVii6BGQ41JE5LMA9bwnbO4-0pfGJ8kMd89WH6vnASipOyIyfCjXbHl7ScPJvqG8cUn1PTYNkRkj0QvZLHFV108PD0tJfVaxpnsI3cGVigx6Nd3h5PbsvvGFeVs2uyt5JE8Q3kJvuUJYCICus7jF78daZUvaeJvctLCG2YdQkR6FRxjEsLc3Pr6hqW--lLbf84whEpN9R9EWIo_exTwJqyWsyXfePNiACZDj0axlw7RxtTPGO-V-Fp1W7aN-P7OcMwLV7mQzJZB5zJlQEscjQDnv47edyeWWXezZPxhCMSCCjeVh3r2ytthjHuBtomTL1OC5pSFrHCSxKdPlsb3crVcl6dHir3yh1_hxOSCHSMkSNAu_ORQSt2UTLSk_oG0tqCeRJi6Dal1n4kI3gerJBhGxq33XcsoHrSS_x8-W5lm0IQcbU7cvl5tFTZHjQa_q1jEI0XA-gaaYbi03sp-yVK2-Kc81JSzFcUXk4Agp9EbACl1gsHfiYP2tw1po8eqU49LiLdtwx1GWItj49Fmy5YIR9JQbUDMpkS3eh1-G0pI9MG7L0NhBQfp_YbgIP5Dp3USGjXTJfJDZPZH2WlgsJ3WLZuwsbpqJzFcceXW0cGQ0VDXkhGG1hBE6V0wd6jKRv6J0MQwzRsJCQLzJZuuN--ExYdNOi8yx_79cNPmC2clxWVKAdZR1L9cL7zZe_CdF9TbWoCx4wdqFyX5drTzcb_5BzSG5pai0P6Dq0oMB-eQTHwezL59HrXlVG1fuH8DwO-XasvteTYKXTjmV7Vw_LBcf8RS6nexfbEaThHsIv0XS_ea6M04QnrOoeyonFv5jYv8TwunK4f7hLPKbyyC87ETer7w0c9TARj1Wxe_mIc2C9yh4gtNGGlRK3QCY19GowLXQ7rQC4bfpfRbGIpX0akMwip5NdEwwRBzkjlVi3x2Mw-abHyiapNdHfL_rCn77wJUHLkM5UfF_oFwvpCDM3tghWF79l7R_52ZhHr3-8Ak55A3hxJJqw2vek5bJWzs706MfdcZNhNSt5Fl4AU67zCejWmuIor0buKeW0AyrtqtvHcxM&sai=AMfl-YRsZmAr-AzXAIqxCM6O5KXRhR0YcVRATaCEUMgembvGOpWBK2vC6tElxCl2HIxQ9tH8F6yYmYpdreE0JamU4E5s36P7m1iq9E3f2ZPcx0VzPg0OyORAScv1nHxtVZknWXPu7s5d02DSSJiYBRj1fxsyXk36nd1XvkEmr23KRq7bV1NkMMiIRHViJLMt-vyDyalh9CbfpNcI6qm5g9Qqxxr5HbUMDCNf0BY9JsVsQmjLk_BQjQY85aUElJU8pbRSU7AmkR2dNa3TDfQWzQEAbHHAy0v4V3HkJeNl&sig=Cg0ArKJSzPJyVw5ZcrmXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230928.56315&arae=0&ftch=1&adurl= Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers content-security-policy script-src 'none'; object-src 'none' date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * content-type image/gif cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 5F67	41 KB 13 KB	84ms 82ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Fri, 29 Sep 2023 06:58:24 GMT content-encoding br x-content-type-options nosniff age 367918 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13692 x-xss-protection 0 last-modified Sun, 25 Jun 2023 02:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 28 Sep 2024 06:58:24 GMT
GET H2	200	7799346922025873438 s0.2mdn.net/simgad/ Frame 5F67	50 KB 50 KB	129ms 27ms	Image image/gif	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/simgad/7799346922025873438 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash d2223270699601f5584ca0a9bf1da305586405081a2592fe89d611927c0f1c22 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 13:40:26 GMT x-content-type-options nosniff age 84596 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 50725 x-xss-protection 0 last-modified Fri, 08 Sep 2023 11:21:03 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/gif access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 13:40:26 GMT
GET H2	200	express_html_inpage_rendering_lib_200_278.js Show response s0.2mdn.net/879366/ Frame 97F2	111 KB 39 KB	142ms 45ms	Script text/javascript	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Origin https://googleads.g.doubleclick.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 07:03:24 GMT content-encoding gzip x-content-type-options nosniff age 22018 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39806 x-xss-protection 0 last-modified Tue, 14 Mar 2023 18:44:05 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 04 Oct 2023 07:03:24 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame 97F2	11 KB 4 KB	83ms 82ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYKSFAeZ2_A-FOSTYggpm4Usx32FQzpcH2SOuI-Nlz_vRVLCohdrEToZy1MXo7PslUaCCuKZ8U0li0dTaCQvbRdH1Ebi0hTarsFOO3jhdTHjmoqM_JEfJDUZZYL6VI7wQP-YqTJ9vjKh8fD4g83AjXpJdB6T0lVhWFTxGuXlyH-U-4Lsc&cry=1&dbm_d=AKAmf-Cv-VS2PgOtI5b8NB7bkBc9a2uolIybl9i0IfbOp1Ci43StkkyibpbOVhpejd91plyUAjZNLys3MJlJtwGvDsUjqqArtaiJQvWdc3Ab6emIbAnKsWXIqQC2qqqqEN0QnMppw5bBIGMNgWUw_VJJHFC83yU66NVsNyGSj7Z9Edo2E_svpfd8qsZyYySMkWlKXVmN0jSEZou6kx3C64SRirAplzthWrQuw9IcZlGoGaay98TX3r3_4PbtfhTmxasa9TeeQO7b2gMNRFI_OX9ord_XFzmFMuh_YhmN7-D1XFOLQbDMb_SyCXzIouSG5_xgmGwqN-ks80XkwvhVRXHdPTINeFDajxKaBwBO3ZkwSUmZ2MzVkN39M25fwXSqiuSWzkFd_o8Ql_CKioj7WHPqn214FnOr6QgUQAAQ4nBsWIuVF6jVfH4rr-sqBbEWvRMti1coR8kY48wgOfXLpdmKo_wj1rpfLS6gdoPPoUwRXoaGAjTzknAjOktHbCu_WEsVhr_hT0hTMh04p2ROCYNfulTx7EI6ZzsbezPK4jCBMg5Urd51dJYzVwykb2WrU-QlYXstjBF7ivTGq4v3pCi7SIJHbxqbrRFfggAwt_1UlVquDZlzB5wle2JCkVv3yYleuj4vWwpVESIFGoBYqlaFRElR1uP4jHdizV9t5UVuVKkfFTAaay-x-OPsFUcPU0Xi8u3kON2Prf7p3QIwYvhxGk-sd_zl9pwVjT-Y2PKg9pCtbMsEIbX8GbsNyHcqiWlQU3SujMhTJte5mGe7uRAisiZ_GzlgfoZ-AUM8tAZdoDGgWlzTxQOALSUpQRD4OcpW0J0EgYImMHxrpFnpDfLGXDoyZ88WAnmUhksA1Z4jisNNNI7k-qqOfpS71fFiHxF6ZzR8L8-Nm4iXioRaBT-MzvviJjrGtTrLA3iZf1iBjTl1F9XBhF4XmSMPV2RczxcC0E37AfujohDmsUp9wYvzd_5FtAWsk0lyAeLR_8_BTZbKfanfrNF4KdAkz8gz08H5KB5IkpnRxTLh6R994Epd6wtmdpxZSg7J3x4r5-V5I0hvBtNfPFeFmjI2lKNxy-ZMuILpCtnhhzHVP40Dlh7r8qnVrS_RqZw3E13w_Ee6F7mkeFCzf6fuqFIGMuroz5-l-TbcoSR3A_kHHdVuO-EYzgGVnZ225uOnFYCXiVEoi1Ja-P4Mw5UChqnpLcaZqxC6ORnG2df6iWZla-JqioUZ_3-0v89ZjpT7LDxhAKqSc3SnCVKD3jmZVB8YqHxDdtcLlDxiSubFxmZdHAx2h-ADSZQ-R54hC23FTIQvp_7wWzK0tfBdIYiivlnzVskjEjb3viH0_FE6gOp_ArGHemriAPfSkOxWeHHFzIXsQHSwopgqESOSEw_93OW-_r3jbdPkLd7PohrodYFKsEaFc681GbYHsc5g5Yo9iM8pTz5sRahDslgd827mBFopk51TK6xf87pEKh2kYydq66lFgyUIE15Zz-6ulXoYDNoy_KgJKm6lwsRR1yjQU9HcaHZAig0oSQIwOyNzJZUfV4nRLo83DlDmNTN9voSzS1RXHq7In44MjPNkl8_MhMPQ-5K-ivGn84Q9NHv53Lsf6kLGVUVvCN_XHqQoofT4oyAlCIB-si_UB8WRhO4cicG0nzgjbFjlyGR4h8jQ9iB5bLzc-0XjXK8PP1WNyMd6l7go3O0aQ4IkpqfdgqKnxRKs8b0i6fFFmsFJpFhHkDmdQALCpwP0gM11miG4wWE9DMu7fQhP9iDh76Gh-xYuJpQudGxfAxDIJ9RNDOyRzpgSldohhrWMNXRd1yF07O8w_cL7Iz-WfoQEr3CvuHycRTh8vb6HvegtNJrv0B0EqNjVGDqI1if6FAVloD6ptN_ZZPQsM-LZdmFYID7iEgKCpV54_13KAvUYyc2UpRB4URlvCbWC0iBolrLnzV63R-9p6KT_yIQu8Byh9x_EPD6fm8p4yJQzm4IOEDlH7z7chC8CvZbTaC6IbQMzYhhu1E7j9XnkW6IPz39kx1QdCXI3k8knrEkETWEgyO7arNpOjIOPU6TTRf24oKryi5cc2Ptvy4_jHGutSE_4OHZ5dhKAbmkE5-_iGGV9UX2lfdPxP0Ogs4H7USC22St_KBMOye5qwGidv0KdOWREbWQjMXTcgu7r7whb2zK4IbhwcHRaG0fg6kxetcUgwUUX2sTODRR3Sm7iBqzUJUnSP-7IAii7Kgjd8zXN6EaStNK6ucB4Wo7HkA7xVdNAvwmzpgBGMAD4jDaMtiE5PfLaYIL9fkVnPyZPfdY9BdnbSlyS0M55olC6h6wPLt8QAZH9LDFvD28BfL81SQ8gtv4qWMzvTFo_go97T1nmCTpr5seZkhx47pSBpX9FDmCPH6Oqc8Oin7TM-5-gQ5GZn-FG9m4v2hEQd6glqbmD6wT8mr8bAl_qXfnfiwEdozobk75EfUjcOZ_90Wd-3bTWXwyXevX_KTzMY9JnZisZWVExoGMaDWrC4n6Tso5DstaTA7mYbhni0lJ7veQm7DQbHDhm6gnY72Vblx95BYLfWxeLbsE5scaVZfzs1VkvV5MmAOhAZWa46TwAXhmeOuLbXyxkKwUqyvto5Ao5kLeSXw2U01Q8b2tsPkfvtIjJ41c002vjbtV_mj4jRouTFxS0nJpqaX3LWBnUWmlxC5HJNh_DgsjA9GO2rQ-qsfPpvPUOgMs2smmntR42jmyPW4OU67O9Nj_UtqC9kmf2PoRPUHQO3MkABIWeW2jCvtmsX5Ms7nu09w4fVBYYsDUhky8-kkHwZa-7HbxWm_nXozP-VE9G3ODVwmoqArF1aat63RKAG6QAUAFC9Nb_a7jvPvF82kr8EF01tdcAaUCXsmZTFNtg8QoTiGHRlr6ulKGwXSfTLPxMiaUH5l8sm8uyEyrba8DkVQp5WqgHc14iDvnyA4dcEkCdW6rgz58rcN2c6OzRw5Th_a2m_xmblHG7333oq6Jb8Wyio1uHX3GnXVZFQxRr7zcUYycgj0hhz6BLlFsb-UAMG88gAetxfz8IXyBbDpLNUMCoLBESWXiBZHpHUKXLmtxrtoKnGPiLyct5VXvHhz5RhwDcEQXB7T-uKLr1EZAkP5KJtCZePAecedfiJ2J9wjH3Nro0c0nweceadbLlgYDlYu0CQOIxcK7U8m-OUyDWzU_8xe4Q9OmQ074GIpqVOZgffj2YvtGWhWTOEDKY4FMbE_-s5qs1X4miid30zlokLnizy7NA-XTHcnZGnBx_i86A5VBx0SPM4YPmwGPw3mFfjdAFkrVREfbG6FW33tQR1Rk92J8ZmfhHv_BojRRrNEvPAMZvvzsfLfw_FkyMqd_NfbJ6OxvXfxcdTHe_cK_o12hnHuDHQfY1FFTE9w9YEVDUb5rwhrZxPmj9_D1bvHpow4Gy4JqgHf6yRIKyKBjKmudHIG9gwf0tD5W86-avNU6OvQtwOHalDsKWJnjSPc2nGtwTDNtti0fyTGnGPkJpoDVkBK_gQ6FcByZMKS1DDGsoK4EgDkZhssY_gstiCWhKqXXx4tuM2cvJTBsDFVhMcCJu889_J5tcu9CDancb2hJRT9FH0DVi0R7aLPuN9I8_mMmunjIwqv2JJlULxQjB9eZFYNlYKbc_F6OmFdI-BcKPiHQ279cpKLj-cINtf8mt79ZsR8NnOVVuVNNE66f340qrZ94J5EPK7pEPFWAz6rJ1L43No7P1MvyFx-oDW-aN9G8rYDaTV780JABc-dGWhNsB8l9sCYsXvJVi19Dpi3K6lzaW89Vext_Zv7kEn6-eJUHK4AOUutr2wgqy0_aTbBWlBnFCTcQtJSdm8tpux9DS5M9I7gJfwuBn1YnBCahHvaPuB_-ty5avVzRgwTpunWibtOwbbtTvC8uIE7eE7kPhXP7i&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=6561358273335519000&adk=929882891&idt=233&cac=0&dtd=8 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:43:30 GMT content-encoding br x-content-type-options nosniff age 70012 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4206 x-xss-protection 0 server cafe etag 17947678125179771625 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 17:43:30 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame 97F2	30 KB 11 KB	84ms 22ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYKSFAeZ2_A-FOSTYggpm4Usx32FQzpcH2SOuI-Nlz_vRVLCohdrEToZy1MXo7PslUaCCuKZ8U0li0dTaCQvbRdH1Ebi0hTarsFOO3jhdTHjmoqM_JEfJDUZZYL6VI7wQP-YqTJ9vjKh8fD4g83AjXpJdB6T0lVhWFTxGuXlyH-U-4Lsc&cry=1&dbm_d=AKAmf-Cv-VS2PgOtI5b8NB7bkBc9a2uolIybl9i0IfbOp1Ci43StkkyibpbOVhpejd91plyUAjZNLys3MJlJtwGvDsUjqqArtaiJQvWdc3Ab6emIbAnKsWXIqQC2qqqqEN0QnMppw5bBIGMNgWUw_VJJHFC83yU66NVsNyGSj7Z9Edo2E_svpfd8qsZyYySMkWlKXVmN0jSEZou6kx3C64SRirAplzthWrQuw9IcZlGoGaay98TX3r3_4PbtfhTmxasa9TeeQO7b2gMNRFI_OX9ord_XFzmFMuh_YhmN7-D1XFOLQbDMb_SyCXzIouSG5_xgmGwqN-ks80XkwvhVRXHdPTINeFDajxKaBwBO3ZkwSUmZ2MzVkN39M25fwXSqiuSWzkFd_o8Ql_CKioj7WHPqn214FnOr6QgUQAAQ4nBsWIuVF6jVfH4rr-sqBbEWvRMti1coR8kY48wgOfXLpdmKo_wj1rpfLS6gdoPPoUwRXoaGAjTzknAjOktHbCu_WEsVhr_hT0hTMh04p2ROCYNfulTx7EI6ZzsbezPK4jCBMg5Urd51dJYzVwykb2WrU-QlYXstjBF7ivTGq4v3pCi7SIJHbxqbrRFfggAwt_1UlVquDZlzB5wle2JCkVv3yYleuj4vWwpVESIFGoBYqlaFRElR1uP4jHdizV9t5UVuVKkfFTAaay-x-OPsFUcPU0Xi8u3kON2Prf7p3QIwYvhxGk-sd_zl9pwVjT-Y2PKg9pCtbMsEIbX8GbsNyHcqiWlQU3SujMhTJte5mGe7uRAisiZ_GzlgfoZ-AUM8tAZdoDGgWlzTxQOALSUpQRD4OcpW0J0EgYImMHxrpFnpDfLGXDoyZ88WAnmUhksA1Z4jisNNNI7k-qqOfpS71fFiHxF6ZzR8L8-Nm4iXioRaBT-MzvviJjrGtTrLA3iZf1iBjTl1F9XBhF4XmSMPV2RczxcC0E37AfujohDmsUp9wYvzd_5FtAWsk0lyAeLR_8_BTZbKfanfrNF4KdAkz8gz08H5KB5IkpnRxTLh6R994Epd6wtmdpxZSg7J3x4r5-V5I0hvBtNfPFeFmjI2lKNxy-ZMuILpCtnhhzHVP40Dlh7r8qnVrS_RqZw3E13w_Ee6F7mkeFCzf6fuqFIGMuroz5-l-TbcoSR3A_kHHdVuO-EYzgGVnZ225uOnFYCXiVEoi1Ja-P4Mw5UChqnpLcaZqxC6ORnG2df6iWZla-JqioUZ_3-0v89ZjpT7LDxhAKqSc3SnCVKD3jmZVB8YqHxDdtcLlDxiSubFxmZdHAx2h-ADSZQ-R54hC23FTIQvp_7wWzK0tfBdIYiivlnzVskjEjb3viH0_FE6gOp_ArGHemriAPfSkOxWeHHFzIXsQHSwopgqESOSEw_93OW-_r3jbdPkLd7PohrodYFKsEaFc681GbYHsc5g5Yo9iM8pTz5sRahDslgd827mBFopk51TK6xf87pEKh2kYydq66lFgyUIE15Zz-6ulXoYDNoy_KgJKm6lwsRR1yjQU9HcaHZAig0oSQIwOyNzJZUfV4nRLo83DlDmNTN9voSzS1RXHq7In44MjPNkl8_MhMPQ-5K-ivGn84Q9NHv53Lsf6kLGVUVvCN_XHqQoofT4oyAlCIB-si_UB8WRhO4cicG0nzgjbFjlyGR4h8jQ9iB5bLzc-0XjXK8PP1WNyMd6l7go3O0aQ4IkpqfdgqKnxRKs8b0i6fFFmsFJpFhHkDmdQALCpwP0gM11miG4wWE9DMu7fQhP9iDh76Gh-xYuJpQudGxfAxDIJ9RNDOyRzpgSldohhrWMNXRd1yF07O8w_cL7Iz-WfoQEr3CvuHycRTh8vb6HvegtNJrv0B0EqNjVGDqI1if6FAVloD6ptN_ZZPQsM-LZdmFYID7iEgKCpV54_13KAvUYyc2UpRB4URlvCbWC0iBolrLnzV63R-9p6KT_yIQu8Byh9x_EPD6fm8p4yJQzm4IOEDlH7z7chC8CvZbTaC6IbQMzYhhu1E7j9XnkW6IPz39kx1QdCXI3k8knrEkETWEgyO7arNpOjIOPU6TTRf24oKryi5cc2Ptvy4_jHGutSE_4OHZ5dhKAbmkE5-_iGGV9UX2lfdPxP0Ogs4H7USC22St_KBMOye5qwGidv0KdOWREbWQjMXTcgu7r7whb2zK4IbhwcHRaG0fg6kxetcUgwUUX2sTODRR3Sm7iBqzUJUnSP-7IAii7Kgjd8zXN6EaStNK6ucB4Wo7HkA7xVdNAvwmzpgBGMAD4jDaMtiE5PfLaYIL9fkVnPyZPfdY9BdnbSlyS0M55olC6h6wPLt8QAZH9LDFvD28BfL81SQ8gtv4qWMzvTFo_go97T1nmCTpr5seZkhx47pSBpX9FDmCPH6Oqc8Oin7TM-5-gQ5GZn-FG9m4v2hEQd6glqbmD6wT8mr8bAl_qXfnfiwEdozobk75EfUjcOZ_90Wd-3bTWXwyXevX_KTzMY9JnZisZWVExoGMaDWrC4n6Tso5DstaTA7mYbhni0lJ7veQm7DQbHDhm6gnY72Vblx95BYLfWxeLbsE5scaVZfzs1VkvV5MmAOhAZWa46TwAXhmeOuLbXyxkKwUqyvto5Ao5kLeSXw2U01Q8b2tsPkfvtIjJ41c002vjbtV_mj4jRouTFxS0nJpqaX3LWBnUWmlxC5HJNh_DgsjA9GO2rQ-qsfPpvPUOgMs2smmntR42jmyPW4OU67O9Nj_UtqC9kmf2PoRPUHQO3MkABIWeW2jCvtmsX5Ms7nu09w4fVBYYsDUhky8-kkHwZa-7HbxWm_nXozP-VE9G3ODVwmoqArF1aat63RKAG6QAUAFC9Nb_a7jvPvF82kr8EF01tdcAaUCXsmZTFNtg8QoTiGHRlr6ulKGwXSfTLPxMiaUH5l8sm8uyEyrba8DkVQp5WqgHc14iDvnyA4dcEkCdW6rgz58rcN2c6OzRw5Th_a2m_xmblHG7333oq6Jb8Wyio1uHX3GnXVZFQxRr7zcUYycgj0hhz6BLlFsb-UAMG88gAetxfz8IXyBbDpLNUMCoLBESWXiBZHpHUKXLmtxrtoKnGPiLyct5VXvHhz5RhwDcEQXB7T-uKLr1EZAkP5KJtCZePAecedfiJ2J9wjH3Nro0c0nweceadbLlgYDlYu0CQOIxcK7U8m-OUyDWzU_8xe4Q9OmQ074GIpqVOZgffj2YvtGWhWTOEDKY4FMbE_-s5qs1X4miid30zlokLnizy7NA-XTHcnZGnBx_i86A5VBx0SPM4YPmwGPw3mFfjdAFkrVREfbG6FW33tQR1Rk92J8ZmfhHv_BojRRrNEvPAMZvvzsfLfw_FkyMqd_NfbJ6OxvXfxcdTHe_cK_o12hnHuDHQfY1FFTE9w9YEVDUb5rwhrZxPmj9_D1bvHpow4Gy4JqgHf6yRIKyKBjKmudHIG9gwf0tD5W86-avNU6OvQtwOHalDsKWJnjSPc2nGtwTDNtti0fyTGnGPkJpoDVkBK_gQ6FcByZMKS1DDGsoK4EgDkZhssY_gstiCWhKqXXx4tuM2cvJTBsDFVhMcCJu889_J5tcu9CDancb2hJRT9FH0DVi0R7aLPuN9I8_mMmunjIwqv2JJlULxQjB9eZFYNlYKbc_F6OmFdI-BcKPiHQ279cpKLj-cINtf8mt79ZsR8NnOVVuVNNE66f340qrZ94J5EPK7pEPFWAz6rJ1L43No7P1MvyFx-oDW-aN9G8rYDaTV780JABc-dGWhNsB8l9sCYsXvJVi19Dpi3K6lzaW89Vext_Zv7kEn6-eJUHK4AOUutr2wgqy0_aTbBWlBnFCTcQtJSdm8tpux9DS5M9I7gJfwuBn1YnBCahHvaPuB_-ty5avVzRgwTpunWibtOwbbtTvC8uIE7eE7kPhXP7i&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=6561358273335519000&adk=929882891&idt=233&cac=0&dtd=8 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 20:13:33 GMT content-encoding br x-content-type-options nosniff age 61009 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11583 x-xss-protection 0 server cafe etag 13692823745828058245 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Mon, 16 Oct 2023 20:13:33 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 97F2	41 KB 13 KB	96ms 26ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Fri, 29 Sep 2023 06:58:24 GMT content-encoding br x-content-type-options nosniff age 367918 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13692 x-xss-protection 0 last-modified Sun, 25 Jun 2023 02:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 28 Sep 2024 06:58:24 GMT
GET H3	200	fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response pagead2.googlesyndication.com/bg/ Frame BAB5	37 KB 14 KB	57ms 25ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 26 Sep 2023 19:38:13 GMT content-encoding br x-content-type-options nosniff age 581529 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14789 x-xss-protection 0 last-modified Mon, 25 Sep 2023 09:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 25 Sep 2024 19:38:13 GMT
GET DATA	200 OK	truncated / Frame 5F67	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 919281409a5a56c1e805c42627b93957afbbb5cc91f039537cc7a882fd3087e5 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers Content-Type image/png
GET H3	200	62bHydCX.html Show response tpc.googlesyndication.com/sodar/ Frame 1E32	38 KB 13 KB	231ms 93ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/62bHydCX.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 113153 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 13045 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 05:44:30 GMT expires Tue, 01 Oct 2024 05:44:30 GMT last-modified Fri, 25 Aug 2023 23:48:00 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 4D22	22 KB 8 KB	231ms 99ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 117441 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 8395 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 04:33:02 GMT expires Tue, 01 Oct 2024 04:33:02 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 052A	22 KB 8 KB	214ms 99ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 117441 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 8395 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 04:33:02 GMT expires Tue, 01 Oct 2024 04:33:02 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	view googleads4.g.doubleclick.net/pcs/ Frame 5F67	0 0	192ms 82ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstthzyFtKchBLJgaNa45ZuOXH2q-q6nrqburuX5L2yvN2VfIkHWXiVYnd3MB7z7Lq6p5vlNdcvwyLs6WXDNk2D5Jq0zX6GcpJ8_gUOSHF7dIcB8nXWdwPd76_D6hTVBfV7Vlemm3xos2ZUO46TppY7cdyyJ3yo6HjYimL0hK4qCmQ330Mh9RDr4igbXFVBTrNd7h3o9HmE-15hVZH-RXYt6rv-0bojJSZ9nUK7DsI0PVQfia76-eM-4ggfjK8siLsEr5BhETgU5hj4kK8OTU4_dVii6BGQ41JE5LMA9bwnbO4-0pfGJ8kMd89WH6vnASipOyIyfCjXbHl7ScPJvqG8cUn1PTYNkRkj0QvZLHFV108PD0tJfVaxpnsI3cGVigx6Nd3h5PbsvvGFeVs2uyt5JE8Q3kJvuUJYCICus7jF78daZUvaeJvctLCG2YdQkR6FRxjEsLc3Pr6hqW--lLbf84whEpN9R9EWIo_exTwJqyWsyXfePNiACZDj0axlw7RxtTPGO-V-Fp1W7aN-P7OcMwLV7mQzJZB5zJlQEscjQDnv47edyeWWXezZPxhCMSCCjeVh3r2ytthjHuBtomTL1OC5pSFrHCSxKdPlsb3crVcl6dHir3yh1_hxOSCHSMkSNAu_ORQSt2UTLSk_oG0tqCeRJi6Dal1n4kI3gerJBhGxq33XcsoHrSS_x8-W5lm0IQcbU7cvl5tFTZHjQa_q1jEI0XA-gaaYbi03sp-yVK2-Kc81JSzFcUXk4Agp9EbACl1gsHfiYP2tw1po8eqU49LiLdtwx1GWItj49Fmy5YIR9JQbUDMpkS3eh1-G0pI9MG7L0NhBQfp_YbgIP5Dp3USGjXTJfJDZPZH2WlgsJ3WLZuwsbpqJzFcceXW0cGQ0VDXkhGG1hBE6V0wd6jKRv6J0MQwzRsJCQLzJZuuN--ExYdNOi8yx_79cNPmC2clxWVKAdZR1L9cL7zZe_CdF9TbWoCx4wdqFyX5drTzcb_5BzSG5pai0P6Dq0oMB-eQTHwezL59HrXlVG1fuH8DwO-XasvteTYKXTjmV7Vw_LBcf8RS6nexfbEaThHsIv0XS_ea6M04QnrOoeyonFv5jYv8TwunK4f7hLPKbyyC87ETer7w0c9TARj1Wxe_mIc2C9yh4gtNGGlRK3QCY19GowLXQ7rQC4bfpfRbGIpX0akMwip5NdEwwRBzkjlVi3x2Mw-abHyiapNdHfL_rCn77wJUHLkM5UfF_oFwvpCDM3tghWF79l7R_52ZhHr3-8Ak55A3hxJJqw2vek5bJWzs706MfdcZNhNSt5Fl4AU67zCejWmuIor0buKeW0AyrtqtvHcxM&sai=AMfl-YRsZmAr-AzXAIqxCM6O5KXRhR0YcVRATaCEUMgembvGOpWBK2vC6tElxCl2HIxQ9tH8F6yYmYpdreE0JamU4E5s36P7m1iq9E3f2ZPcx0VzPg0OyORAScv1nHxtVZknWXPu7s5d02DSSJiYBRj1fxsyXk36nd1XvkEmr23KRq7bV1NkMMiIRHViJLMt-vyDyalh9CbfpNcI6qm5g9Qqxxr5HbUMDCNf0BY9JsVsQmjLk_BQjQY85aUElJU8pbRSU7AmkR2dNa3TDfQWzQEAbHHAy0v4V3HkJeNl&sig=Cg0ArKJSzPJyVw5ZcrmXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=168&vt=11&dtpt=167&dett=2&cstd=0&cisv=r20230928.56315&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl= Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClhkrFd9KZW74bAIxjxFYCJUpr4HWZdgZkAe5vjGqq3VR601GoMFoks0ZuwG9eaPj4dCZosIwKNhh8ytojY-qUClRTrA&cry=1&dbm_d=AKAmf-ABeC5mhGQO7-4bOrGtZ4nV_zOn-HfY6L7EtXt91Nz2BWMMziGa6xStgx_NQmL4jXV9ZNYPeFXM11ZriAz3y2_g2NtNp3s4iduyEImWiVoJkgyoh-2vcXSXxbwgIMcqOBvqn_YteKJTv8bX7a8SsKmWB_rmmKP6VtgtU-uVq771v99cJ10b8W2uZLkgnpIg6NftzJULUzxDR4ZzA0DJOCwVlsv5wV47gmV5wWB2GoA8XwC2pArnmbidbgMNA3eAuv45Ll2kYGZ7-50z8zd9RfaiPPbnTt8qL1PgM7DDJ0CQ_IKvX1zEuDwKfPwSSWKbyzwjKww2KwAlvdFmGQ5THFvFoNBrqiHn4vMXEb3OGErYgrEEwoXxvwS3tC76vheeKApqRi7cVd669gqN0es9zwhwqgCdxUUpKUTkq64s_aBWX4QkkjXiiHTdogrD4EY4lXOTRlAg7gtAH3EH8XI_ahYfOHbt7Sn5WSBZBM_HHc69LtL_24bX7_lVTmAgVu5VmOzYd77z45gQbTGjwlU04p4sk3g1wXPdS_fGc89dyyqb4RrhvDb7FUIKnlLyOZpGiUzWtkW9rePdNj9CIsonQVNpigXUhGSHlh__kmsb1r0gIRStQYSI_7mBOclPoEzXHbeLwhN9Smf9yUCE5xc5v3CdF68bmZeGebhZ-LL3TGsJkjDQVFxmdHmm3dO3Li9t2Sg1jW0AYg8pGGewMlZ4OPAWS4C7kWfRmqkdDxKocNrE_GSVfrTalrYMWv8o2X6UV73sZJT69HBHm7cqRk5iPoptjGDPGUq50YsUS11VHw7B2vQNZAFVjN9UjQ3koYeDM9K8N8cA12imLrPDePmifLLPFgyjiDK_zBoLRtZxftTTW0uWmCGjpB-2MdB3MgXTvZSv3i44RSrXzUkr6I7TAA7Sh-bk13iYE_qpfHCYUiFxpwk7-bGkFyRbUgO1q5aNPIzjnBv9uddRaDwF41AyAq7zAHAx7QU_jEVydS2ZOpExTyhfEHy58NOyvNZY20rAkYcA41HT_y-SgD1WVcZMi6MbiCQHNly0q00Ub43oCySEq1eK9ny1_5JjeuNqSaoH-e6OLATIddm0YAF2HcI7qWAVsoM031HA4oaxslaJ1rODGEIDRBa4LPvGUw731hBGol4dEiO_zBvlsgLXtnuhqFL6ydXQYYHVJqmOHJO-qZvfHZpE7y__VxZCwaQ7y4dbWNoCt7EKw0GQ0_xl9EjhvccpdID6nZjJTzNB-tiuU0h5QKA-iFIpgwDIoNwC10vrdFoLqJDjYXCNNpSPrap0nfrnY8zEoAfaY_4sEGi_yJtPhTnkaOPfH_mQTSDY0ANPh4veRjHqjRWgk62Y-StQ-1Y9DtmuDlBmlHe0e6Yhltvm_8lqdlRshLg-OX7BoDrc7afjp6OYLkAvWOdTlYhMmbwHLwnLTEU7h77mU2et_752Y2kmsEChggxesfyjamb7HgVWTvpCjSKKDt6GXZIXdP1DqcCVKQfaHzlbGvsYJ6jGZU8K1kX60BpOHdm6_ZZtuK6rvHMmqGZT-i8PHDyBeiaGXp9f_OLii7axrvhhLkaZVgyUgEamylLHZ90sk-VlQNSozfgc-BWfAtjberZ38168H7oUF4LqsTq5dLqDlO_DCtpJHUQH09tVlbq_EIGshn2B5Iudbw5hIxrgZL2pyltJmvUH9ZxKMJQqUWlK_tszC4JVtJuW8OZWNJ7JGJJsVTkP0pHBC_UlQqGWLv_voEXbnZwcwtkpLokN0__HqHrzqPj6SQoaAulP_9sYVFazszmMkTL6uRdNlmMTLymg-iUZ23MTCoCydd7R1HWpwFPm4GxlO6L_EFxLz37mwY_VPSYADBuGtjE-WJHQEemaOjyoYEbH7UzUcW-sNTgk0GYQRS0uw7Ph29vygcVpIOcKpig0EcjYqWiaIy7efqJbTFbJlm-a_8YyghEi83fj-Gk_cw_KUcJ2WKw2Ab5l46JjMWnppeUjRd56qHz9YIhcc-mhvLZAECTs0pXNcW_1SKkJCS-kOcPCXYxPlRb-vK-MEMU7E3IXb4h_juFFXXOr9IZnwTksNdJvJ7ouZJYob2lj2CXscTC_qs0O0o5-GlN7zLQqsVHGFGeedyf5qMVNhtkLhUW_61t59opCfD3k6b2oESJs6UtKhZRGWTSmavUJBP9OMVKVTU7A3AFvOBz2F9jDij8Ye4s3LUsh5XxeT1aq8vLBYiHAE_LO5GGzcOEr7aOsuc_xhkQaSFQC3wA_Jdk5OaHXSeLnb-hKW9gLNVln9R0T1PSfvKKNfrZBsH3zm5Ce5n-impP8NfWHwAqJust0dqZjBZm30gqCxAE3J41Q5NUM0JvU0NNIJ0tKiJo9MoVmnBrZnUFSPQ8BiCdO3huJzCWuIHc_E9FrNVx6lEiKkqDXnxGLYYSiFHhKnb4QoM4tdWuO8SHxXzir6VbNOyo5kKe-6RTS0_e0mB0hlZysoPtiyROhZnanlQdwtJxUfnKBTmpJcp_WlYgj-tAi1THzhCcHgiHU2LrGz6Q8gb7ai5cSMw8GD9pTYKy-judwjFhI_6NUseYl8sxGKXLTldLyzogFpf-nd-d9nTTS-HfbZ2OEnZ6EOaet55i3Dg4OX_-LTlrsRxf7Ap08CoPRGt2cQ0BPc6C60B9CGUnjpI0bvjVSfpNLxWIOpoUt9YxRQL-NVsZZ4_qr1qR_aRaFQ7WPQ33_2AdcGVAZiAd8UFBpbvz_gozx2bwdf1ajZw7rmE6QUWPRvNAVUMUqp6NjvAUDah7-Gi7HDq4w7SGd7DNeacud3h2E0_CyBuMfD6pRZubUdMQgG72rNBiduTfTCdjtICYD_aFXBvJcs1lTcfYSNUH_t7kpDGmnp3IdQMgkRAdrm7aTdJqWMHI1ZKox90RugCHKQmNNQzHxAszInVK60ukkPjqTPC6_FpZZI2pO3T1Vh1pTPGc7y3JCTPtoFs2ygCtNOT2GcRjWo3pTFbbpFK0sEHUxsNX1LWZlgcsQMo-YmImz6akEN0_794YahIAIhVQcN5boB6glPRWxiBGQz8Src942r_SBn97gvRyXXP3aij7Jt3q4RzyhRQXfxvXep-aUMVO8ZA0yZT9D25UH7WUWDkAiWOstpygvN8jsY_XHCsnmvGBEsKoLCJKqsapFdKzIy-b9fNAL2hiXoSNUFuwqMktlgMAV2yOBPMZPygpcCL4ZMBPbYZPNhtpcOOQIY2s-mKm-Wd7eaRu-Z2-Zj7QbYRdod8A9PtfboO0Tt8shk9xq5es-UjpZOOPBvdOh7LpTEuu34t1bHRQ3zrda5U_14OTbf01TG6KwJF1UcrEoLZAwZPaC8Ayd9TkCvEYjgaEv5y21QFXoGgf87NtjIusT8YPvpKM73oDsbGnnAn3zyh9ngqS7JLEoX4TS2JFfVzyITgvetTgb94TzYhh0fCsLKoEPFtt8L71HqB11C2pAAYqIfSgaoi-OXywMjG5f0PP8-hHDt6S7xw5wLYuA0Q-0qCLy24WECNWqFAhGiWWA5s4Zp2IXRq2VIVOLoZaW6wsdnaDBw_534hbVRRKD0ejJzImonKXAZc6AdkkY_plueuzl4i6Ek6ijQt3TjSCk3xrO8FxbALC1OHRlFolgqfDcgILBzHIy0g0_Hl5qfIlJKN-sLjkXYGo6DXP3coBqeugwUp5r0XHXJItTlLGblAjvVQc&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.orlygift.com%2F&ds=l&xdt=1&iif=1&cor=9540628744081418000&adk=2085914665&idt=271&cac=0&dtd=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H2	200	index.html Show response s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	77 KB 20 KB	57ms 25ms	Document text/html	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 73a802deadbd2553895ddbf45f97cfd059d398198b3b01659b626e922292bc12 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 98270 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 20211 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 09:52:33 GMT expires Tue, 01 Oct 2024 09:52:33 GMT last-modified Wed, 09 Aug 2023 13:01:44 GMT report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off x-xss-protection 0
GET H3	200	view googleads4.g.doubleclick.net/pcs/ Frame 97F2	0 0	78ms 71ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuxxygBDMwiWmLssGoK4uH9AKKUS3k0hj6aM7GoC9YklKNc5j8Eo4XVonGw-BKW6HSULLyyR8gJC9vshW4-vNXWrcn0FP56dlV3jnodSJ4GEbJaBhbjSvbeXRAo660NFnjA0o0K62-aGFxgr_F1uZ6uWrFaMUrJ9M193hpZy6z1kVy10cBOU9Wysuclm3SZo2oqmL50DBdxLLLu9HI0NdcH66f5_7ptCBHU4-5kdDJe_qSSOXq22Pe6QDsxaGj-aI-6Fmt2xTNLHHtrzfx_mbw0q5GNoxmvey1Pb-KS2jv5Cv5IUtka4W0A5AYilq5sU8VtR1Ap-uiovbFDZ8tv5W88njrGZTi43XH5OQTB7tr8REfKX0JGh5zIjVkjXjbAq9SO4Nqq4xfv1lx1ZPCXp6BMIwXndRgDb0aoN4KXVHeGqXh9oGRPEOfRb5q3cSbezSwUe24iVPQ4sNOX9ahaM3ZdgQDjNChTo8RjRdK2pS4nZvlS5Io6LBs9X9RP-Y08CKUKAmSYvmwVWwkrsY7un3xvH7YA1VIkY0UN5OjbNzKOOoLpTiiE4OrI5RkHcE3ULHYBqlL8rduLaNJnF7hZ1pap-h3HKA9Im65nzMZTycUDjc5s9v3Fi46P8jjkEAxaeVF1D2-haeqTlS_Me1-cqh5FOcHdqzGyIXu2Dzg8xFBj201DDJrLTZk2bP0any1oewYDvA0s66ESBFUryXclsLqCf_jSy-rE3L80hem8usip0rWlSLi0P4umZ51Hvrc_b-0en90bfL5PaLLWYBs3zIaNRn4iRTx3mM2NDSkcW8uY1TXCBx5uO_MqG6StEZU48hTOG6sk87DVYhYzmyrOfiiQiojohMemqn-z0CdCqwdAD3rKwHqSCetQNJyDTlOfBQKlDDnG-6pzYfNtWh04xpXF0xpBjpTrK-b9_c1gQ_KN3syEH0NB5VLzMb66ChKyHpM1UFLlrZcMkm01G3E6iwOAezGFzRkB7xohhGNSFtTq-PZahp6GuBVS6E_Uh8EWYp7QP4Wqi9oYEXF7JRBFeMgOk3KppKqyyNlPvwsUVavw7HynJ4z-r5qA4QZMovje8swlbbnnFaJHiQihkQWW3Quh3KZMYScjllnqlWvGzabe5DKHAG-hck7kFSvtp1rEVY3n0NizxqNaWaSsW2Yul-m5KHYIbQ4BfwCNiGB_yPDftcM8ZGxqAoaNtfYTqlQ2CDRrYkU6MZm4Ra6MyKsmPKiD57qRNoqh8PjjgcliQmfT-t0q-XvCIRpvp4MQrJ7qA24pYiB-_mcq1IHc3i8zKzFfz2Y4owbeNs7HyyU4i_vWeB9aMZbY1oRIbmQGOLsysvOIL1brRK2-yQA&sai=AMfl-YQyAbWVjb9sTjjzEwI5itVaSsUGq1OB8Mx9xPrJ8OaKJ1ettH67_IJXzatIZYsKWra8qjjL00Q4dn9DaG00r0zDwQoKRv3gb48DRHLh_P8JY7eCXaWm-czD3eiapjnbPIY5ETSVCAp9_2CtuQ65dAd3kMBjWm2cgj_TjVoep5Xq7QeofBdDXHNPAMiLjXssZJk27BFots16DDGEcMb47CIGEhNZVq4XLvKIGM3_VhoqD009yXWeLQcHzsK1IWoLSofeybZPwPLbo5C6ITmXZHc6wsvRJmLOiHRy&sig=Cg0ArKJSzK27df9WM_ZKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=515&cbvp=1&cstd=471&cisv=r20230928.45405&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl= Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers content-security-policy script-src 'none'; object-src 'none' date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * content-type image/gif cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H2	200	index.html Show response s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	77 KB 20 KB	43ms 30ms	Document text/html	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 73a802deadbd2553895ddbf45f97cfd059d398198b3b01659b626e922292bc12 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 98270 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 20211 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" cross-origin-resource-policy cross-origin date Mon, 02 Oct 2023 09:52:33 GMT expires Tue, 01 Oct 2024 09:52:33 GMT last-modified Wed, 09 Aug 2023 13:01:44 GMT report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off x-xss-protection 0
GET H3	200	view googleads4.g.doubleclick.net/pcs/ Frame C4A7	0 0	87ms 87ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTdCcE3GTvCJWxsjqrAgzTT6u0ilRt-g2Cbsfrbtc_YCE-P0vvY1lEWPrHT51Hv4A1mAAdwAP_-DfoDuNLIrJS8mwmwYgHaZbpkAFw33PJM31PgZunU-hCs5VThgDvzzYOyKKfioMxOT3TOMDcVcIhhScg6Tal2O7gBdwaOcjxfIpbo9rSloGTJQEfCePANRwM-hZxlraUCyMUxzw6zuCftsEyE1VmQFT1E9-acQtMtlRFHrTOXtU71AkIPAK3zVdACfEiooT6VZpd5SLn4xwAkdHymuxOz8NQrnVUkgf317aRrV19yWEh_RRO79QGfnUDXzkkirFGqLJbrvBp4cHSxuWx2LRuCQW5DTtb1atlcb1EyKG4dZM_Qm39ePQZzRoBOSs4FX31NAjBSscMwzENaywct3mozMUOXRJyYjQhykEnyRHMtZdI2UYgd4XuHtuptDSBwEslcQDT_En-WonR8wxTNKN33SSxg3qZG2DAjYAQywTYALFP15cNlzYnoslMnQQHoA4uo6RYUmGFN5xlc8MNrD5KIuWHec-vhjV0GZlUGXqZK_PhJuBYgs_CaxjBLxZvgx4xD8rwqKlUoKAR3seJepp7ZJJoGT3Y2fUA2wth_bIcM2A0n-HzyXFzinnybIokezHtxIIpzyvPKxuDaI_XZ9kwwFd7AxOMuY0fLYgiKpj0O59cndxxK7l0KZecR_gWABk4UIezgb8KrWwz-lBhk0YFrpe723AaYqrQHSqecWJ1whvxmGl2HdT3nsYQpV_bsl1lQhUvyfSVLfen15nBiwCU9wgp-VWOn8HLjrtynSw-0tglCWpQIYqIKc4KM5sA8cY7C9Szu3FCZUJOKqYH0RnCLEj5Y7ug4YI171mQeDpvEWnb6zA07yLYAXMBiMvchpjxkXJ2fDQKdvQgeZ_VJa9VkWvEx1-xdxC3fK73wig06IOU9PXP4Uof_4a_zoq-5rljsuDSP9Mwg_ky6g47HbjFLob955xhGnfB1gWF4pqg6mP6ntVxfUjXmAmTAQK8jQuQ8wohc4mMenGkEta1l8ETNaTDkd1IkENMtCsZMzOc1uCSW4LMNentmAa2qvQuwJxu_9v39SJUBrU28c9ozlEXFrXASJurfMM0DL1HWuhAB_Rzd40AN9FEfOWufLz17t_Nw0WrBY_BmAUX2t7DaAUk8pDttNbK4c_2eJ2ecKOqVkOSTWWOhy4Eaxxc6UmUZ_5L40Z_B2KRrFgybVSb700y1ftkv4WVP4KLSGQaEAf2UygOEi7ZqrOU4jJ6X-Nmjd0Fn1xIA4CY8UM4qBxBWQVh6AQrP-CpimRGAGqXu3NGx4CixDqC_pz13rh3SX4sHVWou_o&sai=AMfl-YThfLLF1VJQkdgzpASGYLTGZJd3AaCb9lO5uUXqy6pWqncMLR0kX2wRznjjkEKH9iiPkSGiPVf6cx3Bc04bzwJoNhiVtXzbpViuu80Ba4tjdB8JnzOAhVbqXBYEVKDpArhg3Wokc6WdR_WaigBYH4tjXl4nsJanWjbCkUbgzLNcFjxTjugJ6LOB5DeiowEQ5t0zb7ZQhrpd6jveGwk7_40D_Qb1ULczRBYccg3xpzHSxMEJ4xSaDTW3IvowAUkPonBz-mTU-lbSErNVGTknbuvq73Yv7ohjHaVE&sig=Cg0ArKJSzBfT88JVLGKSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=627&cbvp=1&cstd=615&cisv=r20230928.47863&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl= Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers content-security-policy script-src 'none'; object-src 'none' date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * content-type image/gif cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H3	200	DcmEnabler_01_250.js Show response s0.2mdn.net/879366/ Frame 9DA4	32 KB 11 KB	29ms 23ms	Script text/javascript	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/DcmEnabler_01_250.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:05:58 GMT content-encoding gzip x-content-type-options nosniff age 72265 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11558 x-xss-protection 0 last-modified Tue, 14 Mar 2023 21:28:37 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 03 Oct 2023 17:05:58 GMT
GET H3	200	DcmEnabler_01_250.js Show response s0.2mdn.net/879366/ Frame B8D6	32 KB 11 KB	36ms 22ms	Script text/javascript	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/DcmEnabler_01_250.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 17:05:58 GMT content-encoding gzip x-content-type-options nosniff age 72265 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11558 x-xss-protection 0 last-modified Tue, 14 Mar 2023 21:28:37 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 03 Oct 2023 17:05:58 GMT
GET H3	200	fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response pagead2.googlesyndication.com/bg/ Frame 1E32	37 KB 14 KB	25ms 22ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 26 Sep 2023 19:38:13 GMT content-encoding br x-content-type-options nosniff age 581530 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14789 x-xss-protection 0 last-modified Mon, 25 Sep 2023 09:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 25 Sep 2024 19:38:13 GMT
GET H3	200	fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response pagead2.googlesyndication.com/bg/ Frame 4D22	37 KB 14 KB	24ms 24ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 26 Sep 2023 19:38:13 GMT content-encoding br x-content-type-options nosniff age 581530 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14789 x-xss-protection 0 last-modified Mon, 25 Sep 2023 09:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 25 Sep 2024 19:38:13 GMT
GET H3	200	fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response pagead2.googlesyndication.com/bg/ Frame 052A	37 KB 14 KB	28ms 27ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 26 Sep 2023 19:38:13 GMT content-encoding br x-content-type-options nosniff age 581530 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14789 x-xss-protection 0 last-modified Mon, 25 Sep 2023 09:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 25 Sep 2024 19:38:13 GMT
GET H3	200	view googleads4.g.doubleclick.net/pcs/ Frame 97F2	0 0	68ms 67ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuxxygBDMwiWmLssGoK4uH9AKKUS3k0hj6aM7GoC9YklKNc5j8Eo4XVonGw-BKW6HSULLyyR8gJC9vshW4-vNXWrcn0FP56dlV3jnodSJ4GEbJaBhbjSvbeXRAo660NFnjA0o0K62-aGFxgr_F1uZ6uWrFaMUrJ9M193hpZy6z1kVy10cBOU9Wysuclm3SZo2oqmL50DBdxLLLu9HI0NdcH66f5_7ptCBHU4-5kdDJe_qSSOXq22Pe6QDsxaGj-aI-6Fmt2xTNLHHtrzfx_mbw0q5GNoxmvey1Pb-KS2jv5Cv5IUtka4W0A5AYilq5sU8VtR1Ap-uiovbFDZ8tv5W88njrGZTi43XH5OQTB7tr8REfKX0JGh5zIjVkjXjbAq9SO4Nqq4xfv1lx1ZPCXp6BMIwXndRgDb0aoN4KXVHeGqXh9oGRPEOfRb5q3cSbezSwUe24iVPQ4sNOX9ahaM3ZdgQDjNChTo8RjRdK2pS4nZvlS5Io6LBs9X9RP-Y08CKUKAmSYvmwVWwkrsY7un3xvH7YA1VIkY0UN5OjbNzKOOoLpTiiE4OrI5RkHcE3ULHYBqlL8rduLaNJnF7hZ1pap-h3HKA9Im65nzMZTycUDjc5s9v3Fi46P8jjkEAxaeVF1D2-haeqTlS_Me1-cqh5FOcHdqzGyIXu2Dzg8xFBj201DDJrLTZk2bP0any1oewYDvA0s66ESBFUryXclsLqCf_jSy-rE3L80hem8usip0rWlSLi0P4umZ51Hvrc_b-0en90bfL5PaLLWYBs3zIaNRn4iRTx3mM2NDSkcW8uY1TXCBx5uO_MqG6StEZU48hTOG6sk87DVYhYzmyrOfiiQiojohMemqn-z0CdCqwdAD3rKwHqSCetQNJyDTlOfBQKlDDnG-6pzYfNtWh04xpXF0xpBjpTrK-b9_c1gQ_KN3syEH0NB5VLzMb66ChKyHpM1UFLlrZcMkm01G3E6iwOAezGFzRkB7xohhGNSFtTq-PZahp6GuBVS6E_Uh8EWYp7QP4Wqi9oYEXF7JRBFeMgOk3KppKqyyNlPvwsUVavw7HynJ4z-r5qA4QZMovje8swlbbnnFaJHiQihkQWW3Quh3KZMYScjllnqlWvGzabe5DKHAG-hck7kFSvtp1rEVY3n0NizxqNaWaSsW2Yul-m5KHYIbQ4BfwCNiGB_yPDftcM8ZGxqAoaNtfYTqlQ2CDRrYkU6MZm4Ra6MyKsmPKiD57qRNoqh8PjjgcliQmfT-t0q-XvCIRpvp4MQrJ7qA24pYiB-_mcq1IHc3i8zKzFfz2Y4owbeNs7HyyU4i_vWeB9aMZbY1oRIbmQGOLsysvOIL1brRK2-yQA&sai=AMfl-YQyAbWVjb9sTjjzEwI5itVaSsUGq1OB8Mx9xPrJ8OaKJ1ettH67_IJXzatIZYsKWra8qjjL00Q4dn9DaG00r0zDwQoKRv3gb48DRHLh_P8JY7eCXaWm-czD3eiapjnbPIY5ETSVCAp9_2CtuQ65dAd3kMBjWm2cgj_TjVoep5Xq7QeofBdDXHNPAMiLjXssZJk27BFots16DDGEcMb47CIGEhNZVq4XLvKIGM3_VhoqD009yXWeLQcHzsK1IWoLSofeybZPwPLbo5C6ITmXZHc6wsvRJmLOiHRy&sig=Cg0ArKJSzK27df9WM_ZKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=709&vt=11&dtpt=194&dett=3&cstd=471&cisv=r20230928.45405&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl= Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET DATA	200 OK	truncated / Frame 97F2	217 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d5fcff1aad29e2cb1f86fc76273baa0e18047058606a5144f5f98139c15f635d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers Content-Type image/png
GET H3	200	view googleads4.g.doubleclick.net/pcs/ Frame C4A7	0 0	72ms 72ms	Fetch image/gif	172.217.18.2
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTdCcE3GTvCJWxsjqrAgzTT6u0ilRt-g2Cbsfrbtc_YCE-P0vvY1lEWPrHT51Hv4A1mAAdwAP_-DfoDuNLIrJS8mwmwYgHaZbpkAFw33PJM31PgZunU-hCs5VThgDvzzYOyKKfioMxOT3TOMDcVcIhhScg6Tal2O7gBdwaOcjxfIpbo9rSloGTJQEfCePANRwM-hZxlraUCyMUxzw6zuCftsEyE1VmQFT1E9-acQtMtlRFHrTOXtU71AkIPAK3zVdACfEiooT6VZpd5SLn4xwAkdHymuxOz8NQrnVUkgf317aRrV19yWEh_RRO79QGfnUDXzkkirFGqLJbrvBp4cHSxuWx2LRuCQW5DTtb1atlcb1EyKG4dZM_Qm39ePQZzRoBOSs4FX31NAjBSscMwzENaywct3mozMUOXRJyYjQhykEnyRHMtZdI2UYgd4XuHtuptDSBwEslcQDT_En-WonR8wxTNKN33SSxg3qZG2DAjYAQywTYALFP15cNlzYnoslMnQQHoA4uo6RYUmGFN5xlc8MNrD5KIuWHec-vhjV0GZlUGXqZK_PhJuBYgs_CaxjBLxZvgx4xD8rwqKlUoKAR3seJepp7ZJJoGT3Y2fUA2wth_bIcM2A0n-HzyXFzinnybIokezHtxIIpzyvPKxuDaI_XZ9kwwFd7AxOMuY0fLYgiKpj0O59cndxxK7l0KZecR_gWABk4UIezgb8KrWwz-lBhk0YFrpe723AaYqrQHSqecWJ1whvxmGl2HdT3nsYQpV_bsl1lQhUvyfSVLfen15nBiwCU9wgp-VWOn8HLjrtynSw-0tglCWpQIYqIKc4KM5sA8cY7C9Szu3FCZUJOKqYH0RnCLEj5Y7ug4YI171mQeDpvEWnb6zA07yLYAXMBiMvchpjxkXJ2fDQKdvQgeZ_VJa9VkWvEx1-xdxC3fK73wig06IOU9PXP4Uof_4a_zoq-5rljsuDSP9Mwg_ky6g47HbjFLob955xhGnfB1gWF4pqg6mP6ntVxfUjXmAmTAQK8jQuQ8wohc4mMenGkEta1l8ETNaTDkd1IkENMtCsZMzOc1uCSW4LMNentmAa2qvQuwJxu_9v39SJUBrU28c9ozlEXFrXASJurfMM0DL1HWuhAB_Rzd40AN9FEfOWufLz17t_Nw0WrBY_BmAUX2t7DaAUk8pDttNbK4c_2eJ2ecKOqVkOSTWWOhy4Eaxxc6UmUZ_5L40Z_B2KRrFgybVSb700y1ftkv4WVP4KLSGQaEAf2UygOEi7ZqrOU4jJ6X-Nmjd0Fn1xIA4CY8UM4qBxBWQVh6AQrP-CpimRGAGqXu3NGx4CixDqC_pz13rh3SX4sHVWou_o&sai=AMfl-YThfLLF1VJQkdgzpASGYLTGZJd3AaCb9lO5uUXqy6pWqncMLR0kX2wRznjjkEKH9iiPkSGiPVf6cx3Bc04bzwJoNhiVtXzbpViuu80Ba4tjdB8JnzOAhVbqXBYEVKDpArhg3Wokc6WdR_WaigBYH4tjXl4nsJanWjbCkUbgzLNcFjxTjugJ6LOB5DeiowEQ5t0zb7ZQhrpd6jveGwk7_40D_Qb1ULczRBYccg3xpzHSxMEJ4xSaDTW3IvowAUkPonBz-mTU-lbSErNVGTknbuvq73Yv7ohjHaVE&sig=Cg0ArKJSzBfT88JVLGKSEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=834&vt=11&dtpt=207&dett=3&cstd=615&cisv=r20230928.47863&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl= Requested by Host: www.orlygift.com URL: https://www.orlygift.com/giveaway Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.2 -, , ASN (), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:23 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H/1.1	403 Forbidden	dark-bottom.css s3.amazonaws.com/cc.silktide.com/	0 0	377ms 123ms	Stylesheet application/xml	52.216.218.192
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/cc.silktide.com/dark-bottom.css Requested by Host: www.orlygift.com URL: https://www.orlygift.com/build/js/all-b2ee3ce83b.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.218.192 -, , ASN (), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/	16 KB 12 KB	95ms 95ms	XHR application/json	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230928&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7c27a1bb32e5264620a9d67dd9422ec52bb1b1582dd1be49f9efd2463dbbfc6d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ X-CSRF-Token ojKPvsu8c1UPOrLu1kBBpH9MLNWVsgZwa90f3XQn accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:23 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12206 x-xss-protection 0
OPTIONS H3	204	sodar pagead2.googlesyndication.com/getconfig/ Frame	0 0	115ms 55ms	Preflight text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230928&st=env Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-csrf-token Access-Control-Request-Method GET Origin https://www.orlygift.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers x-csrf-token access-control-allow-methods POST, GET, OPTIONS access-control-allow-origin https://www.orlygift.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/html; charset=UTF-8 date Tue, 03 Oct 2023 13:10:23 GMT p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET DATA	200 OK	truncated / Frame C4A7	216 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ca013eb8a5db2b09e634a8fae0d9a630ff73b775272a8faaf67f52c56b4b6fd Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers Content-Type image/png
GET H3	200	160X600-frame5-Iban.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	8 KB 8 KB	23ms 22ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame5-Iban.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 375ca4aa2cacf26183f523f7d93cca9a7c46038d06768b5105756858cc9cb6f2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7717 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	120X600-frame5-Iban.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	6 KB 6 KB	35ms 33ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/120X600-frame5-Iban.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash cd91b557daffce07d50f5ae1cc005d0f598ebf8fcdc18f89bb71774547d8bd4d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5900 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame4-card.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	16 KB 16 KB	26ms 24ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame4-card.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 3f753189c0fd3a8ee4bd26cf7e16e2b7ac4498839eaa4a2304d20600226e0a5b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 27 Sep 2023 23:00:55 GMT x-content-type-options nosniff age 482968 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 16630 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Thu, 26 Sep 2024 23:00:55 GMT
GET H3	200	160X600-frame3-phone.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	24 KB 24 KB	36ms 34ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame3-phone.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 707a5368afcd421e247d124a6a5bb88e2b98a73b6d25f87381bec65e72ab8c8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24608 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame6-text2.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	3 KB 3 KB	46ms 44ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame6-text2.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 80670e80edf77001d36d10178989711a30f315daddd62498b7e1ff1ce3f91a6d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2791 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame2-text1.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	4 KB 4 KB	52ms 51ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame2-text1.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash ce19eeec32ab1a7a30b717ec9b6be8f38ecc1dc362f8d09bbe69db9924dccc81 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3660 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame1.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame 9DA4	6 KB 6 KB	46ms 45ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame1.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash d3fb13d4630be1980ed3e5315dbc37abe18252bde6d4fb76bdb7f6afcc4c910d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5882 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame5-Iban.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	8 KB 8 KB	43ms 40ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame5-Iban.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 375ca4aa2cacf26183f523f7d93cca9a7c46038d06768b5105756858cc9cb6f2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7717 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	120X600-frame5-Iban.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	6 KB 6 KB	45ms 43ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/120X600-frame5-Iban.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash cd91b557daffce07d50f5ae1cc005d0f598ebf8fcdc18f89bb71774547d8bd4d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5900 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame4-card.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	16 KB 16 KB	45ms 41ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame4-card.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 3f753189c0fd3a8ee4bd26cf7e16e2b7ac4498839eaa4a2304d20600226e0a5b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 27 Sep 2023 23:00:55 GMT x-content-type-options nosniff age 482968 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 16630 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Thu, 26 Sep 2024 23:00:55 GMT
GET H3	200	160X600-frame3-phone.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	24 KB 24 KB	46ms 41ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame3-phone.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 707a5368afcd421e247d124a6a5bb88e2b98a73b6d25f87381bec65e72ab8c8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24608 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame6-text2.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	3 KB 3 KB	69ms 64ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame6-text2.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash 80670e80edf77001d36d10178989711a30f315daddd62498b7e1ff1ce3f91a6d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2791 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame2-text1.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	4 KB 4 KB	70ms 66ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame2-text1.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash ce19eeec32ab1a7a30b717ec9b6be8f38ecc1dc362f8d09bbe69db9924dccc81 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3660 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	160X600-frame1.png s0.2mdn.net/sadbundle/8096693555439023181/ Frame B8D6	6 KB 6 KB	71ms 67ms	Image image/png	2a00:1450:4001:827::2006
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/sadbundle/8096693555439023181/160X600-frame1.png Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 -, , ASN (), Reverse DNS Software sffe / Resource Hash d3fb13d4630be1980ed3e5315dbc37abe18252bde6d4fb76bdb7f6afcc4c910d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/8096693555439023181/index.html?ev=01_250 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Mon, 02 Oct 2023 10:07:00 GMT x-content-type-options nosniff age 97403 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5882 x-xss-protection 0 last-modified Wed, 09 Aug 2023 13:01:44 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 01 Oct 2024 10:07:00 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	78ms 59ms	Script text/javascript	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6136721614818041&plah=www.orlygift.com Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:23 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 03 Oct 2023 13:10:23 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6B5F	13 KB 5 KB	40ms 28ms	Document text/html	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 4182 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 5046 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 12:00:42 GMT expires Wed, 02 Oct 2024 12:00:42 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame EBED	829 B 561 B	42ms 34ms	Document text/html	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 3f78b83a6760db8946db17f44480ba95d6309803b7d2eaf356e00f201e6ba2fc Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-0nVMWd9WjS_Vl5zmtDq7tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.orlygift.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-0nVMWd9WjS_Vl5zmtDq7tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Tue, 03 Oct 2023 13:10:24 GMT expires Tue, 03 Oct 2023 13:10:24 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 1E32	0 28 B	141ms 140ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bhci0vhIcZZ3aJLeNjuwPobWTqAEAAAAAOAHgBAI&bg=!AwClAE_NAAZN1Q_XbdU7ADQBe5WfOFJLspZraoTlEWt3ijAms4X7RMNOSEnYa41maYMoEdxtd4VgBcJrK8sHtl5gkgPXAgAAAatSAAAACmgBB5kC-twDj4nTXA7oVXINZHIvyLsuZoCQh86SeSCUVjdJV3s4n5PKXV2ALIKw6-51VKgYrt_WocppP763VOBB2CuXj6jPTmBkjG1M7wXj1r-8sfSJs4lW_OaKWCdTjAJte1_265qNkWoWDqHzhONk-xZY-wpC8QmwOd99L0nFAKOKuJWNM9-5XaGwwiFq7SUxajZpocq-NpzLtJCEWThx04HJ_NrHncUWzOYQgUlrk9Ee71vXeD1ql5E-b72yGeUPJWjklVaGxnxovDZb8xUThBedeAFlJMMa0i2V-4kKDC5ZVn4WnW9kkdsl65QArC-GQyD5q3cxMlVHRukYEzBsHlqhSpATe4ri--3PFxycSz8xIZ8FjBMrU91EF9IGAIgQeuT9o2hir6rvqBerWM4gisjiSYc9fk2HnJEJIwIfN0-Oc-stOs-QW8A6MU83NH3wQIuIIHLy5xCNXans-_-eTo6SBQ0_VqNsA_qHpTHae0yNm8uwuBvA79XXVdOr1cFsFIVaPVvr60WRPe3bikrMnkUCKF33zm-OzeJpV3qZa38K9-43uJYkVzedurvI9QC0KBxhr5RIzZWdC1bCliV0E7J64fpscIagE0EuLorqw8WL_0gvxfJonjU9u5p-8zFPeRf6EiFnQLiBT5XC-7wnqiNTC7PfhmZvkaMKeoGmslpr9Nf_HWz4xq8s6uzo3V1YUTY2JVVh8h7bB54VmPFpWygCgRaufAFSuSRWgYsr0NYckr8Cws1qruADuuf-_m6mjwx5qCvWErZO63tjL6tdpp1IvbhBf3cvP9OZVzLH708TrjH_0y3lLA6B_PdfrcRHlFX-rgGj6GnPQaFW8UQ1cz2gvs-RmKAI68Ffe-fgWkVxR8TS0gikOjXbbK2KQRJoT_Nx9RhIFkds0muXHL4-PHP0MNBL0Vt2jNQ4LtEgI0QC35v5BSUE0hNAVzytTBj1EhtMlRBI5AeoODmjmS6t3KitpIVRb9hn5o8hRtBTdtqfZS7YTSImQ9uffA3rtg Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame EBED	0 0	130ms 130ms	Image text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230928&jk=4182418164393931&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 052A	0 28 B	132ms 132ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXWgPvhIcZczrJ7Cr1PIPtLi8mAgAAAAAOAHgBAI&bg=!ysmlyYbNAAZN1Q_XbdU7ADQBe5WfOJPNYUtUL7PCJ7so3BS2b_hUoT93SlHRsTZ6rfqe7OyojbHhLCiIh5piex-kDVCbAgAAAZRSAAAABmgBB5kDFxext5P6tuoSABsxu-TpsqYcdzUQLZN0rdoL48a9fFVtV4fJ3pMazyOrcRSM3kXPSa4zbzzXQx8N1vxBXIOT80CKGhsCIKPuIpe6RXqSMxFvfontl7WG5pkADP3pkcp4YjfUKZ3NksAVKj-VrigqMC2yT-JDrlWFwuNnX1kx8PBP_QiS6tZtLbCwP-mu3p7ngnSzt8mFKjgoYNx9TjMLn-2iLMgX7YWoIhbgk2m8P0GS2lSeiYonT5evtJquQiCsOSyrt8a4Q_sOtEqgMWJKc0vfCbvJFjpQ_E0ah3quydagwdmE6vJkveV3qvZPilkiccX1iw8Ra1TOTvNiHJq4GaZMQu-NoYDhxLN_1ehRPVl1z9XTJArPU13oCIbPjBqOuYIXy_fASkid5Fbp-s__k1BbNhUNMfYOOEAQBE7jec7xcd96140dHndqD0FuTAH50HwrBFyrQJSrZ-bhAoYNg4yqrKLuJZ1NetzJ4exiLtW5UOFXsiylbm2RX1Xu3G7uP4g-LvS2co9ph4liwiUibieqmIysKoM11drtvD1KfCL3Cel5PbfvnxAknF9hGITGy8UoDY5UXMqZm7UGZ3F38R_WzTYz42_Z_uKRoeZccn97JteeDT93gMGPFU-orE5GYdxqVUnoH-ylnLpwBe3alhVYcQ_couX3G7B7PAN6XFisKhRqLcciTbnKFGMjH2uuJTECkwqC1ttV2jJCLqc68SkzwA7Bpba7ozUoDwGI3ptpjCI4lwNHthhiduErWf0h4DyjEJqifFzzCwL85Zl8NuwMwl2yTvs5sM-ZRzpt59omquOaD6FGBFYfqbtol3RL6WCwsatlU9P7CBa__KKgkXw8IT6mkCwb2ah2IJQyA6NExhRgLVWaa2Y8Z7x2GS3MdaMyWz2juMR111YGm0FBTO2XnJxw_TnGpfHRFhCZ486grZzdJfsuj9bJiScRozQbhYgi8y6OY4YimfPCXFxCfukFgRDjacy9JuaEJlNB_YUQW5QLi7SySt7Iljc35JYYObasZF_Dj9txihQhEYLkE5nYaiLyG5pK Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 4D22	0 28 B	131ms 131ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvoxjvhIcZb2hKOa59u8PkeWWqAUAAAAAOAHgBAI&bg=!19Sl1JvNAAZN1Q_XbdU7ADQBe5WfODa0HOY4kaSOPraVkaoLrjJeY_lcJ2nM79PyqCIe8PoFjiesmtcSwiXnN_zwE-VwAgAAAaNSAAAAMGgBB5kC5AetpykzdwSEXWDN5N3BZlmQcg1_-mI_duhertPtXqRTWzOT3zVMX0eoWRiTkZN60hNVoZa2uUpDwymSLpy9AoUT142CL5jXcaHg7HVh3EqFcSvnp2p-LyL7zmXw9vzDa47Ez3XIRoDLRFzD6yfX4wHJzvMZpKn1JXuWqAPRiBs-iZHsffKVkLspR88CvQlif0Xqy932mZ72nrgJ1ZRUmOcOBIOYGF5rYacen_P7YTxoCNfh4az0AJk2fvIHY7co43_3tC4CCkItTlPyu2Gshi78__2XRIkzniglvVV8r2tU7yO1gxCQ-39rnViTQJv_FDp0w5G0MALujbrCWNYSGIoUQO8nCGdCuL4QwdIk_h6einG2YtEWmnQ4P0FlwJOyLZ3Xeef38F9o_L5Ow3x4a0uBuBlaVYRFPF6amsQ2XqkILp6BlzrZ26n_GdcCQwQGueNzmBwF3rg6lnJMseIpTpZytQU5LyBxBym_lmHfRJTeK3gO4KIYbc99s9ELvnRPOUlv6fNTMP75kdhXh8EAkyx-oJzvX2V4NnXP0qg7mpUmfpqt3MgTuZEuAX3k0EWFeVHoJ1QboDS7-RJ-prorFNTyWv6nO3ROLS_ArNanK0YDnBhSQloh1r18BTMhqwJyKo0BZhxpLygZOB0Z3fzYScoxIYDAAM3-cFDXqsFFLnT6V7DxB7SmXyEcaxAsmJvdwcJHT1KqADQg7bEug2MpYbwPrnqKlBHmHHXot9dLsXyJLnkWolKHz-NoLFew1TLj7Dpc2Y8Kslszl3-24k9kpYF09bXsvFe3GyPWa_AOwNXrU8pmErfIrleR4l76_a153X55fT4YnplSmkel94HI-FaXogKQsEYfJXGW2uoz0g2VBJrfZvYwrCLcncuqVX1gO-zIXv8rq2nnOKeJh0SAuSw9ELQsW9rRl2HI04vgw7yWg1380vlEc7fBoulr71WPsS2rHxJ1zzM3Z4TGtHQY93OzQnbZ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response pagead2.googlesyndication.com/bg/ Frame 6B5F	37 KB 14 KB	28ms 23ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 09:05:26 GMT content-encoding br x-content-type-options nosniff age 14698 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14550 x-xss-protection 0 last-modified Mon, 25 Sep 2023 09:28:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 02 Oct 2024 09:05:26 GMT
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame 6B5F	0 10 B	24ms 23ms	Image text/plain	2a00:1450:4001:82b::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?wWKViw Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Tue, 03 Oct 2023 13:10:24 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 5F67	0 28 B	123ms 123ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1671860659080&version=m202309260101&ct=76&x=1&cor=9540628744081418000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 5F67	42 B 64 B	130ms 130ms	Fetch image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv6y125sODe_6l8ZoVCaGujsWrjyQfHWhFAwSVwzqQ0GQolFbs0pH7hcZrVFz4USh49jfLI7COMDoFRIVNQS1uw6v16IVGdxSlyk75uA9CG5oNjZFloHQnaPEZ7cjvA-BZqozASwbxWNb9U&sai=AMfl-YTlP4IbddIGc4w5dDoSn6uRuAhGyHTqiDoFP5-kXlhHkxZyXcl6N1imqabI1BHS1NCaCWooKjYxQT0-bE42zr23xzbLiH0nAVnoBnpqD1a8UaR01dRW1309p_JQ2DVxQ4AUOceZuL_GM0IDhw&sig=Cg0ArKJSzEd4kd0jQeK4EAE&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231002&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696338622118&rpt=1414&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 97F2	0 28 B	122ms 122ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5648764780283&version=m202309260101&ct=119&x=1&cor=6561358273335519000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame C4A7	0 28 B	122ms 122ms	Ping image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4588409587122&version=m202309260101&ct=119&x=1&cor=12986283969283768000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame C4A7	42 B 64 B	128ms 128ms	Fetch image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyO3gO5aDSqYqO1_DUXsR7Fwd4hBgSYh_ifrlVmnPuz19YdRE3BK_7IwwbJ4Z-IHOU9_nGlG9gC5erBDO-SCcaPVmvWBo6wWh-g65HPwl0-SOzmpYtSaLBr6Tqm7aH9nGTYPoV91DrvHe2&sai=AMfl-YT1ckuVnOV38N-wrCa4VyTMOYWiuaq11poOXblBH2Kv0wpNqN4euZT_Xcsee2pNw6JIzKSE7TEJCRCjn49w2hAcQqHWVcWUFx8lPGg2sYXS6XxTQf-6LO9Os7lxb1P8-pZ8YQ5VyLlWFsWYHg&sig=Cg0ArKJSzLzjQjjYkErdEAE&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231002&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696338622257&rpt=1268&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 97F2	42 B 64 B	129ms 129ms	Fetch image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsshTM32lfztpKRReC-63yevYtW0_dCug73f4tJ4-CflQV8sNZUse1JglG3KHYRwU1AsVV5LZvc1GRgH1WPpLt7ngQfpsuMutxxVCM7TPZg6pzR-Ara6N4HrcTHbcMsyzRTKiT6JUk-P1ncY&sai=AMfl-YRDErcMlOkiomtyEW5-7vrq1dEjTJ_aBnQnh8W91Gjypz2Fy2Pl52H1czwHORHxWLAvXB6JK1ncih9FohQEGyLdX1tGH7XI4ME66_gtee18ummwRqa3Jy3D5zh769XqTEqi79YCndRzAph7RQ&sig=Cg0ArKJSzGY1JYgZbQbGEAE&cid=CAQSTADICaaN2LwZ_y45tyfexPhyHtsZQJX09mY2n-vNUI5jUYzbJdhSAjJFuOuYyV3rbUp6Nl-W75qp2r_FcmXhOe_jGE_x4nyfl6c5WbAYAQ&id=lidar2&mcvt=1002&p=0,0,600,160&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20231002&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696338622296&rpt=1228&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers pragma no-cache date Tue, 03 Oct 2023 13:10:24 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/	0 0	129ms 128ms	Image text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230928&jk=4182418164393931&bg=!LS6lLmHNAAYEJRtnJCU7ADQBe5WfODPsRWXni1tAQUHzczfuhG3Kg2hbckhDGak4Ba_Y2UTsdE1YvVbvuhc_IMVGrCqxAgAAAL1SAAAACWgBBwoAr0YePpGHoXTAE4yX7zqy72_e8A_r4oRsXePbVbJNIkRzfb2KfphzrjRcXJVaISF5TnviI_YpnR9ENfjtA5X1hNXlyWCJZ8U6661j7zdW_D5M4bKGoe52PVgvhPkszHRkRsa5ty9yZv2PYwV3Q6AXED3BYm6oi5ZjhKJ4hbkiq11vxBNQGZdoQcqARpfp9EWpOXUCEazBqm31S4NHkMtE-Gt-09PJ7y4WOsHa9YyceXiZAsXI6bdCvi2jkePKxV1adHYNyLXYbrgBFpfuWapyCMzcYteKT11IVYM2Gj4ONVhB4k6btsSSU6GrA2T7OFhzo426TW7lON0-nSErs1RrOWpzY2fJagWQcZzS4l6TGOMmlG-c4CSX_OpkQJCk5fKgfjUPgXjZwmSCbgOIMqqy0lKaSTrOGRlLVSxlwCaRjBlk3koty0aL2l2fL8jWTJdWyWNw6mLWlcyd825ZYyTCRtEsx-SEJTV7rWzfR0WabsUwaFIRrIKcZy4grT1bEEm1UzpH9eOvnJ9Z2hBVXG11nJ5XfKBOlBfgnem1aAqItcaNO4amTmbaN9bdDRlYlkYDeoPRb_mhJncIkZspFfM353pP0mcq7v3-ytSyZ4qPj035KdFx7DWRwoLdtvfUBHQPAZQNYLH3m8tCavPiFfcfGAtj74p4XPe6Cpj0v-xpv5s_pvGtcYZnXc6bsMX2WIK37ZFipIP8KMerOrMoWp6MhycFBgybJayejLq2o_cdyJdNQIQBv8r0IUY3Am193mh41Sx3oXu96ancnIC992W1UMs7ewHEmKFymkT6i9d2Ne-2RZag27kSlPD5p0eNIjCGEo5nTNLmdWGcLVtz2vpJHo9w83j2EnaSDWox2cDVVlzT2juYS3EbHOhHAlAB5hQN2NWoSvEl4mjoCbrTZevylHWYXRp0C03qIML8D0f9KfhpSRWwqAaPJD0r3vhec6fWa8Z6RaTMU1E-_OqxJc99DYiXLxRiBjOvhOng8VlUnvby5VEOS3JBtWO34mVtC-rdELxVzV4jVsSLsCMc9ii089xFztJ1JjFC3w6he-WkpKhyD1xYj78-3VMY_WYelwhnhJFUptWpDuZeU1ybVmb1DLkf80gMF8VPNhdtoEyMGBlQ5UkLHjvMnqNr6HVBLcKPSJHvqMJXbzoJ9XlloutC2WAdl3oo8Vyg Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.orlygift.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.google-analytics.com

URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1389528926&t=pageview&_s=1&dl=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway&ul=en-us&de=UTF-8&dt=orlygift%20-%20Indie%20Steam%20games%20for%20free&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1478313164&gjid=1800348098&cid=466446073.1696338619&tid=UA-52519821-6&_gid=1721095455.1696338619&_r=1&_slc=1&z=334946358

Domain

ups.analytics.yahoo.com

URL

https://ups.analytics.yahoo.com/ups/58813/fed?v=1&url=https%3A%2F%2Fwww.orlygift.com%2Fgiveaway

Domain

id5-sync.com

URL

https://id5-sync.com/api/esp/increment?counter=no-config