Submitted URL: https://url1941.psmark.perkspot.com/ls/click?upn=u001.JX5yNMmulKenkKh8ieBztAqgFmqnC-2Bnxzv6GBQq-2Fla3Bgj9glXDJfeO2maHOvWfXDFh6cxOsS-...
Effective URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=185077...
Submission: On June 04 via manual from US — Scanned from DE

Summary

This website contacted 47 IPs in 4 countries across 46 domains to perform 157 HTTP transactions. The main IP is 2606:4700:4400::ac40:95d5, located in United States and belongs to CLOUDFLARENET, US. The main domain is page.firstleaf.com.
TLS certificate: Issued by R3 on April 23rd 2024. Valid for: 3 months.
This is the only time page.firstleaf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 27 2620:1ec:bdf::45 8075 (MICROSOFT...)
1 1 13.107.238.51 8075 (MICROSOFT...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.84.174.56 16509 (AMAZON-02)
1 13.33.187.53 16509 (AMAZON-02)
1 18.239.83.67 16509 (AMAZON-02)
6 34.96.102.137 396982 (GOOGLE-CL...)
1 2606:2800:133... 15133 (EDGECAST)
1 7 104.18.72.113 13335 (CLOUDFLAR...)
5 34.235.21.140 14618 (AMAZON-AES)
3 20.50.88.245 8075 (MICROSOFT...)
1 104.18.70.113 13335 (CLOUDFLAR...)
3 104.16.51.111 13335 (CLOUDFLAR...)
3 3 89.207.16.75 41041 (VCLK-EU-SE)
1 4 2606:4700:440... 13335 (CLOUDFLAR...)
33 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.36.17.181 396982 (GOOGLE-CL...)
2 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 157.230.230.25 ()
2 2a03:2880:f08... ()
5 2620:1ec:c11:... ()
1 35.244.142.80 ()
1 2606:4700:10:... ()
2 35.201.112.186 ()
1 1 35.227.244.1 ()
3 2600:9000:26e... ()
1 67.225.220.126 ()
1 35.234.162.151 ()
3 2a00:1450:400... ()
1 2 2.16.100.17 ()
1 2 35.158.75.12 ()
3 2600:9000:211... ()
1 2001:4860:480... ()
2 2a00:1450:400... ()
1 142.250.185.131 ()
2 2001:4860:480... ()
1 35.186.194.58 ()
1 2600:1f16:ebf... ()
2 2a03:2880:f17... ()
2 2606:4700::68... ()
1 142.93.61.219 ()
1 2400:52e0:1e0... ()
1 2600:9000:244... ()
1 18.172.103.101 ()
1 51.77.64.70 ()
157 47
Apex Domain
Subdomains
Transfer
33 fastcdn.co
g.fastcdn.co — Cisco Umbrella Rank: 64368
v.fastcdn.co — Cisco Umbrella Rank: 60933
4 MB
26 perkspot.com
url1941.psmark.perkspot.com — Cisco Umbrella Rank: 230528
email.perkspot.com — Cisco Umbrella Rank: 405179
pslogin.perkspot.com — Cisco Umbrella Rank: 196391
ochsner.perkspot.com
776 KB
9 firstleaf.com
page.firstleaf.com
rbv9j7km.firstleaf.com
images.firstleaf.com
ct.firstleaf.com Failed
fbapi.firstleaf.com
64 KB
7 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2393
ekr.zdassets.com — Cisco Umbrella Rank: 2866
363 KB
7 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1007
127 KB
6 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4085
88 KB
5 bing.com
bat.bing.com
14 KB
5 brilliantcollector.com
lib-us-1.brilliantcollector.com — Cisco Umbrella Rank: 20123
606 B
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 354
18 KB
4 cloudfront.net
d1hdjv7b05hja2.cloudfront.net Failed
d2mjzob2nc713b.cloudfront.net
d2rp1k1dldbai6.cloudfront.net
76 KB
4 zendesk.com
assets.zendesk.com — Cisco Umbrella Rank: 10859
perkspot.zendesk.com — Cisco Umbrella Rank: 156954
2 KB
3 mczbf.com
www.mczbf.com
16 KB
3 google-analytics.com
www.google-analytics.com
21 KB
3 fullstory.com
edge.fullstory.com
rs.fullstory.com
77 KB
3 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 591
540 B
2 lightboxcdn.com
www.lightboxcdn.com
2 KB
2 facebook.com
www.facebook.com
3 KB
2 cloudfunctions.net
us-central1-adaptive-growth.cloudfunctions.net
122 B
2 doubleclick.net
stats.g.doubleclick.net
395 B
2 w55c.net
tags.w55c.net
2 KB
2 trkn.us
trkn.us
1 KB
2 facebook.net
connect.facebook.net
153 KB
2 gstatic.com
fonts.gstatic.com
66 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
223 KB
2 azureedge.net
psprods3ep.azureedge.net — Cisco Umbrella Rank: 112839
8 KB
1 ip-api.com
pro.ip-api.com
458 B
1 adsrvr.org
js.adsrvr.org
5 KB
1 cybba.solutions
files1.cybba.solutions
app.cybba.solutions Failed
27 KB
1 firstleaf.club
rbv9j7km.firstleaf.club
409 B
1 google.de
www.google.de
63 B
1 google.com
region1.analytics.google.com
256 B
1 simpli.fi
tag.simpli.fi
2 KB
1 rtb123.com
www.rtb123.com
2 KB
1 shop.pe
shop.pe
270 B
1 pdst.fm
cdn.pdst.fm
18 KB
1 instapagemetrics.com
cdn.instapagemetrics.com — Cisco Umbrella Rank: 70334
54 KB
1 instapage.com
heatmap-events-collector.instapage.com — Cisco Umbrella Rank: 70126
9 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 70
1 KB
1 emjcd.com
www.emjcd.com — Cisco Umbrella Rank: 18855
1 KB
1 dotomi.com
cj.dotomi.com — Cisco Umbrella Rank: 19093
1 KB
1 kqzyfj.com
www.kqzyfj.com — Cisco Umbrella Rank: 89127
614 B
1 msecnd.net
az416426.vo.msecnd.net — Cisco Umbrella Rank: 2987
47 KB
1 go2sdk.com
js.go2sdk.com — Cisco Umbrella Rank: 29059
4 KB
1 rollbar.com
cdn.rollbar.com — Cisco Umbrella Rank: 16224
24 KB
1 zjptg.com
www.p.zjptg.com — Cisco Umbrella Rank: 52742
49 KB
0 typography.com Failed
cloud.typography.com Failed
157 46
Domain Requested by
26 v.fastcdn.co page.firstleaf.com
22 ochsner.perkspot.com ochsner.perkspot.com
7 g.fastcdn.co page.firstleaf.com
7 unpkg.com ochsner.perkspot.com
6 static.zdassets.com assets.zendesk.com
static.zdassets.com
6 dev.visualwebsiteoptimizer.com ochsner.perkspot.com
dev.visualwebsiteoptimizer.com
5 bat.bing.com www.googletagmanager.com
bat.bing.com
page.firstleaf.com
5 lib-us-1.brilliantcollector.com cdn.rollbar.com
ochsner.perkspot.com
4 cdn.jsdelivr.net page.firstleaf.com
cdn.jsdelivr.net
4 page.firstleaf.com 1 redirects ochsner.perkspot.com
page.firstleaf.com
3 www.mczbf.com ochsner.perkspot.com
page.firstleaf.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
page.firstleaf.com
3 d2mjzob2nc713b.cloudfront.net page.firstleaf.com
shop.pe
3 rbv9j7km.firstleaf.com ochsner.perkspot.com
rbv9j7km.firstleaf.com
page.firstleaf.com
3 perkspot.zendesk.com static.zdassets.com
3 dc.services.visualstudio.com cdn.rollbar.com
2 www.lightboxcdn.com ochsner.perkspot.com
page.firstleaf.com
2 www.facebook.com page.firstleaf.com
2 us-central1-adaptive-growth.cloudfunctions.net ochsner.perkspot.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 tags.w55c.net 1 redirects page.firstleaf.com
2 trkn.us 1 redirects page.firstleaf.com
2 edge.fullstory.com ochsner.perkspot.com
edge.fullstory.com
2 connect.facebook.net ochsner.perkspot.com
connect.facebook.net
2 fonts.gstatic.com fonts.googleapis.com
2 www.googletagmanager.com page.firstleaf.com
www.googletagmanager.com
2 psprods3ep.azureedge.net ochsner.perkspot.com
2 pslogin.perkspot.com 2 redirects
1 pro.ip-api.com edge.fullstory.com
1 js.adsrvr.org www.rtb123.com
1 d2rp1k1dldbai6.cloudfront.net www.rtb123.com
1 files1.cybba.solutions www.rtb123.com
1 rbv9j7km.firstleaf.club rbv9j7km.firstleaf.com
1 fbapi.firstleaf.com connect.facebook.net
1 rs.fullstory.com edge.fullstory.com
1 www.google.de page.firstleaf.com
1 region1.analytics.google.com www.googletagmanager.com
1 tag.simpli.fi www.googletagmanager.com
1 www.rtb123.com ochsner.perkspot.com
1 shop.pe 1 redirects
1 images.firstleaf.com ochsner.perkspot.com
1 cdn.pdst.fm ochsner.perkspot.com
1 cdn.instapagemetrics.com page.firstleaf.com
1 heatmap-events-collector.instapage.com page.firstleaf.com
1 fonts.googleapis.com page.firstleaf.com
1 www.emjcd.com 1 redirects
1 cj.dotomi.com 1 redirects
1 www.kqzyfj.com 1 redirects
1 ekr.zdassets.com assets.zendesk.com
1 assets.zendesk.com 1 redirects
1 az416426.vo.msecnd.net ochsner.perkspot.com
1 js.go2sdk.com ochsner.perkspot.com
1 cdn.rollbar.com ochsner.perkspot.com
1 www.p.zjptg.com ochsner.perkspot.com
1 email.perkspot.com 1 redirects
1 url1941.psmark.perkspot.com 1 redirects
0 app.cybba.solutions Failed files1.cybba.solutions
0 ct.firstleaf.com Failed images.firstleaf.com
0 cloud.typography.com Failed page.firstleaf.com
0 d1hdjv7b05hja2.cloudfront.net Failed page.firstleaf.com
157 60
Subject Issuer Validity Valid
*.perkspot.com
Go Daddy Secure Certificate Authority - G2
2023-06-03 -
2024-07-04
a year crt.sh
*.azureedge.net
Microsoft Azure RSA TLS Issuing CA 08
2024-05-22 -
2025-05-17
a year crt.sh
unpkg.com
GTS CA 1P5
2024-05-30 -
2024-08-28
3 months crt.sh
www.p.zjptg.com
Amazon RSA 2048 M02
2024-06-02 -
2025-07-01
a year crt.sh
cdn.rollbar.com
Amazon RSA 2048 M03
2024-04-11 -
2025-05-09
a year crt.sh
js.go2sdk.com
Amazon RSA 2048 M01
2023-08-06 -
2024-09-02
a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2023-07-06 -
2024-07-06
a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2024-01-30 -
2025-01-30
a year crt.sh
*.brilliantcollector.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-08 -
2025-04-16
a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04
2024-04-10 -
2025-04-05
a year crt.sh
zdassets.com
E1
2024-05-01 -
2024-07-30
3 months crt.sh
perkspot.zendesk.com
E1
2024-05-14 -
2024-08-12
3 months crt.sh
page.firstleaf.com
R3
2024-04-23 -
2024-07-22
3 months crt.sh
fastcdn.co
E1
2024-05-17 -
2024-08-15
3 months crt.sh
upload.video.google.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
instapage.com
E1
2024-06-01 -
2024-08-30
3 months crt.sh
*.google-analytics.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
cdn.instapagemetrics.com
GTS CA 1D4
2024-04-16 -
2024-07-15
3 months crt.sh
*.gstatic.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
*.jsdelivr.net
Sectigo RSA Domain Validation Secure Server CA
2024-05-04 -
2025-05-04
a year crt.sh
*.getrockerbox.com
*.getrockerbox.com
2019-06-06 -
2049-05-29
30 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-03-13 -
2024-06-11
3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02
2024-05-01 -
2024-06-27
2 months crt.sh
cdn.pdst.fm
WR3
2024-05-17 -
2024-08-15
3 months crt.sh
firstleaf.com
GTS CA 1P5
2024-04-25 -
2024-07-24
3 months crt.sh
edge.fullstory.com
GTS CA 1D4
2024-05-03 -
2024-08-01
3 months crt.sh
rtb123.com
R3
2024-04-29 -
2024-07-28
3 months crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-07 -
2024-12-07
a year crt.sh
www.mczbf.com
Amazon RSA 2048 M03
2024-04-20 -
2025-05-19
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-05-13 -
2024-08-05
3 months crt.sh
*.google.de
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
misc.google.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
rs.fullstory.com
GTS CA 1D4
2024-05-02 -
2024-07-31
3 months crt.sh
fbapi.firstleaf.com
Amazon RSA 2048 M02
2024-05-20 -
2025-06-19
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
lightboxcdn.com
Cloudflare Inc ECC CA-3
2023-10-09 -
2024-10-08
a year crt.sh
files1.cybba.solutions
R3
2024-05-28 -
2024-08-26
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2024-04-23 -
2025-05-25
a year crt.sh
*.ip-api.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-21 -
2025-01-20
a year crt.sh

This page contains 4 frames:

Primary Page: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Frame ID: 6B2E26FD4E7AC917CE409CDCD4BC941C
Requests: 141 HTTP requests in this frame

Frame: https://static.zdassets.com/ekr/asset_composer.js
Frame ID: E1238C3912E366BF92C0E2D6B822AD3D
Requests: 2 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Frame ID: 89BB26B3C631B7141F15312E7DA81ADE
Requests: 7 HTTP requests in this frame

Frame: https://page.firstleaf.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
Frame ID: 58ADB82D67AC375C5AFCF58106902758
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Buying Award-Winning Wine Is Simple With Firstleaf

Page URL History Show full URLs

  1. https://url1941.psmark.perkspot.com/ls/click?upn=u001.JX5yNMmulKenkKh8ieBztAqgFmqnC-2Bnxzv6GBQq-2Fla3Bgj9glXDJfe... HTTP 302
    https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&enti... HTTP 302
    https://pslogin.perkspot.com/auth/email?sid=9fdbde3f-1b62-426b-8215-b1c4dbab9cd1&auth=769edf8daa6b6528b01... HTTP 302
    https://pslogin.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast HTTP 302
    https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast Page URL
  2. https://www.kqzyfj.com/click-2097062-15528858?sid=UH8CMXGYHYK8N4WPUUWIGGYV1 HTTP 302
    https://cj.dotomi.com/to114js0-I/sz3/HLLIOOLO/IGPNGMI/G/G/G?j=yI83%3DuhYcmxgyhykYnUwpuuwiggyvR%3c%... HTTP 302
    https://www.emjcd.com/ek104cy65Q/y49/NRROUURU/OMVTMSO/M/QMMTMRTQSSSVNVRQRQ:5rtv7aJ8ZTcy/RNzP0-VwOO... HTTP 302
    https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • /react-redux(@|/)([\d.]+)(?:/[a-z]+)?/react-redux(?:.min)?\.js

Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

157
Requests

90 %
HTTPS

49 %
IPv6

46
Domains

60
Subdomains

47
IPs

4
Countries

6440 kB
Transfer

11767 kB
Size

35
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url1941.psmark.perkspot.com/ls/click?upn=u001.JX5yNMmulKenkKh8ieBztAqgFmqnC-2Bnxzv6GBQq-2Fla3Bgj9glXDJfeO2maHOvWfXDFh6cxOsS-2FwbARgXBAF9ZiD5oYCOI5pylJF-2BPi5kmb-2F2G0w1uCWyNi42AKpp5A-2BgDTBj4qKEY9ePYgT11nH748GvQXKRGGuL3ibTOt1cJ72D80EGMoz8lyPct8wwxFmoDbuT4EDgIiOzpVgAeIlcuzYUI9csVAIcqIgajT0L0HneryU5oVf1AEQI4KtqJuYX9CGVIQNNNiIScbu7lZu28-2Bi5JhmFw5pcpLDo-2BGfofbPe5eDmiYADCDqvI8uKnyLCIFv-2BrpTTsTqSy-2F9Ysj5sEEdBIfezQQFH1-2B5krmwFayyQXUcNRKhpJYN5rpkNf64V-2F-2B00PH7uQgfYsEOr8QF1EeyDkCLPaPRKovHotm0jrAbNXc39EoqSfoU11-2BOBs2OnmLM604VYCMWbbE5-2FPTDk3w-3D-3DiZmE_wa-2BEeqcxKOb6VGobDvyVkPk-2B0MTT-2BRxCuW8hlAjgUDfUrpnFZNWy-2ByRp7iyT-2BoZ49BqgfT-2BN7GlCdGujRIe8w-2BW8gurjyrn9yBCBH7FRRQ9H-2FVz2M1JyKcOngfqw1CsC81h7a7y-2BZY4Za8FLreY83PbqPXc33Px-2FHIe-2F5XRV03v5Hu-2B1IjcS6aRnXDgIB6i3ReXkhYVLbS82FFfGMklPmd9WAyYIwYqCDOEtYoinhIo-3D HTTP 302
    https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&entityEmailTypeCode=weeklyblast&communityid=1070&pt=sss&at=s&ap=0&pk=2&dt=s&ao=1431609&esp=sg&userId=35060272&email=sally.madison%40ochsner.org&communityid=1070&cmpnid=969&entityEmailTypeCode=weeklyblast&auth=67c2748d9f68f32b97e304e5c2dee3c3 HTTP 302
    https://pslogin.perkspot.com/auth/email?sid=9fdbde3f-1b62-426b-8215-b1c4dbab9cd1&auth=769edf8daa6b6528b01dc40bf55a8656&redirectUrl=%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&CommunityId=1070 HTTP 302
    https://pslogin.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast HTTP 302
    https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast Page URL
  2. https://www.kqzyfj.com/click-2097062-15528858?sid=UH8CMXGYHYK8N4WPUUWIGGYV1 HTTP 302
    https://cj.dotomi.com/to114js0-I/sz3/HLLIOOLO/IGPNGMI/G/G/G?j=yI83%3DuhYcmxgyhykYnUwpuuwiggyvR%3c%3c7JJFI%3A%2F%2FMMM.AGPO59.2EC%2F2B82A-SQZXQWS-RVVSYYVY%3c%3cg%3c7JJFI%3A%2F%2FE27ID4H.F4HAIFEJ.2EC%2F%3c%3cR%3cR%3cQ%3cQ%3c HTTP 302
    https://www.emjcd.com/ek104cy65Q/y49/NRROUURU/OMVTMSO/M/QMMTMRTQSSSVNVRQRQ:5rtv7aJ8ZTcy/RNzP0-VwOOUwNN-0UNSzMMTOMwNUxwTP?j=mA0v%3DmZQUepYqZqcQfMohmmoaYYqnJ%3cu16!FK7H-629y96B%3czBB7A%3A%2F%2FEEE.28HGx1.u64%2Fu30u2-KIRPIOK-JNNKQQNQ%3c%3cY%3czBB7A%3A%2F%2F6uzA5w9.7w92A76B.u64%2F%3cOKNwLQtI-IMuO-MtuK-sRKv-MJJNIKKKLwPQ%3cJ%3cJ%3cI%3cI%3c HTTP 302
    https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://url1941.psmark.perkspot.com/ls/click?upn=u001.JX5yNMmulKenkKh8ieBztAqgFmqnC-2Bnxzv6GBQq-2Fla3Bgj9glXDJfeO2maHOvWfXDFh6cxOsS-2FwbARgXBAF9ZiD5oYCOI5pylJF-2BPi5kmb-2F2G0w1uCWyNi42AKpp5A-2BgDTBj4qKEY9ePYgT11nH748GvQXKRGGuL3ibTOt1cJ72D80EGMoz8lyPct8wwxFmoDbuT4EDgIiOzpVgAeIlcuzYUI9csVAIcqIgajT0L0HneryU5oVf1AEQI4KtqJuYX9CGVIQNNNiIScbu7lZu28-2Bi5JhmFw5pcpLDo-2BGfofbPe5eDmiYADCDqvI8uKnyLCIFv-2BrpTTsTqSy-2F9Ysj5sEEdBIfezQQFH1-2B5krmwFayyQXUcNRKhpJYN5rpkNf64V-2F-2B00PH7uQgfYsEOr8QF1EeyDkCLPaPRKovHotm0jrAbNXc39EoqSfoU11-2BOBs2OnmLM604VYCMWbbE5-2FPTDk3w-3D-3DiZmE_wa-2BEeqcxKOb6VGobDvyVkPk-2B0MTT-2BRxCuW8hlAjgUDfUrpnFZNWy-2ByRp7iyT-2BoZ49BqgfT-2BN7GlCdGujRIe8w-2BW8gurjyrn9yBCBH7FRRQ9H-2FVz2M1JyKcOngfqw1CsC81h7a7y-2BZY4Za8FLreY83PbqPXc33Px-2FHIe-2F5XRV03v5Hu-2B1IjcS6aRnXDgIB6i3ReXkhYVLbS82FFfGMklPmd9WAyYIwYqCDOEtYoinhIo-3D HTTP 302
  • https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&entityEmailTypeCode=weeklyblast&communityid=1070&pt=sss&at=s&ap=0&pk=2&dt=s&ao=1431609&esp=sg&userId=35060272&email=sally.madison%40ochsner.org&communityid=1070&cmpnid=969&entityEmailTypeCode=weeklyblast&auth=67c2748d9f68f32b97e304e5c2dee3c3 HTTP 302
  • https://pslogin.perkspot.com/auth/email?sid=9fdbde3f-1b62-426b-8215-b1c4dbab9cd1&auth=769edf8daa6b6528b01dc40bf55a8656&redirectUrl=%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&CommunityId=1070 HTTP 302
  • https://pslogin.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast HTTP 302
  • https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Request Chain 38
  • https://assets.zendesk.com/embeddable_framework/main.js HTTP 301
  • https://static.zdassets.com/ekr/asset_composer.js
Request Chain 86
  • https://page.firstleaf.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://page.firstleaf.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
Request Chain 115
  • https://shop.pe/widget/widget_async.js HTTP 301
  • https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
Request Chain 119
  • https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339 HTTP 302
  • https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339;ip=80.255.7.118;cuidchk=1
Request Chain 120
  • https://tags.w55c.net/rs?id=71b67348696b454582c45b8a45b1a724&t=homepage HTTP 302
  • https://tags.w55c.net/rs?sccid=5008ef6b-7adb-27e8-cf95-a7171e942d35&scc=1&id=71b67348696b454582c45b8a45b1a724&t=homepage

157 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
none
ochsner.perkspot.com/offer/1431609/
Redirect Chain
  • https://url1941.psmark.perkspot.com/ls/click?upn=u001.JX5yNMmulKenkKh8ieBztAqgFmqnC-2Bnxzv6GBQq-2Fla3Bgj9glXDJfeO2maHOvWfXDFh6cxOsS-2FwbARgXBAF9ZiD5oYCOI5pylJF-2BPi5kmb-2F2G0w1uCWyNi42AKpp5A-2BgDTB...
  • https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&entityEmailTypeCode=weeklyblast&communityid=1070&pt=sss&at=s&ap=0&pk=2&dt=s&ao=1431609&esp=sg&user...
  • https://pslogin.perkspot.com/auth/email?sid=9fdbde3f-1b62-426b-8215-b1c4dbab9cd1&auth=769edf8daa6b6528b01dc40bf55a8656&redirectUrl=%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklybl...
  • https://pslogin.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
  • https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
24 KB
13 KB
Document
General
Full URL
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
ac69e164e518042ea09dfc5c11cbdafeda08ba402dd13197303a075c699b233f
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-expose-headers
Request-Context
cache-control
private
content-encoding
gzip
content-length
9619
content-security-policy
frame-ancestors *.perkspot.com
content-type
text/html; charset=utf-8
date
Tue, 04 Jun 2024 15:51:29 GMT
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
vary
Accept-Encoding
x-azure-ref
20240604T155129Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cumx
x-cache
CONFIG_NOCACHE
x-content-security-policy
frame-ancestors *.perkspot.com
x-frame-options
SAMEORIGIN SAMEORIGIN
x-powered-by
ASP.NET

Redirect headers

access-control-expose-headers
Request-Context
cache-control
private
content-length
204
content-security-policy
frame-ancestors *.perkspot.com
content-type
text/html; charset=utf-8
date
Tue, 04 Jun 2024 15:51:29 GMT
location
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
x-azure-ref
20240604T155129Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuka
x-cache
CONFIG_NOCACHE
x-content-security-policy
frame-ancestors *.perkspot.com
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
core.css
ochsner.perkspot.com/Content/sass/dist/
133 KB
32 KB
Stylesheet
General
Full URL
https://ochsner.perkspot.com/Content/sass/dist/core.css?v=1.0.0.0
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
2100fd166e7a374addee5e144031fd5bb4a71446aea6f38685a63a35a10516d7
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:43 GMT
etag
"80ed3b7f7b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuv1
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
32540
x-content-security-policy
frame-ancestors *.perkspot.com
perxcss.css
ochsner.perkspot.com/Content/sass/dist/
465 KB
57 KB
Stylesheet
General
Full URL
https://ochsner.perkspot.com/Content/sass/dist/perxcss.css?v=1.0.0.0
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
84aafd3b0424d927bd3bcc5d9a9d1a194d229fd26021e29643a85f1526d4726c
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:43 GMT
etag
"80ed3b7f7b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuv2
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
58343
x-content-security-policy
frame-ancestors *.perkspot.com
psBootstrap.css
ochsner.perkspot.com/Scripts/React/
774 KB
79 KB
Stylesheet
General
Full URL
https://ochsner.perkspot.com/Scripts/React/psBootstrap.css?v=1.0.0.0
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
0e8abd9abf618f3004615d16dbe6d2fb4ba97e5bde8381a1fe2641c989cc9d6e
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"80c46797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuv3
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
80498
x-content-security-policy
frame-ancestors *.perkspot.com
community-css
ochsner.perkspot.com/
63 KB
12 KB
Stylesheet
General
Full URL
https://ochsner.perkspot.com/community-css?communityId=1070
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
ffbc89001d744f391897c2e5e3103609c2877b745780a94fb574e3249cbc0314
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
11453
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:30 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuv4
access-control-expose-headers
Request-Context
cache-control
private, max-age=86400
accept-ranges
bytes
expires
Wed, 05 Jun 2024 15:51:30 GMT
insights
ochsner.perkspot.com/bundles/
4 KB
3 KB
Script
General
Full URL
https://ochsner.perkspot.com/bundles/insights?v=to06oIlwehQWm-xrmEMdoBd0yB91KJAuDMMP4SAO9aI1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
79990ca8962ccf1d3948a73a50bcdc3d4a671ecc49c2f59f2db84cf7c7b552a6
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
2628
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:30 GMT
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuv5
access-control-expose-headers
Request-Context
cache-control
public
accept-ranges
bytes
expires
Wed, 04 Jun 2025 15:51:30 GMT
PerkSpot_TLF_SDK_6-1.js
ochsner.perkspot.com/scripts/
161 KB
53 KB
Script
General
Full URL
https://ochsner.perkspot.com/scripts/PerkSpot_TLF_SDK_6-1.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
5b0d97d8d201c90904940d02e81c29041bfdfce0ee774dd8224de6eda208f961
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"80c46797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv2a
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
54239
x-content-security-policy
frame-ancestors *.perkspot.com
logo_1070.png
psprods3ep.azureedge.net/cdn.perkspot.com/images/communities/
5 KB
5 KB
Image
General
Full URL
https://psprods3ep.azureedge.net/cdn.perkspot.com/images/communities/logo_1070.png
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
747a09321aacb9796be726ab2490560a06c01a7171ef773d58670cc575fe22e5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:30 GMT
last-modified
Tue, 14 May 2024 19:54:27 GMT
x-amz-request-id
XEP0P4XTY7GWY3CX
etag
"78daf1d239de238a89fd4768dea49d91"
x-amz-server-side-encryption
AES256
x-azure-ref
20240604T155130Z-16577d9575dc9qz55c2utk5u5400000002fg000000013yb6
x-cache
TCP_HIT
content-type
image/png
cache-control
public, max-age=18000
x-fd-int-roxy-purgeid
70895118
accept-ranges
bytes
content-length
4864
x-amz-id-2
STYQjIvFhDT7c4IL2nwSYlkF41v2QS2OqDzhhbjnPzB7D6R06M338j5u0UprOG8/G/mT+X9oECE=
logo_44971.webp
psprods3ep.azureedge.net/cdn.perkspot.com/images/merchants/
2 KB
2 KB
Image
General
Full URL
https://psprods3ep.azureedge.net/cdn.perkspot.com/images/merchants/logo_44971.webp
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ac37996ea31bb4a1009ab93325cd2e100f3a04159a10ba7d7335f8f9b6d8a430

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:30 GMT
last-modified
Wed, 15 May 2024 07:20:22 GMT
x-amz-request-id
5CCE890VFJC5EAEE
etag
"e04ded651669d79a41441a63a5926aa5"
x-amz-server-side-encryption
AES256
x-azure-ref
20240604T155130Z-16577d9575dc9qz55c2utk5u5400000002fg000000013yb7
x-cache
TCP_HIT
content-type
application/octet-stream
cache-control
public, max-age=172800
x-cache-info
L1_T2
x-fd-int-roxy-purgeid
70895118
accept-ranges
bytes
content-length
2106
x-amz-id-2
aNpIX+Sc7EKjjDcl49kzdhNrLooqLVESAMq5N9BRs+B++/fqxqQ6S6geQYCxE/7rS9U7xO2mLc0=
jquery
ochsner.perkspot.com/bundles/
827 KB
314 KB
Script
General
Full URL
https://ochsner.perkspot.com/bundles/jquery?v=J6h_AL6u6wuvcIz6tbrKyATCmVd_tSErMeClln0d-iU1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
371ac67deea0ac8c452557a001a3aed65c29f6c550d2e1e85c2fbe3fb85b3ef7
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Tue, 04 Jun 2024 15:51:30 GMT
expires
Wed, 04 Jun 2025 15:51:30 GMT
x-powered-by
ASP.NET
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuw0
x-cache
CONFIG_NOCACHE
access-control-expose-headers
Request-Context
cache-control
public
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
jqueryval
ochsner.perkspot.com/bundles/
40 KB
16 KB
Script
General
Full URL
https://ochsner.perkspot.com/bundles/jqueryval?v=YzRBe6gfD164-CLYW2zoB8py-eOZPLHUgoPct44VgDo1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
40f2d552c0db3ead874ec52bf624d9ec88007d8b659cd7189fecc3ff19d3d248
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:30 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
15663
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:30 GMT
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuwk
access-control-expose-headers
Request-Context
cache-control
public
accept-ranges
bytes
expires
Wed, 04 Jun 2025 15:51:30 GMT
bootstrap
ochsner.perkspot.com/bundles/
41 KB
14 KB
Script
General
Full URL
https://ochsner.perkspot.com/bundles/bootstrap?v=7jtbseVPa_P_wxk-ANB0JbEiqz4vMc1fIXNwp0ieQEk1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
60035f8d3292fc0b3155089baabc76fce2178f8d104ef606e4e31cbe0a2803b2
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
14262
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:31 GMT
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155130Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuxg
access-control-expose-headers
Request-Context
cache-control
public
accept-ranges
bytes
expires
Wed, 04 Jun 2025 15:51:31 GMT
react.production.min.js
unpkg.com/react@18.0.0/umd/
11 KB
6 KB
Script
General
Full URL
https://unpkg.com/react@18.0.0/umd/react.production.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b33ca70bf7322a53faf60a30476d07f1e888d457cbdb66f50bb3c0063d3c06dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7163303
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWFPWV0DQA2SNG3V5FTW1Z9-fra
server
cloudflare
etag
"2a04-xsszuHb0TYvo8H4oHFeLkFVRBIk"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fbe1e51-FRA
react-dom.production.min.js
unpkg.com/react-dom@18.0.0/umd/
128 KB
59 KB
Script
General
Full URL
https://unpkg.com/react-dom@18.0.0/umd/react-dom.production.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5fdc3c049758de67218b318b4a6ca0f6d1f5069c1dfa938ea462133d5ab3cfa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7172259
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRW75JEX5J7DH8K2AQK6RZMX-fra
server
cloudflare
etag
"2014a-4hvyK4+Q49dCXSLyG13VROqaHvw"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fc81e51-FRA
react-redux.min.js
unpkg.com/react-redux@7.2.8/dist/
16 KB
8 KB
Script
General
Full URL
https://unpkg.com/react-redux@7.2.8/dist/react-redux.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8a9076b5887859a16d3d9264b4d27f4ec0412e1ef51e43cbb1d8f1eaf07541
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7163244
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWFRQE4V7M7TG8BRWW6W3F6-fra
server
cloudflare
etag
"3ed0-hpbGJdoINWADjmP0Akj8XlSsvxg"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fc61e51-FRA
axios.min.js
unpkg.com/axios@0.26.1/dist/
17 KB
8 KB
Script
General
Full URL
https://unpkg.com/axios@0.26.1/dist/axios.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89290d4672ac1ce466302360408c73c96d10cc7ad67a4a3f972563c88efc1b67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7163446
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWFJG27X48N35RW8YH3WTMH-fra
server
cloudflare
etag
"457f-zA7QrHnYYTK2xYcjaiN3JvTqWzo"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fc21e51-FRA
purify.min.js
unpkg.com/dompurify@2.4.0/dist/
21 KB
11 KB
Script
General
Full URL
https://unpkg.com/dompurify@2.4.0/dist/purify.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03f0619fa53beb8da371427175c6f4d0df5b3b0b8a3572a3bfaa160318295b66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7163244
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWFRQEDHSKAPJW75P5TPD5E-fra
server
cloudflare
etag
"5495-OpC3QS0Kv+nnoIqpV/fCIUZWBuk"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fc41e51-FRA
react-query.production.min.js
unpkg.com/react-query@3.39.1/dist/
48 KB
18 KB
Script
General
Full URL
https://unpkg.com/react-query@3.39.1/dist/react-query.production.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3aea053185642fa68771f64f22d4ac36bc0460ce86542e008efd81d3dfc54f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7168122
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWB3VR4FDD12M67QCM42KED-fra
server
cloudflare
etag
"bf18-Rt6LU5PcFI8/cFoIPW8wSWdNlHI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b51fc11e51-FRA
redux-toolkit.umd.min.js
unpkg.com/%40reduxjs/toolkit@1.8.1/dist/
39 KB
18 KB
Script
General
Full URL
https://unpkg.com/%40reduxjs/toolkit@1.8.1/dist/redux-toolkit.umd.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a731c8e7201b548a0fc418d1d6a68ba31a1fad59cd836e95906e5f3efa43acd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7168117
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWB3W3TYWAEP0KX1XZRJR8X-fra
server
cloudflare
etag
"9a02-Q4Nq/njKcJAXmF3qDmhO8lBlpCM"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88e915b588e81e51-FRA
toast.bundle.js
ochsner.perkspot.com/Scripts/React/
19 KB
5 KB
Script
General
Full URL
https://ochsner.perkspot.com/Scripts/React/toast.bundle.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
a491c75feed5de07c5670575157d1a18d8e0cec1254e9a4e09e35473fa20d015
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"80c46797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuzy
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4542
x-content-security-policy
frame-ancestors *.perkspot.com
reduxStore.bundle.js
ochsner.perkspot.com/Scripts/React/
6 KB
2 KB
Script
General
Full URL
https://ochsner.perkspot.com/Scripts/React/reduxStore.bundle.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
405fbe83464869d07a363774c6b85f4e198cee730a5495f9e0f9de7f279a4311
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"80c46797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cuzz
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
2047
x-content-security-policy
frame-ancestors *.perkspot.com
dependencies.bundle.js
ochsner.perkspot.com/Scripts/React/
46 KB
15 KB
Script
General
Full URL
https://ochsner.perkspot.com/Scripts/React/dependencies.bundle.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
78e04595db9933ecf5e24650b1501604f66e2d977befd16f85f449e378aae9b3
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"80c46797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv09
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
15042
x-content-security-policy
frame-ancestors *.perkspot.com
runtime.bundle.js
ochsner.perkspot.com/Scripts/React/
2 KB
2 KB
Script
General
Full URL
https://ochsner.perkspot.com/Scripts/React/runtime.bundle.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
90a531b621d2e8b6d11496fa4dceb4e3a66b73b0453ed8140b7a3b094de729a3
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"882c7c797b2da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv0c
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
1296
x-content-security-policy
frame-ancestors *.perkspot.com
perkspot.interstitial
ochsner.perkspot.com/bundles/
70 B
682 B
Script
General
Full URL
https://ochsner.perkspot.com/bundles/perkspot.interstitial?v=75limDE-2tqT07c2TKoyoRaneuVhjVbGd0-jy267eRQ1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
db4aa790f6662d4e06c67e22c11d1c4654dbf373d116c16f71ecb82ba5efc244
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
175
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:31 GMT
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv1w
access-control-expose-headers
Request-Context
cache-control
public
accept-ranges
bytes
expires
Wed, 04 Jun 2025 15:51:31 GMT
100001
www.p.zjptg.com/tag/1850771/
49 KB
49 KB
Script
General
Full URL
https://www.p.zjptg.com/tag/1850771/100001
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.84.174.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-84-174-56.cdg50.r.cloudfront.net
Software
CloudFront /
Resource Hash
1f8b1e7f9cadc01a60f84f57941f4906b23a5f03b003bc910ae4a0adbf4e01ab

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:07:08 GMT
via
1.1 b1d588fd1c781c1c3a3cb8e0d6c6f49e.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
CDG50-P1
age
2663
x-cache
Hit from cloudfront
content-length
50259
x-amz-cf-id
joFO2c1w6evY_YZxu5QjMHhqY1HCXzG6PNtugwnbfll1kZboinjDdQ==
addtohomescreen
ochsner.perkspot.com/bundles/
9 KB
4 KB
Script
General
Full URL
https://ochsner.perkspot.com/bundles/addtohomescreen?v=dQY7ReEN3P6AvpTV4mVTeWSR8WQitK0nH1fxax2VNoA1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
65e4d18477e0e194ae2b3848fe053621a40508eeb817ab8c832b8005edd2c6af
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
frame-ancestors *.perkspot.com
date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
content-security-policy
frame-ancestors *.perkspot.com
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
content-length
3536
request-context
appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
last-modified
Tue, 04 Jun 2024 15:51:31 GMT
vary
User-Agent,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv1x
access-control-expose-headers
Request-Context
cache-control
public
accept-ranges
bytes
expires
Wed, 04 Jun 2025 15:51:31 GMT
rollbar.min.js
cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/
77 KB
24 KB
Script
General
Full URL
https://cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/rollbar.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-53.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55af9a94aa072cf5c093d7269bd98cec30ecade6ac2bc94dc9b47758630f4ba5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 18:34:24 GMT
Content-Encoding
gzip
Via
1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P9
Age
2409428
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 14 Sep 2022 17:49:55 GMT
Server
AmazonS3
ETag
W/"16c901ad672c76633691d7e04767ba75"
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=30672000,public
X-Amz-Cf-Id
6lJs2erwk70K_OuVdXWMR6Lz9yRlFPnsbXWToJkEczyleP__JkPCxw==
tune.js
js.go2sdk.com/v2/
4 KB
4 KB
Script
General
Full URL
https://js.go2sdk.com/v2/tune.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-67.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
688ea52c7291b980af811cab2dfc8af5ebb15a01555ddc0f3f312db77b059b74

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
date
Tue, 04 Jun 2024 02:55:06 GMT
via
1.1 459ec09472abb8544521a9b5cc6706ce.cloudfront.net (CloudFront)
last-modified
Mon, 04 Mar 2024 18:55:58 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P5
age
46586
x-amz-server-side-encryption
AES256
etag
"3301ce2b9ef7fa3f72c5ae2b296d4ceb"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
4142
x-amz-cf-id
ldyJdoB9IP3ddS0BVQZ480YEkxSig3aWCRTppauWJ57QgSEkwFs1tw==
j.php
dev.visualwebsiteoptimizer.com/
42 KB
10 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=793633&u=https%3A%2F%2Fochsner.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&vn=2
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
3169f33b203d2a1366e5bbbc02d245e3c9cd4ec1d30e56d1457056ce2678e8bd

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1717513500_EA"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
35A1AD_0_0.woff2
ochsner.perkspot.com/Content/fonts/
28 KB
28 KB
Font
General
Full URL
https://ochsner.perkspot.com/Content/fonts/35A1AD_0_0.woff2
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/Content/sass/dist/perxcss.css?v=1.0.0.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
42ae1eb8cc55b4e2382e02323c96a40e80432d3e810bce85f10c75ddacbd2e2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/Content/sass/dist/perxcss.css?v=1.0.0.0
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"53b7db797b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv0d
content-type
font/woff2
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
28718
x-content-security-policy
frame-ancestors *.perkspot.com
fontawesome-webfont.woff2
ochsner.perkspot.com/Content/fonts/
69 KB
69 KB
Font
General
Full URL
https://ochsner.perkspot.com/Content/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/Content/sass/dist/core.css?v=1.0.0.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/Content/sass/dist/core.css?v=1.0.0.0
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:34 GMT
etag
"6ddee2797b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv0e
content-type
font/woff2
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
70728
x-content-security-policy
frame-ancestors *.perkspot.com
35A1AD_3_0.woff2
ochsner.perkspot.com/Content/fonts/
41 KB
41 KB
Font
General
Full URL
https://ochsner.perkspot.com/Content/fonts/35A1AD_3_0.woff2
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/Content/sass/dist/perxcss.css?v=1.0.0.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
255733aa26ecbe1a2608fc086d6b510fafce3647ad1ddf22392c390a1306e640
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/Content/sass/dist/perxcss.css?v=1.0.0.0
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:33 GMT
etag
"b419de797b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv0f
content-type
font/woff2
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
42010
x-content-security-policy
frame-ancestors *.perkspot.com
ai.2.min.js
az416426.vo.msecnd.net/scripts/b/
120 KB
47 KB
Script
General
Full URL
https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/bundles/insights?v=to06oIlwehQWm-xrmEMdoBd0yB91KJAuDMMP4SAO9aI1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CFD) /
Resource Hash
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-07 00:07:47
content-md5
MPOa5dHQWkOQRqdkBRC0hg==
age
1672
x-cache
HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.18.min.js
content-length
48078
x-ms-lease-status
unlocked
last-modified
Wed, 20 Mar 2024 17:31:27 GMT
server
ECAcc (frc/4CFD)
x-ms-meta-aijssdkver
2.8.18
etag
0x8DC490392FC747D
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
58358f45-a01e-0022-7093-b6fec8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
expires
Tue, 04 Jun 2024 16:21:31 GMT
va_gq-13ef3a9970619213b4c7aba096ab7d99.js
dev.visualwebsiteoptimizer.com/edrv/
251 KB
66 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/edrv/va_gq-13ef3a9970619213b4c7aba096ab7d99.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=793633&u=https%3A%2F%2Fochsner.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&vn=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
3f7e683e432438eb81fd7c0bcfe2df76b0ed1e2004fad6bcd4bb134094bd360d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
br
via
1.1 google
last-modified
Tue, 04 Jun 2024 15:04:36 GMT
server
gfra1
etag
"665f2d04-10621"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67105
nc-f027e2f8b6d886ae70364d8e0c97d3f3.js
dev.visualwebsiteoptimizer.com/edrv/
9 KB
3 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/edrv/nc-f027e2f8b6d886ae70364d8e0c97d3f3.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=793633&u=https%3A%2F%2Fochsner.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&vn=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
8444915c7d150ad579f3e581586b2653e06238571c3c7c2bc50432943fac3b57

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Origin
https://ochsner.perkspot.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
br
via
1.1 google
last-modified
Tue, 04 Jun 2024 15:04:36 GMT
server
gfra1
etag
"665f2d04-cc1"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3265
v.gif
dev.visualwebsiteoptimizer.com/
35 B
152 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=793633&d=ochsner.perkspot.com&u=D1043D518F125D6B3A73479C6D56C86E7&h=89b56ce04ca43952eccb4f62e29f25b6&t=false
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
26d28420-cff0-402f-bd03-8a23fbb100cb
https://ochsner.perkspot.com/
524 B
0
Other
General
Full URL
blob:https://ochsner.perkspot.com/26d28420-cff0-402f-bd03-8a23fbb100cb
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f7273acda780f25a6645b50679ea08b5ff69947e957088e6777f0305f2145a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ochsner.perkspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
524
Content-Type
application/javascript
s.gif
dev.visualwebsiteoptimizer.com/
35 B
53 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=793633&u=D1043D518F125D6B3A73479C6D56C86E7&s=1717516291&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22de-de%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1717516291712%2C%22tO%22%3A-2%2C%22tz%22%3A%22Europe%2FBerlin%22%7D&cu=https%3A%2F%2Fochsner.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1717516291734&v=dd54cc59f
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:31 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
asset_composer.js
static.zdassets.com/ekr/ Frame E123
Redirect Chain
  • https://assets.zendesk.com/embeddable_framework/main.js
  • https://static.zdassets.com/ekr/asset_composer.js
10 KB
5 KB
Script
General
Full URL
https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ochsner.perkspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
x-amz-version-id
KdUtYfTvhN3NWk63zbedRawrUoa4O1MG
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
PFYF3E17T2W1CCDZ
age
43
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
T1waXE1ZywsYzvSq83tB1HHbgPPy6iSZRZh4onqLKjsSzScChVVd9DlVE0d2c7OV/3f8uLVlxkx2phaJw1zanw==
last-modified
Mon, 15 Jan 2024 02:56:11 GMT
server
cloudflare
etag
W/"c0053b411b753138af468db1bd3b19f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbR07J%2FnxRYkJ0fvQwS81pA4%2BC7E0PCUxs1dboN%2FE8v%2FsVOCMd5Sf%2FHy1OdH3M%2B69eFnAvDwh1h1gT8KMYdkdrP7hZHZZYs49fR3hzi4c8%2BH9hftl3L5Y9UkwY4FQ0kK0Y2%2Bhq4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=3600, s-maxage=60
access-control-max-age
0
cf-ray
88e915b9ce2b70b7-WAW
access-control-allow-headers
*

Redirect headers

date
Tue, 04 Jun 2024 15:51:31 GMT
strict-transport-security
max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YZoxvhE%2BIwEz3yDpqo0H2M2QcUhldivLkdeWXF0CXgl1XSIsHW7kvB4%2Fv0SdziGlQujvBGsQXlVVpuNbMGUjmJw%2Bs5EbLOa8yEmrsOgzaBnmuF8eQr3yKRtfZ7gtPTxpDhCMhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://static.zdassets.com/ekr/asset_composer.js
cache-control
max-age=3600
cf-ray
88e915b8ae8fbfaf-WAW
content-length
167
expires
Tue, 04 Jun 2024 16:51:31 GMT
settings.js
dev.visualwebsiteoptimizer.com/
63 KB
9 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/settings.js?a=793633&settings_type=1&vn=&eventArch=1&uuid=&ec=759621|876184&exc=31|53|64|69
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/edrv/va_gq-13ef3a9970619213b4c7aba096ab7d99.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
50be14f88a4eb1eef028a8efa857e15be2d0fe7d344ccb7771e34f31fbd33dcd

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:31 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1717513500_EA"
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
f6ce702d3c824416a11711d09caffe00
lib-us-1.brilliantcollector.com/collector/switch/ Frame
0
0
Preflight
General
Full URL
https://lib-us-1.brilliantcollector.com/collector/switch/f6ce702d3c824416a11711d09caffe00
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.21.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-21-140.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://ochsner.perkspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-requested-with
access-control-allow-methods
GET
access-control-allow-origin
https://ochsner.perkspot.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length
0
date
Tue, 04 Jun 2024 15:51:32 GMT
server
istio-envoy
vary
Accept-Encoding,Origin
x-envoy-upstream-service-time
0
f6ce702d3c824416a11711d09caffe00
lib-us-1.brilliantcollector.com/collector/switch/
1 B
245 B
XHR
General
Full URL
https://lib-us-1.brilliantcollector.com/collector/switch/f6ce702d3c824416a11711d09caffe00
Requested by
Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.21.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-21-140.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
dcname
prod-dal
server
istio-envoy
vary
Accept-Encoding,Origin
content-type
application/json
access-control-allow-origin
https://ochsner.perkspot.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
nodeid
wscollector-989cd4b76-rpspm
content-length
1
favicon.ico
ochsner.perkspot.com/Content/images/icons/
4 KB
5 KB
Other
General
Full URL
https://ochsner.perkspot.com/Content/images/icons/favicon.ico?v=69Pda6nAAr
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
3231117db58989506eb883fa287dcd077b23d91e9deebc8e14a7d13c9756b53a
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:35 GMT
etag
"2c3007b7b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155131Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv57
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4286
x-content-security-policy
frame-ancestors *.perkspot.com
track
dc.services.visualstudio.com/v2/ Frame
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://ochsner.perkspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Tue, 04 Jun 2024 15:51:31 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
189 B
293 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
a0b5013409a4dd0a10edb90daa4c92c08dd5277ece8ef414ea7288352bad7bd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://ochsner.perkspot.com/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Tue, 04 Jun 2024 15:51:31 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
favicon.ico
ochsner.perkspot.com/Content/images/icons/
4 KB
5 KB
Other
General
Full URL
https://ochsner.perkspot.com/Content/images/icons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
3231117db58989506eb883fa287dcd077b23d91e9deebc8e14a7d13c9756b53a
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:35 GMT
etag
"2c3007b7b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155132Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv6n
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4286
x-content-security-policy
frame-ancestors *.perkspot.com
collectorPost
lib-us-1.brilliantcollector.com/collector/ Frame
0
0
Preflight
General
Full URL
https://lib-us-1.brilliantcollector.com/collector/collectorPost
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.21.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-21-140.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-encoding,content-type,x-pageid,x-requested-with,x-tealeaf,x-tealeaf-messagetypes,x-tealeaf-page-url,x-tealeaf-saas-appkey,x-tealeaf-saas-tltsid,x-tealeaf-syncxhr,x-tealeaftype
Access-Control-Request-Method
POST
Origin
https://ochsner.perkspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-encoding, content-type, x-pageid, x-requested-with, x-tealeaf, x-tealeaf-messagetypes, x-tealeaf-page-url, x-tealeaf-saas-appkey, x-tealeaf-saas-tltsid, x-tealeaf-syncxhr, x-tealeaftype
access-control-allow-methods
POST
access-control-allow-origin
https://ochsner.perkspot.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length
0
date
Tue, 04 Jun 2024 15:51:32 GMT
server
istio-envoy
vary
Accept-Encoding,Origin
x-envoy-upstream-service-time
0
collectorPost
lib-us-1.brilliantcollector.com/collector/
38 B
361 B
Fetch
General
Full URL
https://lib-us-1.brilliantcollector.com/collector/collectorPost
Requested by
Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.21.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-21-140.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Content-Encoding
gzip
X-Tealeaf-SyncXHR
false
Accept-Language
de-DE,de;q=0.9;q=0.9
X-Tealeaf-MessageTypes
1,2,12,14
X-Tealeaf-SaaS-AppKey
f6ce702d3c824416a11711d09caffe00
X-Tealeaf-SaaS-TLTSID
20836404514011890545509042408592
X-Requested-With
fetch
sec-ch-ua-platform
"Win32"
X-Tealeaf
device (UIC) Lib/6.1.0.1989
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://ochsner.perkspot.com/
X-TealeafType
GUI
X-PageId
P.WUUW67ER2C2NB9UK7ZFDYHPN66CN
X-TeaLeaf-Page-Url
/offer/1431609/none

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
dcname
prod-dal
server
istio-envoy
vary
Accept-Encoding,Origin
content-type
application/json
access-control-allow-origin
https://ochsner.perkspot.com
cache-control
no-cache
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
tltsid
20836404514011890545509042408592
nodeid
wscollector-989cd4b76-rpspm
content-length
38
expires
Fri, 31 Dec 1998 12:00:00 GMT
perkspot.zendesk.com
ekr.zdassets.com/compose/web_widget/ Frame E123
1 KB
1 KB
Fetch
General
Full URL
https://ekr.zdassets.com/compose/web_widget/perkspot.zendesk.com
Requested by
Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd2607bd1e0d28c5c660af6719320d3e1aaac939df14f8888c554c15f5e0ee3f
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
age
10
content-encoding
br
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
88e6ccb5cad04857-SEA, 88e6ccb5cad04857-SEA
x-runtime
0.003635
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"cd2607bd1e0d28c5c660af6719320d3e"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTLbUPC2PsWIvTKPOBuNCps65KD8tXXauZW0XBABQcdgXPYJBmf5SvU1%2FH8D%2Bjobovq%2F%2BTctfGJnsaTqe6rsXj2UFX3Z6w2sTQVNUvQTXwnEF4y2EnxZKbayZudgiLn%2BKcw%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
88e915bb08473506-WAW
favicon.ico
ochsner.perkspot.com/Content/images/icons/
4 KB
0
Other
General
Full URL
https://ochsner.perkspot.com/Content/images/icons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
3231117db58989506eb883fa287dcd077b23d91e9deebc8e14a7d13c9756b53a
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
content-security-policy
frame-ancestors *.perkspot.com
last-modified
Wed, 29 May 2024 20:33:35 GMT
etag
"2c3007b7b2da1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
x-azure-ref
20240604T155132Z-16577d9575dk6p8lwrxqu6zphg000000022g00000001cv6n
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4286
x-content-security-policy
frame-ancestors *.perkspot.com
web-widget-main-c554e5f.js
static.zdassets.com/web_widget/classic/latest/ Frame 89BB
972 KB
277 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Requested by
Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4e54d8b5abd14920406ad0ce9ae99de43df27b0b8121a25e93536c8b27ab2ca
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
x-amz-version-id
M6SFlpuOd5Qmy5hzuDRKb.76mBVtEYd9
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
1H09AD88VC75HXRP
age
59
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
x6P07Mk4dU5ZSm9wZb4vgUjZWwKQbxvZiHVH/WwMT1YjQbu8khQdjYvzVtHWD+whoaKQd61yE7vg6gDhLXFemQ==
last-modified
Tue, 28 May 2024 06:15:37 GMT
server
cloudflare
etag
W/"5438a6a010b9fd0277fb4b091570d814"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djCk5M0dFRWGudF5OOVkafO%2FSuUzWef80Q4uZHAvoQUyHJ9lve71cq%2BSLSis95Zi%2Bv2RHgASrc8VfkEpbfSEZ6rvqEYp5OLyhbioEahHiXV4SUBp447br9DM1AXbAACOUVTtbPA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
88e915bba97670b7-WAW
access-control-allow-headers
*
expires
Wed, 28 May 2025 06:15:36 GMT
en-us-json-c554e5f.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 89BB
25 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-c554e5f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
x-amz-version-id
NSUZ6R9S.8NfnxE7QaHKj5QFEPo8oYOL
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
1H08RNEXDTK4NZB0
age
25781
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ijvwi98i753M2ud3Bt8acyQWY+LRFox8Ou1v9m7iemOtUXjxIw6X/JQhUA35D4yeDOPlUk5kmsXM6nF28FLgyw==
last-modified
Tue, 28 May 2024 06:15:38 GMT
server
cloudflare
etag
W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ahDPzSLGIe9iYUx7NizTFgRpIWUxPM8MAE2GX1pmVLihW9%2F79dfalERO69F8RBMiK%2Bk5QSHpeKzwkpP%2FSQEEYPgWboRSeusAVub%2BsKymivOHoMC%2B0Tp%2FcMMcrymUMfQIcdNaXiA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
88e915bd8ca970b7-WAW
access-control-allow-headers
*
expires
Wed, 28 May 2025 06:15:37 GMT
config
perkspot.zendesk.com/embeddable/ Frame 89BB
799 B
1 KB
Fetch
General
Full URL
https://perkspot.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56803e8fac0559c6f22f3b7ab50580285d4b64e77fefe70496e347483ad2e195

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8
x-zendesk-origin-server
embeddable-app-server-7d5d7c48d7-hd2dt
x-cached
MISS
x-runtime
0.001892
last-modified
Tue, 04 Jun 2024 15:51:24 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X4TWhdKO%2BoXxXu6WBOhwWgJSks0wjC%2FZzIpfnmfnXpQVYwe10etwB9XSxHgKgyhAIvOLdLiNH9HqJtIkY16tMuioAoKgJoAen4AYdeUg3zpJxuzA5efspWHkxBBCcJCEic3c%2Blk1"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
88e915be3fd9bf47-WAW
web-widget-chat-sdk-c554e5f.js
static.zdassets.com/web_widget/classic/latest/ Frame 89BB
216 KB
53 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-c554e5f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:32 GMT
x-amz-version-id
.856AVQ5u0d3qc7NtoxlFz0GoMk6pSyZ
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
A9PDSDX9WGBRE480
age
25782
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ZnzlBf0d20Bl8J+8VEnL9gDBlNC8bskoK6opdwIR95OvJw8ZWLIMDxIbHt+GEgMOviA8lR6tq30=
last-modified
Tue, 28 May 2024 06:15:37 GMT
server
cloudflare
etag
W/"bf7f24c006f934261d7ff732b528402b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LRH8JyiSiA650NWTLJZvc8AEBvks5hckrhN3t9uXJfqNl92ry0YLtNWp9q0u4Mhgduc0eryVOoOSgZHOTx4HqHVVh0Ny%2F4fATOswpJ7oyAK8yjGFxykIbNCF0N9%2FxqiiqOsOZUw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
88e915be0de470b7-WAW
access-control-allow-headers
*
expires
Wed, 28 May 2025 06:15:35 GMT
web-widget-chat-incoming-message-notification-c554e5f.js
static.zdassets.com/web_widget/classic/latest/ Frame 89BB
236 B
836 B
Script
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-c554e5f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:33 GMT
x-amz-version-id
61Rc4sTvafSu3tM1BCSylXg7kYb8okKi
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
A9P69CT04QXXT9VY
age
25782
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
F5AH9fXgYX7Yl46yWhrd+Ah5w2OUmWJb/UnPL1kWFcadi3KghSULhXwd914eNVVp3JBtQzEgj4Y=
last-modified
Tue, 28 May 2024 06:15:37 GMT
server
cloudflare
etag
W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGX75XpuIohZTpvLhjRd%2Fs4b9Bt8rM6hho6jO860DUAUQZxCM3VuYhVzBKH5zNMgzGC5XXXMOtG82aaYwV6A1pFftO1tH%2FuatnBivg%2BnBX4EMJk0UUqSgm5t9f6J7IeyOW%2FX3Q8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
88e915c3bed270b7-WAW
access-control-allow-headers
*
expires
Wed, 28 May 2025 06:15:35 GMT
fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 89BB
19 KB
20 KB
Media
General
Full URL
https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:33 GMT
x-amz-version-id
Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
KH5VE2Z70ZGQ75A2
age
4251372
x-amz-server-side-encryption
AES256
Content-Range
bytes 0-19697/19698
x-amz-replication-status
COMPLETED
Content-Length
19698
x-amz-id-2
LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified
Wed, 29 Nov 2023 08:06:43 GMT
server
cloudflare
etag
"f11ce9e8f40a392830217253fe75d6de"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdPv%2BMywJNnIvC9XyRjzkm0OAYc3GRaSXasFwr94sgdnwSbtYUAA2VorZGcQkBjKvNjDzWJNT3b3M%2BoawP09dlvGoBVh4K912xnVVwXiSBCWVB%2FDBD5II53eAneNuKzXjT8lLDs%3D"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
88e915c42f7370b7-WAW
access-control-allow-headers
*
expires
Thu, 28 Nov 2024 08:06:42 GMT
dl
perkspot.zendesk.com/frontendevents/ Frame
0
0
Preflight
General
Full URL
https://perkspot.zendesk.com/frontendevents/dl?client=1B752747-577B-429A-A0E0-83861AF69088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://ochsner.perkspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-origin
*
access-control-max-age
600
cache-control
max-age=600
cf-cache-status
DYNAMIC
cf-ray
88e915c4ca88bf47-WAW
date
Tue, 04 Jun 2024 15:51:34 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAJVE5bXP1%2BZUlxqMmhJva%2BKlrgp7SDwp4kqqo%2FNvv5MGuxeZ%2BMmtlr6vj2PRwPAwaNGyKVlvfsfB2iLVc4I5kmLckiTk%2FEfuTg29CI1jN45XBleJv1mta0GVSzOTCVC1fCbiMGI"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
x-request-id
88e915c4ca88bf47-WAW
x-zendesk-zorg
yes
Primary Request firstleafpartners
page.firstleaf.com/
Redirect Chain
  • https://www.kqzyfj.com/click-2097062-15528858?sid=UH8CMXGYHYK8N4WPUUWIGGYV1
  • https://cj.dotomi.com/to114js0-I/sz3/HLLIOOLO/IGPNGMI/G/G/G?j=yI83%3DuhYcmxgyhykYnUwpuuwiggyvR%3c%3c7JJFI%3A%2F%2FMMM.AGPO59.2EC%2F2B82A-SQZXQWS-RVVSYYVY%3c%3cg%3c7JJFI%3A%2F%2FE27ID4H.F4HAIFEJ.2EC...
  • https://www.emjcd.com/ek104cy65Q/y49/NRROUURU/OMVTMSO/M/QMMTMRTQSSSVNVRQRQ:5rtv7aJ8ZTcy/RNzP0-VwOOUwNN-0UNSzMMTOMwNUxwTP?j=mA0v%3DmZQUepYqZqcQfMohmmoaYYqnJ%3cu16!FK7H-629y96B%3czBB7A%3A%2F%2FEEE.28...
  • https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Part...
108 KB
18 KB
Document
General
Full URL
https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:95d5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa78dee940e5d225c5a02fb723f292e48892209a447919b235ed07de151cd2b4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ochsner.perkspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
88e915cb9a0a39e8-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 04 Jun 2024 15:51:35 GMT
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15552000
vary
Accept-Encoding
via
1.1 google, 1.1 google
x-frame-options
SAMEORIGIN
x-xss-protection
1

Redirect headers

Cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length
847
Content-Type
text/html; charset=UTF-8
Date
Tue, 04 Jun 2024 15:51:34 GMT
Expires
Tue, 04 Jun 2024 15:51:34 GMT
Location
https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
P3P
policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Pragma
no-cache
Server
Resin/4.0.66
X-VC-HTTPS
On
track
dc.services.visualstudio.com/v2/
189 B
247 B
Fetch
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.25.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
sdk-context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://ochsner.perkspot.com/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Tue, 04 Jun 2024 15:51:32 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
collectorPost
lib-us-1.brilliantcollector.com/collector/
0
0
Ping
General
Full URL
https://lib-us-1.brilliantcollector.com/collector/collectorPost?Content-Type=application%2Fjson&X-PageId=P.WUUW67ER2C2NB9UK7ZFDYHPN66CN&X-Tealeaf=device%20(UIC)%20Lib%2F6.1.0.1989&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Foffer%2F1431609%2Fnone&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C7&X-Tealeaf-SaaS-AppKey=f6ce702d3c824416a11711d09caffe00&X-Tealeaf-SaaS-TLTSID=20836404514011890545509042408592&Content-Encoding=gzip
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/scripts/PerkSpot_TLF_SDK_6-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.21.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-21-140.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ochsner.perkspot.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

dl
perkspot.zendesk.com/frontendevents/ Frame 89BB
0
0
Fetch
General
Full URL
https://perkspot.zendesk.com/frontendevents/dl?client=1B752747-577B-429A-A0E0-83861AF69088
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c554e5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 04 Jun 2024 15:51:34 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AX%2FP%2FPiQzjYsZPStshv1FKbD1jzZKi8Mt1oa7u5vi8G5nr4jZrV5zhHznGgEK2VMpi61071KV5HSof0aUCBIKhnlQwQuTGzbv%2FUbhIvIlylwLplznl6x%2Br4HxUhI6lEk7jtEILA"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
88e915c69d01bf47-WAW
content-length
0
x-request-id
88e915c69d01bf47-WAW
utils.7accb7b6af83a9dd4f79.js
g.fastcdn.co/js/
56 KB
19 KB
Script
General
Full URL
https://g.fastcdn.co/js/utils.7accb7b6af83a9dd4f79.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa55d216890ad204cd829e8c33fe34ef24c4e0638023f54b7d36ea3f0b1e387e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6100666
x-guploader-uploadid
ABPtcPogLSWGv9OOsp0kBb0RcfXbxKmN74aS8e1AXDqyLdLXGuPvVgTBAabDfFJ0xBC5P0MUleVxSJmJSw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
19643
last-modified
Thu, 21 Mar 2024 13:18:44 GMT
server
cloudflare
etag
"c2b6386c5bd6a6d8c857cf960d489487"
vary
Accept-Encoding
x-goog-generation
1711027124660325
content-type
application/javascript
x-goog-hash
crc32c=SbQjVA==, md5=wrY4bFvWptjIV8+WDUiUhw==
cache-control
public, max-age=31536000
x-goog-stored-content-length
19643
accept-ranges
bytes
cf-ray
88e915cd3f53905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
Cradle.dd0edac2d5f2fa8e68b5.js
g.fastcdn.co/js/
15 KB
4 KB
Script
General
Full URL
https://g.fastcdn.co/js/Cradle.dd0edac2d5f2fa8e68b5.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecc3883f7b177edcd6a59dcdb4f957cba8a1df5180202fcd3f30bd33dd6f7d7b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7093065
x-guploader-uploadid
ABPtcPq4BP-K7oBtPnDub1DCLBnUzWPV4v7ycwQfOe0HYDN-iP6uwQLRmYr-PVm-pJxlzKQczlg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
4001
last-modified
Thu, 07 Mar 2024 12:00:02 GMT
server
cloudflare
etag
"83131494fd187537d0742a06ac0791a9"
vary
Accept-Encoding
x-goog-generation
1709812802655159
content-type
application/javascript
x-goog-hash
crc32c=Tt9fJA==, md5=gxMUlP0YdTfQdCoGrAeRqQ==
cache-control
public, max-age=31536000
x-goog-stored-content-length
4001
accept-ranges
bytes
cf-ray
88e915cd3f52905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
css
fonts.googleapis.com/
32 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&display=swap
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
51698055502813cd29205292dfcb7517bd803cf9deb22e21d06bd24fb3bcdf4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 04 Jun 2024 14:00:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 04 Jun 2024 15:51:35 GMT
LegacyVendors.9d4b6af660c0e1798b50.js
g.fastcdn.co/js/
88 KB
31 KB
Script
General
Full URL
https://g.fastcdn.co/js/LegacyVendors.9d4b6af660c0e1798b50.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f29f9fa83fe6deaed043de807534108e2e819ad149d10da35caea2b4f06fcd2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7093584
x-guploader-uploadid
ABPtcPpZC9WP-tbRKG-TQKDZ3y8fTJ3vveVPFdViXplO8K7ENpmnnO-EVKEWbHq-3j_kwgMZNkdbfeHWLQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
31178
last-modified
Thu, 07 Mar 2024 12:00:03 GMT
server
cloudflare
etag
"c9ee367784b6e6fe97e30fd18d0931f5"
vary
Accept-Encoding
x-goog-generation
1709812803580572
content-type
application/javascript
x-goog-hash
crc32c=LYyRnQ==, md5=ye42d4S25v6X4w/RjQkx9Q==
cache-control
public, max-age=31536000
x-goog-stored-content-length
31178
accept-ranges
bytes
cf-ray
88e915cd3f50905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
caslon.css
d1hdjv7b05hja2.cloudfront.net/fonts/
0
0

fonts.css
cloud.typography.com/7410416/6307592/css/
0
0

64778737-0-firstleafl-logo.png
v.fastcdn.co/u/814df80e/
1 KB
2 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64778737-0-firstleafl-logo.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
297d3cd3ccf85fb90010fc152b085a96734c23c125fcff1764e7e5ac73d67cbf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244683
cf-polished
origFmt=png, origSize=3338
x-guploader-uploadid
ABPtcPqTmKpjrtdnkydPgrC7B7yfjhQyLI5V5QZv5CCq0pnrTaOkuxquhSv0DcWJBddsWhd7F2OAIevydw
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64778737-0-firstleafl-logo.webp"
x-goog-meta-expires
Tue, 25 Mar 2025 10:57:25 GMT
content-length
1306
cf-bgj
imgq:85,h2pri
last-modified
Fri, 02 Feb 2024 18:57:25 GMT
server
cloudflare
etag
"1148a64dbea729a64276a65990f7713a"
vary
Accept
x-goog-generation
1706900245356441
content-type
image/webp
x-goog-hash
crc32c=T18ZMw==, md5=EUimTb6nKaZCdqZZkPdxOg==
cache-control
public, max-age=315360000
x-goog-stored-content-length
3338
accept-ranges
bytes
cf-ray
88e915cd3c8cbbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64970276-0-PDP-Images-Desktop-4.jpg
v.fastcdn.co/u/814df80e/
82 KB
82 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64970276-0-PDP-Images-Desktop-4.jpg
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7edee5011755f4a5a73900cf0e54e042e5ecdecf913b9cebbfb1feeb4d12304

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
11499
cf-polished
qual=85, origFmt=jpeg, origSize=679860
x-guploader-uploadid
ABPtcPqTphMk0UeeCi91F6UBG9Vpwc3eq3fQKJ6y2ynAdpm2StbYkpffOOu2TNP9cvwsvEJzPnGT3pzC6w
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64970276-0-PDP-Images-Desktop-4.webp"
x-goog-meta-expires
Fri, 11 Jul 2025 09:01:25 GMT
content-length
83676
cf-bgj
imgq:85,h2pri
last-modified
Mon, 20 May 2024 17:01:26 GMT
server
cloudflare
etag
"cac4658bb042be0449c1a89d1a4122f6"
vary
Accept
x-goog-generation
1716224486013485
content-type
image/webp
x-goog-hash
crc32c=AWsLvw==, md5=ysRli7BCvgRJwaidGkEi9g==
cache-control
public, max-age=315360000
x-goog-stored-content-length
679860
accept-ranges
bytes
cf-ray
88e915cd3c84bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64970277-0-PDP-Images-Mobile-3.jpg
v.fastcdn.co/u/814df80e/
28 KB
28 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64970277-0-PDP-Images-Mobile-3.jpg
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf4add6cbec09e4c302fcfb8c217a485feba24a2837ebbb577d6ad96edf67d8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
4
cf-polished
qual=85, origFmt=jpeg, origSize=234336
x-guploader-uploadid
ABPtcPr56Djke08DNvef1XGh19sWapBl1RIrK29tfVgTQOX9QhAl4eNBZOT7BDmHVlJySat4QTTEsSGZng
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64970277-0-PDP-Images-Mobile-3.webp"
x-goog-meta-expires
Fri, 11 Jul 2025 09:01:27 GMT
content-length
28768
cf-bgj
imgq:85,h2pri
last-modified
Mon, 20 May 2024 17:01:27 GMT
server
cloudflare
etag
"d84c06a43902c87d1100e8a726d0daa3"
vary
Accept
x-goog-generation
1716224487189508
content-type
image/webp
x-goog-hash
crc32c=wlDvtQ==, md5=2EwGpDkCyH0RAOinJtDaow==
cache-control
public, max-age=315360000
x-goog-stored-content-length
234336
accept-ranges
bytes
cf-ray
88e915cded88bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64703311-0-Trustpilot-Rating.png
v.fastcdn.co/u/814df80e/
3 KB
3 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64703311-0-Trustpilot-Rating.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22d5844a30edf2c15420b17b1b14c47e910a7bfadf33cd93d1767aba1be29055

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244683
cf-polished
origFmt=png, origSize=4429
x-guploader-uploadid
ABPtcPoywNMLkqJfhNFmO48C1B_EgUzYPqcN_VEXo65ZYznvIpxgt7kgejmNZ0FJYD4-CgcBW_LQTKOO3Q
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64703311-0-Trustpilot-Rating.webp"
x-goog-meta-expires
Sun, 02 Feb 2025 04:30:33 GMT
content-length
2678
cf-bgj
imgq:85,h2pri
last-modified
Wed, 13 Dec 2023 12:30:33 GMT
server
cloudflare
etag
"9c1e61cfa9b2bb8f26aec97dcd5d661b"
vary
Accept
x-goog-generation
1702470633788942
content-type
image/webp
x-goog-hash
crc32c=DrOBGA==, md5=nB5hz6myu48mrsl9zV1mGw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
4429
accept-ranges
bytes
cf-ray
88e915cded89bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64755236-0-circle-checked.png
v.fastcdn.co/u/814df80e/
6 KB
7 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64755236-0-circle-checked.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
190e3a6420847bb948355183c2fdcdfa9ce099ce7e4bcc9c28ebe41fed127186

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
344439
cf-polished
origFmt=png, origSize=18848
x-guploader-uploadid
ABPtcPq11gyUQA7T7o4lmV9tYSQegjER9agpMKSn44QLn8nzaqGO3VbnVMT4qh9Pinmwz4JpAw8HATlSzg
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64755236-0-circle-checked.webp"
x-goog-meta-expires
Fri, 14 Mar 2025 06:14:32 GMT
content-length
6642
cf-bgj
imgq:85,h2pri
last-modified
Mon, 22 Jan 2024 14:14:32 GMT
server
cloudflare
etag
"a1306d320cf5327098e65990ee8deec3"
vary
Accept
x-goog-generation
1705932872528315
content-type
image/webp
x-goog-hash
crc32c=U1rsvg==, md5=oTBtMgz1MnCY5lmQ7o3uww==
cache-control
public, max-age=315360000
x-goog-stored-content-length
18848
accept-ranges
bytes
cf-ray
88e915ce2dcebbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707151343-64781102-150x150-firstleafl-logo.png
v.fastcdn.co/t/thumbnail/20240205/
1 KB
2 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707151343-64781102-150x150-firstleafl-logo.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
297d3cd3ccf85fb90010fc152b085a96734c23c125fcff1764e7e5ac73d67cbf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
442233
cf-polished
origFmt=png, origSize=3317
x-guploader-uploadid
ABPtcPqvacIq-Ql3-KukjIgwut7Tu4z8US1iWm0zt7lT1mISStI6NvyhkRXIKzTT0OCxd4Xu19Y5t8QH0g
x-goog-meta-content-length
3317
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707151343-64781102-150x150-firstleafl-logo.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 08:42:24 GMT
content-length
1306
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 16:42:24 GMT
server
cloudflare
etag
"344c3fd926f907ec12c595a9d89d76f3"
vary
Accept
x-goog-generation
1707151344434942
content-type
image/webp
x-goog-hash
crc32c=wqJ4uQ==, md5=NEw/2Sb5B+wSxZWp2J128w==
cache-control
public, max-age=315360000
x-goog-stored-content-length
3317
accept-ranges
bytes
cf-ray
88e915ce2dd2bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
LazyImage.4714f6fe2b1ad13d8f3b.js
g.fastcdn.co/js/
2 KB
1 KB
Script
General
Full URL
https://g.fastcdn.co/js/LazyImage.4714f6fe2b1ad13d8f3b.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
047794317b70504540fd8504bd67eec9a33e7e7b9558fb2f73a0a0de663a51c3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7169682
x-guploader-uploadid
ABPtcPo7pQrp5KT0GAxE32mo0JItnYMFOIwQnQ7CnYGwmsLnJT1uAPLWbKI7GM0vNLIkeJ_Lsx1LA63TQw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
1022
last-modified
Tue, 13 Feb 2024 08:46:10 GMT
server
cloudflare
etag
"b0ae2275f5d011ac64917080661e4956"
vary
Accept-Encoding
x-goog-generation
1707813970101504
content-type
application/javascript
x-goog-hash
crc32c=ZP0ifA==, md5=sK4idfXQEaxkkXCAZh5JVg==
cache-control
public, max-age=31536000
x-goog-stored-content-length
1022
accept-ranges
bytes
cf-ray
88e915ce2878905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
Links.70b7d22ad62e6b363655.js
g.fastcdn.co/js/
380 B
538 B
Script
General
Full URL
https://g.fastcdn.co/js/Links.70b7d22ad62e6b363655.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dad152dee0fa578a8f11721162206b98299f9926d203303a92d65d4920104d5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7169682
x-guploader-uploadid
ABPtcPo_CsQFdT-RidWrf3doh4ZSRF6Ll2tEfJCpS7NGgpuWb4B2nvnNk83Osz7mmVrSvbC7s5bqEb_wPQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
288
last-modified
Wed, 21 Feb 2024 10:34:02 GMT
server
cloudflare
etag
"66111b890b3a16d2d8e884c8d11fd5a0"
vary
Accept-Encoding
x-goog-generation
1708511641957343
content-type
application/javascript
x-goog-hash
crc32c=tIhBkQ==, md5=ZhEbiQs6FtLY6ITI0R/VoA==
cache-control
public, max-age=31536000
x-goog-stored-content-length
288
accept-ranges
bytes
cf-ray
88e915ce2873905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
lib.js
heatmap-events-collector.instapage.com/static/
24 KB
9 KB
Script
General
Full URL
https://heatmap-events-collector.instapage.com/static/lib.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:96fb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fe6faaa9000001abfaa88dcdb7e1e06e4c656d596928b59793271eb01852558
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
HIT
age
165
x-dns-prefetch-control
off
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jun 2024 13:26:27 GMT
server
cloudflare
x-download-options
noopen
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, must-revalidate, public
access-control-allow-credentials
true
cf-ray
88e915cecc46997a-FRA
expires
Tue, 04 Jun 2024 15:53:50 GMT
gtm.js
www.googletagmanager.com/
398 KB
116 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4ba8b2431710fcdb79d83b1489e461d61defe658b213d1b39cbf322dcb20d58e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
118611
x-xss-protection
0
last-modified
Tue, 04 Jun 2024 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 04 Jun 2024 15:51:35 GMT
it.js
cdn.instapagemetrics.com/t/js/3/
54 KB
54 KB
Script
General
Full URL
https://cdn.instapagemetrics.com/t/js/3/it.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.17.181 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
181.17.36.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:13:41 GMT
age
2274
x-guploader-uploadid
ABPtcPoq9ZYHsdamjuDK8WXMBalJPp0etmM0zrX7YsZ6uIAoVdDhQyACVBKdSMgLHZKmwm1McQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55266
last-modified
Tue, 13 Jun 2023 11:21:34 GMT
server
UploadServer
etag
"eee931187060719ab17a352de2424e0c"
x-goog-generation
1686655294888925
x-goog-hash
crc32c=JVvUKA==, md5=7ukxGHBgcZqxejUt4kJODA==
content-type
text/javascript
cache-control
public,max-age=3600
x-goog-stored-content-length
55266
accept-ranges
bytes
sptw.a416ac4ebfdfa0d582c4.js
g.fastcdn.co/js/
60 KB
20 KB
Script
General
Full URL
https://g.fastcdn.co/js/sptw.a416ac4ebfdfa0d582c4.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f767fd14aa58b7eb05ad986cd7b834cc8d0c2d22820f39e0dd950c17ae505b0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
7093065
x-guploader-uploadid
ABPtcPqpaCf0UW8-WssYTgwycsHt7MtOE7uc7RxwQEzYIij58bnqrYf1vKc3qOP-GJ3x5meS_BycstDa2A
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
20048
last-modified
Thu, 07 Mar 2024 12:00:05 GMT
server
cloudflare
etag
"4e31a9afeb792458d602b9f948d5eb49"
vary
Accept-Encoding
x-goog-generation
1709812805646789
content-type
application/javascript
x-goog-hash
crc32c=Ik/7aQ==, md5=TjGpr+t5JFjWArn5SNXrSQ==
cache-control
public, max-age=31536000
x-goog-stored-content-length
20048
accept-ranges
bytes
cf-ray
88e915ce287a905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
cm.js
g.fastcdn.co/js/
51 KB
18 KB
Script
General
Full URL
https://g.fastcdn.co/js/cm.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd8625bfa35604f050e4dcc7ff10c2c31d7cdf1ce7bdf4cde0d0415dcc74e2fb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
4087832
x-guploader-uploadid
ABPtcPpvRCuksssTYKW_3j-ud5VnmRw3aCXk_ckpxETWfuL8FF6838moqt6-uwnXHXdd5wUVboJGzEUWHg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
17906
last-modified
Thu, 30 Jun 2022 02:12:17 GMT
server
cloudflare
etag
"8e466d98fa1f746c74b1b409d20a0cf3"
vary
Accept-Encoding
x-goog-generation
1656555137097208
content-type
application/javascript
x-goog-hash
crc32c=ZpZBfw==, md5=jkZtmPofdGx0sbQJ0goM8w==
cache-control
public, max-age=31536000
x-goog-stored-content-length
17906
accept-ranges
bytes
cf-ray
88e915ce287b905e-FRA
expires
Wed, 04 Jun 2025 15:51:35 GMT
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bdeda331b720b33bf5b8bc88d52d16a1c40da840b41f4692e3ed70253fed9486

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
60841371-0-USE-THIS-ONE-Firstle.png
v.fastcdn.co/u/814df80e/
53 KB
54 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/60841371-0-USE-THIS-ONE-Firstle.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8400be7d2d60d42fdac04aed87154d78843df12845c5ffb871d274ca8096006

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244680
cf-polished
origSize=189069, status=webp_bigger
x-guploader-uploadid
ABPtcPoSP0mpGCABTUR9ToRGKUUz-ExTyZvfyBEZW9Zjf2cdrBro7DsMXIrwZ4um-_2JNYX9lXfyR0Xljw
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
x-goog-meta-expires
Mon, 27 Mar 2023 14:42:58 GMT
content-length
54759
cf-bgj
imgq:85,h2pri
last-modified
Thu, 03 Feb 2022 22:42:58 GMT
server
cloudflare
etag
"f5ef084f4ab7efe481bba0876393702a"
vary
Accept-Encoding
x-goog-generation
1643928178741488
content-type
image/png
x-goog-hash
crc32c=O9LQ7g==, md5=9e8IT0q37+SBu6CHY5NwKg==
cache-control
public, max-age=315360000
x-goog-stored-content-length
189069
accept-ranges
bytes
cf-ray
88e915ce3dd8bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/
32 KB
32 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://page.firstleaf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 14:32:22 GMT
x-content-type-options
nosniff
age
4753
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 04 Jun 2025 14:32:22 GMT
JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v26/
33 KB
34 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://page.firstleaf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 01:01:59 GMT
x-content-type-options
nosniff
age
53376
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34288
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:52:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 04 Jun 2025 01:01:59 GMT
slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
2 KB
960 B
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2692525
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
590
x-served-by
cache-fra-etou8220022-FRA, cache-lga21934-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7MaoALcfJgEd2LmOep%2B%2FcrYUSzNrJoWX0Xk6RhC6FZTRqXAV0V11xw6MRHj7tgic5Kr9qxnbBZYZv3lXyJJ3FSUAsRGma5vkJPZb3sHPuIQp7XDdZeYnjVbNkxdETnXyUYY4Mbgp4Gde%2B6Snuo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88e915cee956364a-FRA
slick-theme.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
3 KB
2 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2689940
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
866
x-served-by
cache-fra-eddf8230023-FRA, cache-lga21940-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"c49-gaQ0+U8rESTzIyu4bylE+C+yOsA"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwCyDa61osyD0816nAdO2P0mFBbV5ntbULY8TZXlTshyPdFviJtKW14gBj8NFX6%2FaczkYsVQP5DR4Cbb9bFaY%2BjE%2F6JFReDJ2HFkC3Q0NzSms09LqbqVv76Sm9GG3lWQqoweyNSxwD8M8X47CWs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88e915cee953364a-FRA
slick.min.js
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
42 KB
11 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2692529
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10412
x-served-by
cache-fra-eddf8230096-FRA, cache-lga21927-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2Fv%2B4i09iCiIsbPM8nMPUNTRNwqmD0CEkEGhuKVFtSJpGW3u4z5ayXGF9sVQc5JKdp%2BYrDK5pu6%2Fl37YYd3K67B8aTijWTV4kZ4R6jNPWtBL%2B8UcPvs32JP2Zu6JDtUOBmjEUO%2BJQrzj%2Fm1NLXs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88e915cee958364a-FRA
main.js
page.firstleaf.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/ Frame 58AD
Redirect Chain
  • https://page.firstleaf.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://page.firstleaf.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
8 KB
4 KB
Script
General
Full URL
https://page.firstleaf.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Server
2606:4700:4400::ac40:95d5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1c64521f13b12cd01b2aec667a5d85b3d8d0c56128fcdd8232adfc7f45536bf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-encoding
gzip
server
cloudflare
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
88e915cf087539e8-FRA

Redirect headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=15552000
server
cloudflare
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/26ed7e9dda49/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
88e915cebfc239e8-FRA
content-length
0
64733725-0-Slider4.jpg
v.fastcdn.co/u/814df80e/
67 KB
68 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64733725-0-Slider4.jpg
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea60f766281949bc2177c91021568b584ff6058d917f8c3bb4a61ae1b13216d9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
401931
cf-polished
qual=85, origFmt=jpeg, origSize=118013
x-guploader-uploadid
ABPtcPpWbn31qjgbJCByBwvMfJRGwTSGbwf7DOeeX55B9E8zRN9WKqPnEU23FkUdZ7_D4iDOGLpaJ52dsA
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64733725-0-Slider4.webp"
x-goog-meta-expires
Fri, 28 Feb 2025 09:41:25 GMT
content-length
68974
cf-bgj
imgq:85,h2pri
last-modified
Mon, 08 Jan 2024 17:41:25 GMT
server
cloudflare
etag
"25f94cf9d9a2b080548dec5a3ff5cf83"
vary
Accept
x-goog-generation
1704735685372383
content-type
image/webp
x-goog-hash
crc32c=8yso2g==, md5=JflM+dmisIBUjexaP/XPgw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
118013
accept-ranges
bytes
cf-ray
88e915ceeed6bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64531533-0-Exclusive-member-per.png
v.fastcdn.co/u/814df80e/
2 MB
2 MB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64531533-0-Exclusive-member-per.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
781c3947a11e341be26deaf6932720272733e184602d02fcb3b6dfb658f9d951

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
344397
cf-polished
origFmt=png, origSize=3363016
x-guploader-uploadid
ABPtcPoyYJvwUpRE6ugPG71DA81sjowPJZLMywhoHwyLFh1ha0_Wu_PQwuqfqo7_hicdw-USFCkm41czgQ
x-goog-meta-content-length
3363016
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64531533-0-Exclusive-member-per.webp"
x-goog-meta-expires
Fri, 01 Nov 2024 13:48:08 GMT
content-length
2128574
cf-bgj
imgq:85,h2pri
last-modified
Mon, 11 Sep 2023 21:48:08 GMT
server
cloudflare
etag
"6b925fb0380c0ce2a30eb881000366f3"
vary
Accept
x-goog-generation
1694468888715982
content-type
image/webp
x-goog-hash
crc32c=dQy2nQ==, md5=a5JfsDgMDOKjDriBAANm8w==
cache-control
public, max-age=315360000
x-goog-stored-content-length
3363016
accept-ranges
bytes
cf-ray
88e915ceeedebbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
63866125-0-HQ-LP-Image-05.jpg
v.fastcdn.co/u/814df80e/
291 KB
292 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/63866125-0-HQ-LP-Image-05.jpg
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91aa9a6c203eab189b868e22be75095642a4a3bc6313cf170b6462e96a4fa069

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244671
cf-polished
qual=85, origFmt=jpeg, origSize=2048470
x-guploader-uploadid
ABPtcPpEzd7qb6lw1SbeihHApU083eeHnpgDNuoAkzTJB0qyPGMBEugDrIoezVzH9z8HUZmRk0ZnqA2ZEQ
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="63866125-0-HQ-LP-Image-05.webp"
x-goog-meta-expires
Mon, 20 May 2024 08:01:20 GMT
content-length
298378
cf-bgj
imgq:85,h2pri
last-modified
Thu, 30 Mar 2023 16:01:20 GMT
server
cloudflare
etag
"0053239522011b6b1b5c98169bab3457"
vary
Accept
x-goog-generation
1680192080772125
content-type
image/webp
x-goog-hash
crc32c=HXn0iw==, md5=AFMjlSIBG2sbXJgWm6s0Vw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
2048470
accept-ranges
bytes
cf-ray
88e915ceeee1bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
ajax-loader.gif
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
4 KB
4 KB
Image
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ajax-loader.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2692478
x-jsd-version
1.8.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4178
x-served-by
cache-fra-etou8220104-FRA, cache-lga21935-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"1052-ehqkNhQ5Y4K7FeX95XTZzc0haY8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgGjXlfjQCdXY5N5LOgVRykWe%2BcMI%2BCWXgd0esEiM1Kb24N%2FjGiYWhLYaJASR6%2BJ%2Fgy%2Bs54N3z3TFBvzf2COU7yvpw97zxSAHcSXkfBqb%2F8l8uHOlMOUTFr0gh1wi7U2NjPHRDhOyjxfyHz6Lmg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88e915cf59c8364a-FRA
1706636044-64770417-150x150-arrow-prev.png
v.fastcdn.co/t/thumbnail/20240130/
314 B
667 B
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240130/1706636044-64770417-150x150-arrow-prev.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
046a17d8ea200b4630362aab3ccc8927b1afe2c283e2205c0ab49609d61eecda

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
344404
cf-polished
origFmt=png, origSize=813
x-guploader-uploadid
ABPtcPqZ7pUcrkkyIH2c0X4Uo1XkPIu7AsTxvnv2DT_UbwbJY7kvnINWfIxprUfcnjysab42VgSIx2flYw
x-goog-meta-content-length
813
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1706636044-64770417-150x150-arrow-prev.webp"
x-goog-meta-expires
Sat, 22 Mar 2025 09:34:04 GMT
content-length
314
cf-bgj
imgq:85,h2pri
last-modified
Tue, 30 Jan 2024 17:34:05 GMT
server
cloudflare
etag
"0f67646f60c0a45d5327a4ef9740edeb"
vary
Accept
x-goog-generation
1706636045357660
content-type
image/webp
x-goog-hash
crc32c=nVzOpQ==, md5=D2dkb2DApF1TJ6Tvl0Dt6w==
cache-control
public, max-age=315360000
x-goog-stored-content-length
813
accept-ranges
bytes
cf-ray
88e915cf6fc0bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1706636042-64770416-150x150-arrow-next.png
v.fastcdn.co/t/thumbnail/20240130/
314 B
658 B
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240130/1706636042-64770416-150x150-arrow-next.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
915cbb7f07c967c0ba968097886ee2b4dd64e6cc216b43a11d06401dddf8faeb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://page.firstleaf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
782558
cf-polished
origFmt=png, origSize=748
x-guploader-uploadid
ABPtcPrRQb_YzQ0LmRrdlWCZpqV2vC72GsKy5EYQOR2R2nlA-vQ6ycM9lBk1JTG7cu1VLPvQ83A
x-goog-meta-content-length
748
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1706636042-64770416-150x150-arrow-next.webp"
x-goog-meta-expires
Sat, 22 Mar 2025 09:34:02 GMT
content-length
314
cf-bgj
imgq:85,h2pri
last-modified
Tue, 30 Jan 2024 17:34:02 GMT
server
cloudflare
etag
"8237953195d87d17d23cf3996bd254de"
vary
Accept
x-goog-generation
1706636042939540
content-type
image/webp
x-goog-hash
crc32c=x3ggkw==, md5=gjeVMZXYfRfSPPOZa9JU3g==
cache-control
public, max-age=315360000
x-goog-stored-content-length
748
accept-ranges
bytes
cf-ray
88e915cf6fc1bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143370-64780733-150x150-France.png
v.fastcdn.co/t/thumbnail/20240205/
2 KB
2 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143370-64780733-150x150-France.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
844ba7cf297ced245b9a3240cab82df42038cbf35d7936cf430790854a019f7c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
344437
cf-polished
origFmt=png, origSize=3485
x-guploader-uploadid
ABPtcPoAUIQSEXoRKoAeJV8F9vr7m04yqixcLwIjGwjXQ3qCqEQPYvtz36-q-A-a6-njhJPzlEqH1Np14A
x-goog-meta-content-length
3485
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143370-64780733-150x150-France.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:29:31 GMT
content-length
1914
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:29:31 GMT
server
cloudflare
etag
"9c9becadaac0a4bcd08e21772ddffba2"
vary
Accept
x-goog-generation
1707143371351963
content-type
image/webp
x-goog-hash
crc32c=08dAcQ==, md5=nJvsrarApLzQjiF3Ld/7og==
cache-control
public, max-age=315360000
x-goog-stored-content-length
3485
accept-ranges
bytes
cf-ray
88e915cf7fd3bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143409-64780737-150x150-Silver.png
v.fastcdn.co/t/thumbnail/20240205/
10 KB
10 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143409-64780737-150x150-Silver.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54caf1fa6a1edc50ba279842ba65958d3dfc27ccdd12aa87c20ee5521cc3c0b5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
1468143
cf-polished
origFmt=png, origSize=15899
x-guploader-uploadid
ABPtcPodA2b5hzUMxepS1xdqYmBENuDDHyiGsXC7d3howDO1Uk-DnoFnjgCtIHlMPApXi-xJslluXvj-QA
x-goog-meta-content-length
15899
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143409-64780737-150x150-Silver.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:09 GMT
content-length
10078
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:10 GMT
server
cloudflare
etag
"2784d080b6c21bd467085ce03fab9479"
vary
Accept
x-goog-generation
1707143409971942
content-type
image/webp
x-goog-hash
crc32c=gbtA4Q==, md5=J4TQgLbCG9RnCFzgP6uUeQ==
cache-control
public, max-age=315360000
x-goog-stored-content-length
15899
accept-ranges
bytes
cf-ray
88e915cf7fd7bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780745-0-St.-Audette.png
v.fastcdn.co/u/814df80e/
202 KB
203 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780745-0-St.-Audette.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad79fe59f1583a5788084bea3eac291649744d146441c558657af89a199ef935

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244679
cf-polished
origFmt=png, origSize=316356
x-guploader-uploadid
ABPtcPr5FSLvMLjh-0446e4sGWRRIDN3FnOH9THM7uZ78ntf12c7shA8ER18O9vYB7WBiYvl_ertmY7sow
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780745-0-St.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:41 GMT
content-length
207230
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:41 GMT
server
cloudflare
etag
"739b9bf1ba7d5765077b9e8350765cd8"
vary
Accept
x-goog-generation
1707143441645687
content-type
image/webp
x-goog-hash
crc32c=SY/wCw==, md5=c5ub8bp9V2UHe56DUHZc2A==
cache-control
public, max-age=315360000
x-goog-stored-content-length
316356
accept-ranges
bytes
cf-ray
88e915cf7fdabbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64781322-0-Like.png
v.fastcdn.co/u/814df80e/
1 KB
1 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64781322-0-Like.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
460535d21cb0765795ffa52442ac0e6e1d5051bc31407f5e77dac1afa077edcc

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244679
cf-polished
origFmt=png, origSize=2643
x-guploader-uploadid
ABPtcPpKGTYjqMHFEUiuJeBy9FMSg6s0U9pZMnYumYoyeC60sHDNjXl-2gxaiKwEGSsiF9RiCzK06Pr5Ew
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64781322-0-Like.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 10:36:17 GMT
content-length
1078
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 18:36:18 GMT
server
cloudflare
etag
"c65532c2501e9675dd778c0600c7a636"
vary
Accept
x-goog-generation
1707158178033044
content-type
image/webp
x-goog-hash
crc32c=wvjrCg==, md5=xlUywlAelnXdd4wGAMemNg==
cache-control
public, max-age=315360000
x-goog-stored-content-length
2643
accept-ranges
bytes
cf-ray
88e915cf7fdcbbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143372-64780734-150x150-Chile.png
v.fastcdn.co/t/thumbnail/20240205/
2 KB
3 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143372-64780734-150x150-Chile.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4efcdc6c80c020c85311ffd5ff5bd87183932775ac92802bac0b223ee4e8b156

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
2590860
cf-polished
origFmt=png, origSize=4069
x-guploader-uploadid
ABPtcPqihy4xZEYdcWbHVQAXSTEzqwtFTe18ghm2rpozsjoHwZgn0EfQs5_xybejL4yh1xTG3En3JJoN4w
x-goog-meta-content-length
4069
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143372-64780734-150x150-Chile.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:29:33 GMT
content-length
2256
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:29:33 GMT
server
cloudflare
etag
"0661ced91a0804fa25b622d9dffcc11b"
vary
Accept
x-goog-generation
1707143373181907
content-type
image/webp
x-goog-hash
crc32c=qA45TA==, md5=BmHO2RoIBPoltiLZ3/zBGw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
4069
accept-ranges
bytes
cf-ray
88e915cf7fdfbbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143411-64780738-150x150-Gold.png
v.fastcdn.co/t/thumbnail/20240205/
10 KB
11 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143411-64780738-150x150-Gold.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8486a3f9ae75406b6ca3afd7774fc851165a682a248dd28c275de379224135a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
244665
cf-polished
origFmt=png, origSize=15143
x-guploader-uploadid
ABPtcPoYYYmaaGLUU3CFrLw_ifcBpskqfuAxYac2Y8AhjKCeXwzmcPkkA98OPjtMBTwddkjOF1KELJFoMw
x-goog-meta-content-length
15143
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143411-64780738-150x150-Gold.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:11 GMT
content-length
10450
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:11 GMT
server
cloudflare
etag
"7c8927ac3faba604da2b03b87f6092e5"
vary
Accept
x-goog-generation
1707143411784579
content-type
image/webp
x-goog-hash
crc32c=tEK44Q==, md5=fIknrD+rpgTaKwO4f2CS5Q==
cache-control
public, max-age=315360000
x-goog-stored-content-length
15143
accept-ranges
bytes
cf-ray
88e915cf7fe4bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780748-0-25-Degrees.png
v.fastcdn.co/u/814df80e/
194 KB
195 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780748-0-25-Degrees.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59dcd2d919153d915a5a2c47d1294158186372dfc4901cccff7ce02834aeb73d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
442231
cf-polished
origFmt=png, origSize=301965
x-guploader-uploadid
ABPtcPrl0aZzCpgbBEEn33jkgZC8dr6yn-wRjIB9b7YlR3qVKoHVGO7tixYfN3GZzffEvbptYbtqDpkcJw
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780748-0-25-Degrees.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:51 GMT
content-length
198736
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:51 GMT
server
cloudflare
etag
"539870a694388b5372c041d180a4b2f7"
vary
Accept
x-goog-generation
1707143451122651
content-type
image/webp
x-goog-hash
crc32c=S8SjFA==, md5=U5hwppQ4i1NywEHRgKSy9w==
cache-control
public, max-age=315360000
x-goog-stored-content-length
301965
accept-ranges
bytes
cf-ray
88e915cf7fe8bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143367-64780729-150x150-USA.png
v.fastcdn.co/t/thumbnail/20240205/
4 KB
4 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143367-64780729-150x150-USA.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a12b438b92f44bc2016f691548ce0632e07415b802954f7671222ef17253ef

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
2590860
cf-polished
origFmt=png, origSize=6420
x-guploader-uploadid
ABPtcPplNYl5blcwr-vQfCeDwl0IYlgB77ZplOQ-ciq8tBzP6TmLFHBlhZygX564CtsV4BwjJyMMdL82vA
x-goog-meta-content-length
6420
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143367-64780729-150x150-USA.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:29:27 GMT
content-length
3658
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:29:28 GMT
server
cloudflare
etag
"818b727467a29f4a96a75abfc847eab3"
vary
Accept
x-goog-generation
1707143368007390
content-type
image/webp
x-goog-hash
crc32c=hh19iQ==, md5=gYtydGein0qWp1q/yEfqsw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
6420
accept-ranges
bytes
cf-ray
88e915cf7fedbbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143412-64780740-150x150-Double-Gold.png
v.fastcdn.co/t/thumbnail/20240205/
11 KB
11 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143412-64780740-150x150-Double-Gold.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4531531e27fd238f5f1df78d134fdc1268995007411caf68867a72d72aaeb919

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
1468143
cf-polished
origFmt=png, origSize=16091
x-guploader-uploadid
ABPtcPpkJYLkK-Cm00fEPWAGvAqgkR-udgT7SJY9Xfpo3611mYrOTl18W45BpVruZbQ0KaHHchRpjStepg
x-goog-meta-content-length
16091
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143412-64780740-150x150-Double-Gold.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:13 GMT
content-length
11198
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:13 GMT
server
cloudflare
etag
"53a2868f5c8731ae24c7cbcf64490d65"
vary
Accept
x-goog-generation
1707143413460624
content-type
image/webp
x-goog-hash
crc32c=c0ZIlw==, md5=U6KGj1yHMa4kx8vPZEkNZQ==
cache-control
public, max-age=315360000
x-goog-stored-content-length
16091
accept-ranges
bytes
cf-ray
88e915cf8ff0bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780747-0-Thisle--Quail.png
v.fastcdn.co/u/814df80e/
226 KB
227 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780747-0-Thisle--Quail.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
673f9d011800204dd6d79b0607fcc635e3be028bcc76308625a65cf678bf1cfa

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
442231
cf-polished
origFmt=png, origSize=346925
x-guploader-uploadid
ABPtcPotMCJeeYkVAd3HVAvG5FEicFs4c5CMd7aETP_1_wTmOaa95COqS_u7dXRO2rqPz9MiA-kxqD20XA
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780747-0-Thisle--Quail.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:47 GMT
content-length
231494
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:47 GMT
server
cloudflare
etag
"77642d56074ef4a259492bdd39543bdb"
vary
Accept
x-goog-generation
1707143447761744
content-type
image/webp
x-goog-hash
crc32c=E/F8+Q==, md5=d2QtVgdO9KJZSSvdOVQ72w==
cache-control
public, max-age=315360000
x-goog-stored-content-length
346925
accept-ranges
bytes
cf-ray
88e915cf8ff2bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780744-0-Whale-Light.png
v.fastcdn.co/u/814df80e/
234 KB
234 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780744-0-Whale-Light.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
628834657c267940312e1a8ffa1443276b646ed8cd8509f7f8c6ab284e832bd3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
401939
cf-polished
origFmt=png, origSize=371059
x-guploader-uploadid
ABPtcPrWBOsk7lnO56CU0GuoFKn2l_ZhAEXI467r82edLBIDtXMvl6tcE6OgYBCN5UcPD7dFLwEYn2blaA
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780744-0-Whale-Light.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:39 GMT
content-length
239154
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:39 GMT
server
cloudflare
etag
"d92d21ad653d0bc200a86a0fe6cf1036"
vary
Accept
x-goog-generation
1707143439299735
content-type
image/webp
x-goog-hash
crc32c=GEB6RQ==, md5=2S0hrWU9C8IAqGoP5s8QNg==
cache-control
public, max-age=315360000
x-goog-stored-content-length
371059
accept-ranges
bytes
cf-ray
88e915cf8ff3bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780746-0-Castillo-Quebrado.png
v.fastcdn.co/u/814df80e/
264 KB
264 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780746-0-Castillo-Quebrado.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e56a4985055d1f66fb79ea590062f13b7732587f4a33067ea3ee9d2330e043b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
442228
cf-polished
origFmt=png, origSize=405580
x-guploader-uploadid
ABPtcPq2QsZQm_wyW9tObN9eVzmAWfKVVWQp0cFVnqP73YV9WqP8PY5_AFYY-Kv0PK8LzN5jDhMODeVxcQ
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780746-0-Castillo-Quebrado.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:44 GMT
content-length
269942
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:44 GMT
server
cloudflare
etag
"b49f1ab7b61b40ef7b8d1d6a290d0e22"
vary
Accept
x-goog-generation
1707143444947362
content-type
image/webp
x-goog-hash
crc32c=/EypCA==, md5=tJ8at7YbQO97jR1qKQ0OIg==
cache-control
public, max-age=315360000
x-goog-stored-content-length
405580
accept-ranges
bytes
cf-ray
88e915cf8ff6bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
1707143369-64780731-150x150-South-Africa.png
v.fastcdn.co/t/thumbnail/20240205/
4 KB
4 KB
Image
General
Full URL
https://v.fastcdn.co/t/thumbnail/20240205/1707143369-64780731-150x150-South-Africa.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d10dad0283c64a3ce558080e000850d6635c96244e1140770ea285296f88af1f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
1555753
cf-polished
origFmt=png, origSize=6148
x-guploader-uploadid
ABPtcPrvCWMhNhu6FAtETytsZTWWK_jWntrL-_R2DWxfBMf7FPT695HvzIvQrV7OlZwbNnajqKd5dHzNVQ
x-goog-meta-content-length
6148
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="1707143369-64780731-150x150-South-Africa.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:29:29 GMT
content-length
3690
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:29:29 GMT
server
cloudflare
etag
"b37e92b78db075a98b6ffe732faa7c5f"
vary
Accept
x-goog-generation
1707143369856055
content-type
image/webp
x-goog-hash
crc32c=htGdnQ==, md5=s36St42wdamLb/5zL6p8Xw==
cache-control
public, max-age=315360000
x-goog-stored-content-length
6148
accept-ranges
bytes
cf-ray
88e915cf8802bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
64780743-0-Wisdom-Point.png
v.fastcdn.co/u/814df80e/
216 KB
217 KB
Image
General
Full URL
https://v.fastcdn.co/u/814df80e/64780743-0-Wisdom-Point.png
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36448550261e964217811600224a54578479bb9f0c417ac213a84b597ff178e9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
cf-cache-status
HIT
age
6046827
cf-polished
origFmt=png, origSize=340628
x-guploader-uploadid
ABPtcPqew15d_bxCG4q1eyK_Rs_fAlgU98rtbXPmv_Ed5hwpXVvOuuInxfrzYJ5Wg0uvz7i0sNLYvw8uRg
x-goog-meta-content-length
0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="64780743-0-Wisdom-Point.webp"
x-goog-meta-expires
Fri, 28 Mar 2025 06:30:36 GMT
content-length
221124
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Feb 2024 14:30:36 GMT
server
cloudflare
etag
"0bf186c4251d9ba8f73b1189c9ac9f35"
vary
Accept
x-goog-generation
1707143436213411
content-type
image/webp
x-goog-hash
crc32c=1TeQcQ==, md5=C/GGxCUdm6j3OxGJyayfNQ==
cache-control
public, max-age=315360000
x-goog-stored-content-length
340628
accept-ranges
bytes
cf-ray
88e915cf8803bbc8-FRA
expires
Fri, 02 Jun 2034 15:51:35 GMT
88e915cb9a0a39e8
page.firstleaf.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 58AD
0
360 B
XHR
General
Full URL
https://page.firstleaf.com/cdn-cgi/challenge-platform/h/g/jsd/r/88e915cb9a0a39e8
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:95d5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
strict-transport-security
max-age=15552000
server
cloudflare
cf-ray
88e915d07ad639e8-FRA
content-length
0
content-type
text/plain; charset=UTF-8
js
www.googletagmanager.com/gtag/
344 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b5f97a2736472069caf7a7c5ff6444518183c7b8cbcb07617d36898d98d9ae22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109074
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 04 Jun 2024 15:51:35 GMT
wxyz.cs.js
rbv9j7km.firstleaf.com/assets/
49 KB
11 KB
Script
General
Full URL
https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.230.230.25 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
caa21a65dd9e1df81a57e31bd7e5c336bf6de1d84912074baa5b85fa44744a4f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Content-Encoding
gzip
Server
openresty
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
fbevents.js
connect.facebook.net/en_US/
219 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 04 Jun 2024 15:51:35 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57975
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=12, mss=1297, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
2TYB6ieu6GvkId+B2ygS4lkupvl/N3Y0mM8sPl9I9RdznZUzgAfgRBpyuwT+9XkK873EadjpCLFuM1bvPN9bfw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Tue, 04 Jun 2024 15:51:35 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FCD15C81231346A2982A58DCBB0669B7 Ref B: FRA31EDGE0115 Ref C: 2024-06-04T15:51:36Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
ping.min.js
cdn.pdst.fm/
18 KB
18 KB
Script
General
Full URL
https://cdn.pdst.fm/ping.min.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.142.80 -, , ASN (),
Reverse DNS
Software
UploadServer /
Resource Hash
01a6571de875629cd204157ffb77bdf6787f80ecbafacae73c1cc4f893eb43a6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:50:31 GMT
age
64
x-guploader-uploadid
ABPtcPqYBacmgnpRW7-YzXQ07VXtEKlgtkRL3_RE0tw6JRal5lcuVvgi2Kuhfxg8eFQ_As4nz4E
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17985
last-modified
Tue, 14 May 2024 14:35:47 GMT
server
UploadServer
etag
"d7cac522641241ca4e9ceac4f1b458e8"
x-goog-generation
1715697347359123
x-goog-hash
crc32c=Q65p8w==, md5=18rFImQSQcpOnOrE8bRY6A==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
17985
accept-ranges
bytes
content-type
text/javascript
expires
Tue, 04 Jun 2024 16:50:31 GMT
sp-at-v2-14-0.js
images.firstleaf.com/js/
98 KB
30 KB
Script
General
Full URL
https://images.firstleaf.com/js/sp-at-v2-14-0.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2df6 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:36 GMT
content-encoding
gzip
via
1.1 2ad26f5878b778b17955978bf962dc9a.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
last-modified
Mon, 27 Jul 2020 04:28:00 GMT
server
cloudflare
x-amz-cf-pop
FRA60-P9
etag
W/"8dba669b94e3865c9205ef8fd15ee4d1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=5356800
cf-ray
88e915d20932bb67-FRA
x-amz-cf-id
JqPTrvgGvLx5qEAmXzQBUzdd_p-AY5Sb1g_WvOqw-jHTEBvfSvBWig==
fs.js
edge.fullstory.com/s/
273 KB
74 KB
Script
General
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 -, , ASN (),
Reverse DNS
Software
UploadServer /
Resource Hash
0f7c8ca4341ce357e0424f80dd36181ae812a3449b09b5d7e804133df7c30ebf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://page.firstleaf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:16:40 GMT
content-encoding
br
age
2095
x-guploader-uploadid
ABPtcPp9-MeZayISX7fGoOdZubTv4VO4G59G_wPweNke_9_ADo3FCSByU6u17GndgWARB1G3tePsmGy62g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75399
last-modified
Mon, 03 Jun 2024 19:13:28 GMT
server
UploadServer
etag
"9518bfdd8ce5a4d07426912e49eab44e"
vary
Accept-Encoding
x-goog-generation
1717442008056727
x-goog-hash
crc32c=iqU1ow==, md5=lRi/3YzlpNB0JpEuSeq0Tg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
75399
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 04 Jun 2024 16:16:40 GMT
widget_async.js
d2mjzob2nc713b.cloudfront.net/widget/
Redirect Chain
  • https://shop.pe/widget/widget_async.js
  • https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
3 KB
2 KB
Script
General
Full URL
https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Server
2600:9000:26e8:9000:d:370a:51c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f235d19f5cf10061b266c784723b2829a7acab9b88ac8924b5aac3d0be0b438

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Tue, 04 Jun 2024 15:13:40 GMT
content-encoding
gzip
via
1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P10
age
2277
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1192
last-modified
Mon, 20 May 2024 15:33:23 GMT
server
AmazonS3
etag
"5bcfe272ba6cc455636cdb5e7f6bce0c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=3600, public
accept-ranges
bytes
x-amz-cf-id
17_xdXP_TxRRZeZTHUabrSQcjSK6j986w3vH6isYEtCyWylC3DVHIw==
x-amz-meta-mtime
1716219202.04

Redirect headers

date
Tue, 04 Jun 2024 15:51:36 GMT
content-security-policy
frame-ancestors none;
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
server
nginx
x-frame-options
deny
content-type
text/html
location
https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
162
btp.js
www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/
5 KB
2 KB
Script
General
Full URL
https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.225.220.126 -, , ASN (),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0f88056ae93eb3934cd9cd312a9766a14afadf3cb20c1d2a07d8a8d5344e46bc

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-powered-by-plesk
PleskWin
date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
last-modified
Wed, 15 Nov 2023 18:43:00 GMT
server
Microsoft-IIS/10.0
etag
"092bb8ef317da1:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
1649
4f1bd082-d454-42cb-bafd-026640e9800e
tag.simpli.fi/sifitag/
3 KB
2 KB
Script
General
Full URL
https://tag.simpli.fi/sifitag/4f1bd082-d454-42cb-bafd-026640e9800e
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.234.162.151 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
645ab215148e00ab2ba3fdfc7caec9aa6d0cd5a672078f1d033a01e0f5a44864

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:35 GMT
content-encoding
gzip
server
openresty
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id
F9XX-K33YeZ_smQeVaEC
expires
Thu, 01 Jan 1970 00:00:00 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 04 Jun 2024 14:29:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4948
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 04 Jun 2024 16:29:08 GMT
ppt=18168;g=landing_page;gid=41654;ord=814862339;ip=80.255.7.118;cuidchk=1
trkn.us/pixel/conv/
Redirect Chain
  • https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339
  • https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339;ip=80.255.7.118;cuidchk=1
42 B
721 B
Image
General
Full URL
https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339;ip=80.255.7.118;cuidchk=1
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
HTTP/1.1
Server
2.16.100.17 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 04 Jun 2024 15:51:36 GMT
X-Content-Type-Options
nosniff
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type
image/gif
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection
keep-alive
Content-Length
42
Expires
Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Location
/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=814862339;ip=80.255.7.118;cuidchk=1
Date
Tue, 04 Jun 2024 15:51:36 GMT
X-Content-Type-Options
nosniff
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
rs
tags.w55c.net/
Redirect Chain
  • https://tags.w55c.net/rs?id=71b67348696b454582c45b8a45b1a724&t=homepage
  • https://tags.w55c.net/rs?sccid=5008ef6b-7adb-27e8-cf95-a7171e942d35&scc=1&id=71b67348696b454582c45b8a45b1a724&t=homepage
42 B
752 B
Image
General
Full URL
https://tags.w55c.net/rs?sccid=5008ef6b-7adb-27e8-cf95-a7171e942d35&scc=1&id=71b67348696b454582c45b8a45b1a724&t=homepage
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
HTTP/1.1
Server
35.158.75.12 -, , ASN (),
Reverse DNS
Software
Retargeting/v2.0.30-804-gb7685b3#rel-ec2-master i-01c050b9ab7d95596@eu-central-1b@dxedge-app-eu-central-1-prod-asg /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 04 Jun 2024 15:51:35 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
Retargeting/v2.0.30-804-gb7685b3#rel-ec2-master i-01c050b9ab7d95596@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type,X-Forwarded-Proto
Content-Length
42
Expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 04 Jun 2024 15:51:35 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
Retargeting/v2.0.30-804-gb7685b3#rel-ec2-master i-0dd5580416a830b29@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Location
https://tags.w55c.net/rs?sccid=5008ef6b-7adb-27e8-cf95-a7171e942d35&scc=1&id=71b67348696b454582c45b8a45b1a724&t=homepage
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type,X-Forwarded-Proto
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
tag.js
www.mczbf.com/tags/11334/
44 KB
14 KB
Script
General
Full URL
https://www.mczbf.com/tags/11334/tag.js
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:a800:16:4ed5:12c0:93a1 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
a78545ff9d332fc6562856806b47f06b30d9c198b665e2da6cc38b772f0e0c8c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Content-Encoding
gzip
Via
1.1 4dacb01807cb4c0e8eb52307b7de1392.cloudfront.net (CloudFront)
Server
nginx
X-Amz-Cf-Pop
CDG50-C1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=1800
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
X-Amz-Cf-Id
YCHJyS3l50HIimfT0A6GYI_NMCBmUaVnOMxUIJ-syidaVPi4nc32dA==
X-Request-ID
52e33dee-228a-11ef-87af-cb88b3689114
collect
region1.analytics.google.com/g/
0
256 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-3TS4P88RE5&gtm=45je4630v887522027z871863389za200zb71863389&_p=1717516295131&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1058065929.1717516296&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1717516296&sct=1&seg=0&dl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&dr=https%3A%2F%2Fochsner.perkspot.com%2F&dt=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2191
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://page.firstleaf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
247 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3TS4P88RE5&cid=1058065929.1717516296&gtm=45je4630v887522027z871863389za200zb71863389&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9d -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://page.firstleaf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3TS4P88RE5&cid=1058065929.1717516296&gtm=45je4630v887522027z871863389za200zb71863389&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=899202649
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.131 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
web
edge.fullstory.com/s/settings/134SPF/v1/
8 KB
2 KB
XHR
General
Full URL
https://edge.fullstory.com/s/settings/134SPF/v1/web
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 -, , ASN (),
Reverse DNS
Software
UploadServer /
Resource Hash
aaa59fde141c30d7324956a07383701818431dc7f56856174c4d20424f5ee915

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:43:21 GMT
content-encoding
gzip
age
495
x-guploader-uploadid
ABPtcPox1jyyGrnPPTm-x0dcXMqYu4FIhLf4jhezoB12rVhiBNi1vYTB9Ph3X9PDVezXs5AI6L6j3O7xCA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2140
last-modified
Tue, 04 Jun 2024 15:40:47 GMT
server
UploadServer
etag
"9233920c6f5a1bac90c618727a1df3bd"
x-goog-generation
1717515647259958
x-goog-hash
crc32c=aPiYyQ==, md5=kjOSDG9aG6yQxhhyeh3zvQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
2140
accept-ranges
bytes
content-type
application/json
expires
Tue, 04 Jun 2024 15:58:21 GMT
1669030446688031
connect.facebook.net/signals/config/
306 KB
94 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1669030446688031?v=2.9.157&r=stable&domain=page.firstleaf.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
f184432dd488ab3c95ed958bae7c5af3ba1ad6e2bcb7d922b9f04753b19be689
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 04 Jun 2024 15:51:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
96250
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1297, tbw=63510, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
J4IJE1V+6rQJnBj/cuRb6YIiEFZinddFlnCENb2t9eUKKDmN5Lap6x4bVteamr7okEJ+si5bNT4B51UBcY4BVw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/
2 B
122 B
Fetch
General
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 -, , ASN (),
Reverse DNS
Software
Google Frontend /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:51:36 GMT
content-encoding
gzip
server
Google Frontend
access-control-allow-methods
GET, POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
9506446d5ad18248d0c63929d6a782bb
cache-control
private
function-execution-id
inegw6ohreos
access-control-allow-headers
Content-Type, Accept
content-length
22
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame
0
0
Preflight
General
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 -, , ASN (),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://page.firstleaf.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Accept
access-control-allow-methods
GET, POST
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-length
22
content-type
text/html; charset=utf-8
date
Tue, 04 Jun 2024 15:51:36 GMT
function-execution-id
jjbptb8vsh9z
server
Google Frontend
x-cloud-trace-context
3a012c6090a5f796b29d874737447f6b
5565374.js
bat.bing.com/p/action/
0
118 B
Script
General
Full URL
https://bat.bing.com/p/action/5565374.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Tue, 04 Jun 2024 15:51:36 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 3F4EA5719C40495AB79DC81464AE07DB Ref B: FRA31EDGE0115 Ref C: 2024-06-04T15:51:36Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
287 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=462bfc9f-4484-455a-8d47-1e15413f90f0&sid=52c98770228a11ef9dc0194a132563e7&vid=52c9ac60228a11efb5a285502f17fcd3&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&kw=wine,%20wine%20club&p=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&r=https%3A%2F%2Fochsner.perkspot.com%2F&lt=1590&evt=pageLoad&sv=1&rn=964119
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 04 Jun 2024 15:51:36 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E17A34B8344E430DA563E819AB5B3C27 Ref B: FRA31EDGE0115 Ref C: 2024-06-04T15:51:36Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/
0
231 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=462bfc9f-4484-455a-8d47-1e15413f90f0&sid=52c98770228a11ef9dc0194a132563e7&vid=52c9ac60228a11efb5a285502f17fcd3&vids=0&msclkid=N&el=%2Ffirstleafpartners&ec=Page&gtm_tag_source=ua_e&gc=USD&tpp=1&ea=template1-quality&en=Y&p=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners&sw=1600&sh=1200&sc=24&evt=custom&rn=178416
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 04 Jun 2024 15:51:36 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 047E0BA7754F452CBF0DC51D7DCD9EFA Ref B: FRA31EDGE0115 Ref C: 2024-06-04T15:51:36Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/
0
230 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=462bfc9f-4484-455a-8d47-1e15413f90f0&sid=52c98770228a11ef9dc0194a132563e7&vid=52c9ac60228a11efb5a285502f17fcd3&vids=0&msclkid=N&gtm_tag_source=ua_e&gc=USD&tpp=1&ea=gtm.js&en=Y&p=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners&sw=1600&sh=1200&sc=24&evt=custom&rn=547180
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 04 Jun 2024 15:51:36 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9AEFBF796926492F87A165A8C3C36AC2 Ref B: FRA31EDGE0115 Ref C: 2024-06-04T15:51:36Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
pipeline
ct.firstleaf.com/prh/
0
0

page
rs.fullstory.com/rec/
1 KB
745 B
XHR
General
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
88068c54a07a2a52393b5c4e9bd0cd1492fa7848fbb3ccfff3d5e38f26e1015a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 04 Jun 2024 15:51:36 GMT
content-encoding
gzip
via
1.1 google
content-type
application/json; charset=utf-8
access-control-allow-origin
https://page.firstleaf.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
553
pipeline
ct.firstleaf.com/prh/ Frame
0
0

events
fbapi.firstleaf.com/
0
265 B
XHR
General
Full URL
https://fbapi.firstleaf.com/events
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/1669030446688031?v=2.9.157&r=stable&domain=page.firstleaf.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:ebf:1f02:eb82:36ec:bd97:2494 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://page.firstleaf.com
date
Tue, 04 Jun 2024 15:51:36 GMT
access-control-allow-credentials
true
content-length
0
vary
origin
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1669030446688031&ev=PageView&dl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&rl=https%3A%2F%2Fochsner.perkspot.com%2F&if=false&ts=1717516296273&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1717516296268.64335648746842635&hmd=864576a389d99caa172f9351&pl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners&eid=ob3_plugin-set_8b281a71c52d4218443dda3aafd313b5c0efeecb3e198dd74d8fdd9cd1632709&cs_est=true&ler=other&cdl=API_unavailable&it=1717516296141&coo=false&rqm=GET
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de -, , ASN (),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=2807, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 04 Jun 2024 15:51:36 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1669030446688031&ev=PageView&dl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&rl=https%3A%2F%2Fochsner.perkspot.com%2F&if=false&ts=1717516296273&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1717516296268.64335648746842635&hmd=864576a389d99caa172f9351&pl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners&eid=ob3_plugin-set_8b281a71c52d4218443dda3aafd313b5c0efeecb3e198dd74d8fdd9cd1632709&cs_est=true&ler=other&cdl=API_unavailable&it=1717516296141&coo=false&rqm=FGET
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de -, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x73ffd2a13afb5501","source_keys":["1","2"]},{"key_piece":"0x9a964ead65255ea1","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Tue, 04 Jun 2024 15:51:36 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=3125, tp=-1, tpl=-1, uplat=165, ullat=0
pragma
no-cache
x-fb-debug
3hB5L0+ofRZg4ri4PMtzTUF2XXYudmqYgJbUjPpHyZ/Bd/+wP05BvNd9qvrJ/3B3WKfs9uFaKprOKErT5isVbw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
triggerRunner.js
d2mjzob2nc713b.cloudfront.net/widget/
11 KB
4 KB
Script
General
Full URL
https://d2mjzob2nc713b.cloudfront.net/widget/triggerRunner.js?v=53f4a9a
Requested by
Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:9000:d:370a:51c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45fdcedbeb833ea40206c98dfcbfa73842f72d53f166a26b47ecc3b01a55286d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 15:33:44 GMT
content-encoding
gzip
via
1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P10
age
1297073
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3876
last-modified
Mon, 20 May 2024 15:33:23 GMT
server
AmazonS3
etag
"f774f3054b32067929bcaf42657d6bb0"
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
x-amz-cf-id
8Yuoan_G3BB7dHuxOHaaGFdnVfuE4JbN8zbFKCMIgz-8HaYM-JKgvA==
x-amz-meta-mtime
1716219202.02
collect
www.google-analytics.com/j/
4 B
149 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=871498733&t=event&ni=1&_s=1&dl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&dr=https%3A%2F%2Fochsner.perkspot.com%2F&ul=de-de&de=UTF-8&dt=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page&ea=template1-quality&el=%2Ffirstleafpartners&_u=YADAAEABAAAAACAAI~&jid=1168088089&gjid=424394206&cid=1058065929.1717516296&tid=UA-68049103-4&_gid=2028431373.1717516296&_r=1&_slc=1&gtm=45He4630n71TKCVNWv71863389za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=55102414
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 15:51:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://page.firstleaf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
193 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=871498733&t=pageview&_s=1&dl=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&dr=https%3A%2F%2Fochsner.perkspot.com%2F&ul=de-de&de=UTF-8&dt=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=&gjid=&cid=1058065929.1717516296&tid=UA-68049103-4&_gid=2028431373.1717516296&gtm=45He4630n71TKCVNWv71863389za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=1974393770
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 04 Jun 2024 14:05:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
6373
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
lightbox_speed.js
www.lightboxcdn.com/vendor/8158d925-0b30-4be6-bcc9-4670b48f34c8/
3 KB
1 KB
Script
General
Full URL
https://www.lightboxcdn.com/vendor/8158d925-0b30-4be6-bcc9-4670b48f34c8/lightbox_speed.js?mb=1717516296353
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d483 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
8a6d19321dde38e335a0d585c0a5e083e7ed041bca02a1152c8157112cf15164

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 04 Jun 2024 15:51:36 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
90lsP72i/fnEnHAjzhK4BQ==
age
3
cf-polished
origSize=4971
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Mon, 03 Jun 2024 14:01:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
12ca5030-d01e-0022-0ec2-b57606000000
cache-control
public, max-age=60
x-ms-version
2009-09-19
cf-ray
88e915d4ffab9753-FRA
expires
Tue, 04 Jun 2024 15:52:36 GMT
seteventid.png
www.mczbf.com/tags/images/51d3fe9a228a11ef816d00720a18ba73/11334/6af7652b-b992-45fa-a039-baae52950eaf/
68 B
995 B
Image
General
Full URL
https://www.mczbf.com/tags/images/51d3fe9a228a11ef816d00720a18ba73/11334/6af7652b-b992-45fa-a039-baae52950eaf/seteventid.png?hasConsent=true&cjConsent=MXxZfDB8WXww
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:a800:16:4ed5:12c0:93a1 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Via
1.1 4dacb01807cb4c0e8eb52307b7de1392.cloudfront.net (CloudFront)
Server
nginx
X-Amz-Cf-Pop
CDG50-C1
X-Cache
Miss from cloudfront
Content-Type
image/png
Cache-Control
no-store
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
68
X-Amz-Cf-Id
Fp5LRQ3lFXcAQuoqCmJ7zHBGF8Lzjc9krL1aRlm7YG-_b6Ih9uRHUw==
X-Request-ID
52f00ecd-228a-11ef-bf57-2ff81339fe17
pageInfo
www.mczbf.com/11334/
68 B
714 B
Fetch
General
Full URL
https://www.mczbf.com/11334/pageInfo
Requested by
Host: ochsner.perkspot.com
URL: https://ochsner.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:a800:16:4ed5:12c0:93a1 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
*/*
Referer
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Via
1.1 524f30fc42ae138c5b6185cefbec064a.cloudfront.net (CloudFront)
Server
nginx
X-Amz-Cf-Pop
CDG50-C1
X-Cache
Miss from cloudfront
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
no-store
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
68
X-Amz-Cf-Id
eGlhs9830-78k6CURjJ2_h0KmosRasEMK1OWo5negxL-MAsKRGmcMA==
X-Request-ID
52ffed49-228a-11ef-9d28-19537fec7a99
widget.js
d2mjzob2nc713b.cloudfront.net/widget/
194 KB
49 KB
Script
General
Full URL
https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=2a338b8
Requested by
Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:9000:d:370a:51c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2bb8bd87e231ac9f9f22c98b1aae09d04ffc1bed75d096dacf0e629473151074

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 15:33:43 GMT
content-encoding
gzip
via
1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P10
age
1297073
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
50190
last-modified
Mon, 20 May 2024 15:33:24 GMT
server
AmazonS3
etag
"41961d3c766c3993d219e2cc934e33c0"
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
x-amz-cf-id
aool2rAyATpkt8KVmyxCBvpuISp01h6N350B0smFvbY4YnnmQ93vdQ==
x-amz-meta-mtime
1716219200.28
collect
stats.g.doubleclick.net/j/
1 B
148 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-68049103-4&cid=1058065929.1717516296&jid=1168088089&gjid=424394206&_gid=2028431373.1717516296&npa=1&_u=YADAAEAAAAAAACAAI~&z=9170361
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9d -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 04 Jun 2024 15:51:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://page.firstleaf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrations
rbv9j7km.firstleaf.com/
48 B
252 B
Script
General
Full URL
https://rbv9j7km.firstleaf.com/integrations?source=firstleaf
Requested by
Host: rbv9j7km.firstleaf.com
URL: https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.230.230.25 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
4abfc20341515e0793cc89ece1d464349fdc7675f925e473fd6d99a0cc18a8b8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Content-Encoding
gzip
Server
openresty
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript
jpuid
rbv9j7km.firstleaf.club/
67 B
409 B
Script
General
Full URL
https://rbv9j7km.firstleaf.club/jpuid?jsonp=RB.jsonPUID
Requested by
Host: rbv9j7km.firstleaf.com
URL: https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
142.93.61.219 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
7fd8b996e38f9052f37a3c84da42bd62db9a38e1cc69589d1f5c69d737bd333b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Content-Encoding
gzip
Server
openresty
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript
loader.min.js
files1.cybba.solutions/2856/
86 KB
27 KB
Script
General
Full URL
https://files1.cybba.solutions/2856/loader.min.js
Requested by
Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 -, , ASN (),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
f2a1abbb9637f0eace228f691af8b0fcf3524dba20769d8dd7457b03ece2c55b
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Frame-Options deny

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

cdn-requestpullsuccess
True
date
Tue, 04 Jun 2024 15:51:36 GMT
strict-transport-security
max-age=3600
content-encoding
br
cdn-edgestorageid
1079
cdn-cachedat
05/15/2024 07:13:15
cdn-pullzone
116099
last-modified
Tue, 05 Dec 2023 17:11:23 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"656f59bb-156fe"
vary
Accept-Encoding, Accept-Encoding
x-frame-options
deny
content-type
application/javascript
cdn-cache
HIT
cdn-uid
a080e070-2552-4896-b206-e42f1464eeab
cache-control
public, max-age=3600
cdn-requestid
48f564dee5bf8b854f99389ecb1e32e8
x-robots-tag
noindex
cdn-requestcountrycode
DE
cdn-status
200
expires
Wed, 15 May 2024 08:13:06 GMT
cybba_latest.min.js
d2rp1k1dldbai6.cloudfront.net/
78 KB
21 KB
Script
General
Full URL
https://d2rp1k1dldbai6.cloudfront.net/cybba_latest.min.js
Requested by
Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2447:ca00:d:87ae:bb80:21 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2e12b8472ff73f375d686384a427ddfcdef02c8b5e0d95756f60da35c9ad5257

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
6Nho3HuaZp08ZSRvbjBcl6b87GRXvfPa
content-encoding
gzip
via
1.1 416dae0837568c2bb7cea7ae5c6bba22.cloudfront.net (CloudFront)
date
Tue, 04 Jun 2024 03:38:25 GMT
last-modified
Tue, 28 May 2024 19:16:44 GMT
server
AmazonS3
x-amz-cf-pop
AMS58-P5
age
43992
x-amz-server-side-encryption
AES256
etag
W/"7cec048f51e17bf6914583e989576553"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
pMOhnJCDGPQ4rze3lNrBXcVaGjRXsiokGN1ya07t2aiiXm90sH7H3w==
up_loader.1.1.0.js
js.adsrvr.org/
12 KB
5 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.172.103.101 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 04:46:20 GMT
Content-Encoding
gzip
Via
1.1 81a2ccccd3da8ffc5c6580a9c9d4bace.cloudfront.net (CloudFront)
Last-Modified
Tue, 28 May 2024 04:42:45 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P8
Age
39917
x-amz-server-side-encryption
AES256
ETag
W/"a60a4e2650f94da6f243b9518761b381"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
4QOjiTH6QmdXQBHGxkHzJSDfhKIxLlHk4l398H2zeV02VO6dADmqKQ==
digibox.gif
www.lightboxcdn.com/z9g/
35 B
274 B
Image
General
Full URL
https://www.lightboxcdn.com/z9g/digibox.gif?c=1717516296520&h=page.firstleaf.com&e=p&u=44194
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d483 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 04 Jun 2024 15:51:36 GMT
cf-cache-status
HIT
content-md5
KNaBTzCeoon4R8ac+RGUxg==
age
1806688
cf-polished
status=not_needed
x-ms-meta-cbmodifiedtime
Fri, 02 Dec 2022 00:02:02 GMT
content-length
35
x-ms-lease-status
unlocked
cf-bgj
imgq:85,h2pri
last-modified
Fri, 02 Dec 2022 00:02:38 GMT
server
cloudflare
etag
0x8DAD3F8864E2F29
vary
Accept-Encoding
content-type
image/gif
x-ms-request-id
e979446f-501e-0011-4b70-752f2b000000
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88e915d5581f9753-FRA
user
app.cybba.solutions/
0
0

/
pro.ip-api.com/json/
302 B
458 B
XHR
General
Full URL
https://pro.ip-api.com/json/?key=aUoasJP8dMuydUf
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.77.64.70 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
46994e9f82d1c3f1d07418795257b9842e83d1bd31c55e7d0f613cb988264fe9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 04 Jun 2024 15:51:36 GMT
Content-Length
302
Content-Type
application/json; charset=utf-8
rb
rbv9j7km.firstleaf.com/v2/
44 B
337 B
Image
General
Full URL
https://rbv9j7km.firstleaf.com/v2/rb?pageReferrer=https%3A%2F%2Fochsner.perkspot.com%2F&url=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&action=view&source=firstleaf&rb_source=firstleaf&script_version=wxyz.rb.js&sessionId=a4d22aaf-1288-40d9-954e-aafb891a37b0&uid=rbos-aa512cf7-f10b-4e08-9e4f-a845ee5c00ca
Requested by
Host: page.firstleaf.com
URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.230.230.25 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 04 Jun 2024 15:51:36 GMT
Server
openresty
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
image/gif
rb
rbv9j7km.firstleaf.com/v2/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
d1hdjv7b05hja2.cloudfront.net
URL
https://d1hdjv7b05hja2.cloudfront.net/fonts/caslon.css
Domain
cloud.typography.com
URL
https://cloud.typography.com/7410416/6307592/css/fonts.css
Domain
ct.firstleaf.com
URL
https://ct.firstleaf.com/prh/pipeline
Domain
ct.firstleaf.com
URL
https://ct.firstleaf.com/prh/pipeline
Domain
app.cybba.solutions
URL
https://app.cybba.solutions/user?callback=_vtsdk.User.callbackUser&shopId=2856&oldUserId=undefined&email=null&_ts=44224855
Domain
rbv9j7km.firstleaf.com
URL
https://rbv9j7km.firstleaf.com/v2/rb?pageReferrer=https%3A%2F%2Fochsner.perkspot.com%2F&url=https%3A%2F%2Fpage.firstleaf.com%2Ffirstleafpartners%3Fcjdata%3DMXxZfDB8WXww%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D15528858_Firstleaf%2BPartners%2B-%2B6%2BBottles%2Bfor%2B%252444.95%252B%2BFree%2BShipping%2B%252F%2B12%2BBottles%2Bfor%2B%252479.90%26utm_subcampaign%3D2097062%26cjevent%3D51d3fe9a228a11ef816d00720a18ba73&action=identify&source=firstleaf&rb_source=firstleaf&podsights_session_id=b1ec2dd096b949e1b72f169a72014ae5&script_version=wxyz.rb.js&sessionId=a4d22aaf-1288-40d9-954e-aafb891a37b0&uid=rbos-aa512cf7-f10b-4e08-9e4f-a845ee5c00ca

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| setupGTM object| dataLayer object| __variantsData number| __page_id number| __customer_id number| __default_experience_id number| __version string| __variant number| __variant_id string| __variant_custom_name boolean| __preview number| __page_type string| __variant_hash string| __page_domain boolean| __page_generator object| __experiment_id boolean| __new_tracker object| _Translate object| trackingData object| GlobalSnowplowNamespace function| instapageSp function| _instapageSnowplow function| _instapageConsentManagement object| webpackChunk function| $ function| ijQuery function| jQuery function| setGTMPage function| updateQueryStringParameter function| getQueryWithLink function| setLinks number| interval boolean| mobileStickyActive function| stickyLogic object| __config number| __workspaceWidth object| __session object| __eventBus boolean| __cradleReady object| __featuresReady string| test_page function| instapageAnchorClick object| unknown object| google_tag_manager object| google_tag_data object| RB object| f string| cookieName string| cookieValue number| expirationTime string| date number| dateTimeNow function| fbq function| _fbq function| pdst function| snowplow boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS object| AddShoppersWidgetOptions string| GoogleAnalyticsObject function| ga object| cj function| onYouTubeIframeAPIReady object| gaGlobal

35 Cookies

Domain/Path Name / Value
.pslogin.perkspot.com/ Name: TiPMix
Value: 51.77638067172582
.pslogin.perkspot.com/ Name: x-ms-routing-name
Value: self
.perkspot.com/ Name: perkspot-auth
Value: eyJhY2Nlc3NUb2tlbiI6eyJhdXRoZW50aWNhdGlvbk1vZGUiOjAsInZhbHVlIjoiZXlKaGJHY2lPaUFpVWxNeU5UWWlMQ0FpZEhsd0lqb2dJa3BYVkNJc0lDSnJhV1FpT2lBaWFIUjBjSE02THk5d2N5MXdjbTlrTFd0bGVYWmhkV3gwTG5aaGRXeDBMbUY2ZFhKbExtNWxkQzlyWlhsekwxTjViblJvWlhScFkxUnZhMlZ1TFRBdlpXRm1NakEyTlRsbU56YzRORE5qWWpreVkyWTVZV0k0TUdJd01XVmxaamdpZlEuZXlKcGMzTWlPaUpvZEhSd2N6b3ZMM2QzZHk1d1pYSnJjM0J2ZEM1amIyMGlMQ0pqYVdRaU9pSjJjRGw2YkRSbU9IZDZlV054TjJGek0yMWthU0lzSW1OdmRXNTBjbmxmYVdRaU9qTXpMQ0pqYjIxdGRXNXBkSGxmYVdRaU9qRXdOekFzSW1GMWRHaGxiblJwWTJGMGFXOXVUVzlrWlNJNk1Dd2lkWE5sY2w5cFpDSTZNelV3TmpBeU56SXNJbVZ0WVdsc0lqb2ljMkZzYkhrdWJXRmthWE52YmtCdlkyaHpibVZ5TG05eVp5SXNJbk4xWWlJNkluTmhiR3g1TG0xaFpHbHpiMjVBYjJOb2MyNWxjaTV2Y21jaUxDSnBZWFFpT2pFM01UYzFNVFl5T0Rnc0ltVjRjQ0k2TVRneE1qRXlOREk0T0N3aWEybGtJanB1ZFd4c2ZRLk90SXJzVUdheWtuRi03T1YwR295THNXengzOEZGNFQ3SUpEaGpvS0JHR2JVX3duR2xsb3llRUIxOWVBSS1acXVmSEx2YXhfVWRsdzI1dmNBUUlIZU4yNHhwdnVvZEpYaDVfaUY3d3BPalhsM0VJTUFjamR4QlgyRmQxTURoVHR2STBYNkxVUWh0X01NZExmdkk5MFJON21RU0xwMmZHN1BuNzRDYTQwZUwteHk1V09ac0hXT2k2VWp0eXJ6M2pHb0dBQjlKcTl6MlUxRElRVUpGZmxqUlZvTzF6Ql8xN1dSZ1pDOUQ1eEMtSkEtNF9KaTdhMW44Q01vcGJEVHB3WnJHd3ZmaDNnTm5kZVJodTVaaGVWYmdfaDhDS1lvdDZac01FTlc3RWVSTG9SMWFFY2dUanBSN2tXUHN3U2trUTM5LV9HYzdYUmdqVHFteXNlM24zNkRWUSIsImV4cGlyYXRpb24iOiIyMDI3LTA2LTA0VDE1OjUxOjI4KzAwOjAwIiwiaXNFeHBpcmVkIjpmYWxzZX0sInJlZnJlc2hUb2tlbiI6bnVsbCwiY2xpZW50SWQiOiJ2cDl6bDRmOHd6eWNxN2FzM21kaSIsInVzZXJJZCI6MzUwNjAyNzIsInVzZXJFbWFpbCI6InNhbGx5Lm1hZGlzb25Ab2Noc25lci5vcmciLCJjb3VudHJ5SWQiOjMzLCJjb21tdW5pdHlJZCI6MTA3MCwia2lkIjoiaHR0cHM6Ly9wcy1wcm9kLWtleXZhdWx0LnZhdWx0LmF6dXJlLm5ldC9rZXlzL1N5bnRoZXRpY1Rva2VuLTAvZWFmMjA2NTlmNzc4NDNjYjkyY2Y5YWI4MGIwMWVlZjgifQ==
pslogin.perkspot.com/ Name: communityId
Value: 1070
pslogin.perkspot.com/ Name: SessionHolder
Value: 93615a2d-c3ab-4126-8563-77da520f0d54
pslogin.perkspot.com/ Name: ps_sid
Value: 93615a2d-c3ab-4126-8563-77da520f0d54
.ochsner.perkspot.com/ Name: TiPMix
Value: 16.082650796748688
.ochsner.perkspot.com/ Name: x-ms-routing-name
Value: self
ochsner.perkspot.com/ Name: SessionHolder
Value: 27b38b8c-d4e6-478f-ac28-1d5a8bc386ed
ochsner.perkspot.com/ Name: ps_sid
Value: 27b38b8c-d4e6-478f-ac28-1d5a8bc386ed
ochsner.perkspot.com/ Name: __RequestVerificationToken
Value: jL9Tjcxyt9cqxz_7MMCu5nwQwYFg2no3ggyo9hJbc2as8sA7BzgowoYTKleIYA_4soVHp0y2y_poau_S25W2TCfKAo5XN9B7wIqqGD8qdCeaXrg4z9QDqv-W3BjJEjx0aLz6wJK4_zT6s1VLI8LA4g2
.ochsner.perkspot.com/ Name: _vwo_uuid_v2
Value: D1043D518F125D6B3A73479C6D56C86E7|89b56ce04ca43952eccb4f62e29f25b6
ochsner.perkspot.com/ Name: ai_user
Value: MntZPGmcr4gLXqb+Brdtvg|2024-06-04T15:51:31.696Z
.perkspot.com/ Name: _vwo_uuid
Value: D1043D518F125D6B3A73479C6D56C86E7
.perkspot.com/ Name: _vwo_ds
Value: 3%241717516291%3A90.3354699%3A%3A
.perkspot.com/ Name: _vwo_sn
Value: 0%3A1%3A%3A%3A1
.perkspot.com/ Name: _vis_opt_s
Value: 1%7C
.perkspot.com/ Name: _vis_opt_test_cookie
Value: 1
.perkspot.com/ Name: TLTSID
Value: 20836404514011890545509042408592
ochsner.perkspot.com/ Name: ai_session
Value: nlrcdUUMjqhWwIeSGWlgcV|1717516291938|1717516291938
widget-mediator.zopim.com/ Name: AWSALBCORS
Value: 4lxjFAbhM60/MxLmQmyiAhcV5fretkAdZNXwwEnzf42yt8fS2EFU7a1y6jUo5ac3jRvLUDo6torpGYqcz3nOnXNo9UFpGl+tPM1ti/gPeC0Ldou/7oAILnAYpUxn
.perkspot.com/ Name: __zlcmid
Value: 1M6mlmajU9SBUZX
.dotomi.com/ Name: CJSession
Value: 625e38b0-04c6-4bc2-a92d-411502223e78
.dotomi.com/ Name: cjae
Value: kVXZmEynD7Gc
.dotomi.com/ Name: DotomiUser
Value: 400705746669195454$0$1
.dotomi.com/ Name: LCLK
Value: cjo!x2pz-okrgrot
.emjcd.com/ Name: S
Value: 400705746669195454:kVXZmEynD7Gc
.emjcd.com/ Name: LCLK
Value: cjo!x2pz-okrgrot
.emjcd.com/ Name: CJSession
Value: 625e38b0-04c6-4bc2-a92d-411502223e78
.page.firstleaf.com/ Name: __cf_bm
Value: rqfwsKy0MzkkIMSgK_1n5dKDtslSSGYj8HAFPk6.BWc-1717516295-1.0.1.1-EFMwoqgYeSe3Rb68X0u4I1qRCM5HIvoTD2kEJd4bzPJH2rhUGgE3Upt7AZdmRzRQSf8zXALM0JnV.9KuMV1cFg
.firstleaf.com/ Name: query
Value: ?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
.firstleaf.com/ Name: _gcl_au
Value: 1.1.909658522.1717516296
.page.firstleaf.com/ Name: cf_clearance
Value: TlJcf0FQS5dtEJTi6EWLi0v6ZDyoshtYoaN2Y.k7BHQ-1717516295-1.0.1.1-HMTIMKMfOZahgZEXgTH42HgIUtPLh6Eo9povLk_HWLeXnxmOocHL1aicMItoLMc_WjSsmTookiCBd7LOHgHgWg
.firstleaf.com/ Name: FL_Referrer
Value: 2
.firstleaf.com/ Name: CJEVENT
Value: 51d3fe9a228a11ef816d00720a18ba73

18 Console Messages

Source Level URL
Text
network error URL: https://d1hdjv7b05hja2.cloudfront.net/fonts/caslon.css
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://page.firstleaf.com/firstleafpartners?cjdata=MXxZfDB8WXww&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=15528858_Firstleaf+Partners+-+6+Bottles+for+%2444.95%2B+Free+Shipping+%2F+12+Bottles+for+%2479.90&utm_subcampaign=2097062&cjevent=51d3fe9a228a11ef816d00720a18ba73
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors *.perkspot.com
X-Content-Security-Policy frame-ancestors *.perkspot.com
X-Frame-Options SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.cybba.solutions
assets.zendesk.com
az416426.vo.msecnd.net
bat.bing.com
cdn.instapagemetrics.com
cdn.jsdelivr.net
cdn.pdst.fm
cdn.rollbar.com
cj.dotomi.com
cloud.typography.com
connect.facebook.net
ct.firstleaf.com
d1hdjv7b05hja2.cloudfront.net
d2mjzob2nc713b.cloudfront.net
d2rp1k1dldbai6.cloudfront.net
dc.services.visualstudio.com
dev.visualwebsiteoptimizer.com
edge.fullstory.com
ekr.zdassets.com
email.perkspot.com
fbapi.firstleaf.com
files1.cybba.solutions
fonts.googleapis.com
fonts.gstatic.com
g.fastcdn.co
heatmap-events-collector.instapage.com
images.firstleaf.com
js.adsrvr.org
js.go2sdk.com
lib-us-1.brilliantcollector.com
ochsner.perkspot.com
page.firstleaf.com
perkspot.zendesk.com
pro.ip-api.com
pslogin.perkspot.com
psprods3ep.azureedge.net
rbv9j7km.firstleaf.club
rbv9j7km.firstleaf.com
region1.analytics.google.com
rs.fullstory.com
shop.pe
static.zdassets.com
stats.g.doubleclick.net
tag.simpli.fi
tags.w55c.net
trkn.us
unpkg.com
url1941.psmark.perkspot.com
us-central1-adaptive-growth.cloudfunctions.net
v.fastcdn.co
www.emjcd.com
www.facebook.com
www.google-analytics.com
www.google.de
www.googletagmanager.com
www.kqzyfj.com
www.lightboxcdn.com
www.mczbf.com
www.p.zjptg.com
www.rtb123.com
app.cybba.solutions
cloud.typography.com
ct.firstleaf.com
d1hdjv7b05hja2.cloudfront.net
rbv9j7km.firstleaf.com
104.16.51.111
104.18.70.113
104.18.72.113
13.107.238.51
13.33.187.53
142.250.185.131
142.93.61.219
157.230.230.25
18.172.103.101
18.239.83.67
2.16.100.17
20.50.88.245
2001:4860:4802:32::36
2001:4860:4802:36::36
2400:52e0:1e00::1082:1
2600:1f16:ebf:1f02:eb82:36ec:bd97:2494
2600:9000:2117:a800:16:4ed5:12c0:93a1
2600:9000:2447:ca00:d:87ae:bb80:21
2600:9000:26e8:9000:d:370a:51c0:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700:10::6816:2df6
2606:4700:4400::ac40:95d5
2606:4700:4400::ac40:96fb
2606:4700:4400::ac40:9b7c
2606:4700::6811:f7cb
2606:4700::6812:bb1f
2606:4700::6813:d483
2620:1ec:bdf::45
2620:1ec:c11::237
2a00:1450:4001:806::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:827::200e
2a00:1450:4001:829::2008
2a00:1450:400c:c04::9d
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.235.21.140
34.36.17.181
34.96.102.137
35.158.75.12
35.186.194.58
35.201.112.186
35.227.244.1
35.234.162.151
35.244.142.80
51.77.64.70
52.84.174.56
67.225.220.126
89.207.16.75
01a6571de875629cd204157ffb77bdf6787f80ecbafacae73c1cc4f893eb43a6
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d
03f0619fa53beb8da371427175c6f4d0df5b3b0b8a3572a3bfaa160318295b66
046a17d8ea200b4630362aab3ccc8927b1afe2c283e2205c0ab49609d61eecda
047794317b70504540fd8504bd67eec9a33e7e7b9558fb2f73a0a0de663a51c3
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0e8abd9abf618f3004615d16dbe6d2fb4ba97e5bde8381a1fe2641c989cc9d6e
0f7273acda780f25a6645b50679ea08b5ff69947e957088e6777f0305f2145a0
0f7c8ca4341ce357e0424f80dd36181ae812a3449b09b5d7e804133df7c30ebf
0f88056ae93eb3934cd9cd312a9766a14afadf3cb20c1d2a07d8a8d5344e46bc
190e3a6420847bb948355183c2fdcdfa9ce099ce7e4bcc9c28ebe41fed127186
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60
1f29f9fa83fe6deaed043de807534108e2e819ad149d10da35caea2b4f06fcd2
1f8b1e7f9cadc01a60f84f57941f4906b23a5f03b003bc910ae4a0adbf4e01ab
2100fd166e7a374addee5e144031fd5bb4a71446aea6f38685a63a35a10516d7
22d5844a30edf2c15420b17b1b14c47e910a7bfadf33cd93d1767aba1be29055
255733aa26ecbe1a2608fc086d6b510fafce3647ad1ddf22392c390a1306e640
297d3cd3ccf85fb90010fc152b085a96734c23c125fcff1764e7e5ac73d67cbf
2bb8bd87e231ac9f9f22c98b1aae09d04ffc1bed75d096dacf0e629473151074
2e12b8472ff73f375d686384a427ddfcdef02c8b5e0d95756f60da35c9ad5257
3169f33b203d2a1366e5bbbc02d245e3c9cd4ec1d30e56d1457056ce2678e8bd
3231117db58989506eb883fa287dcd077b23d91e9deebc8e14a7d13c9756b53a
36448550261e964217811600224a54578479bb9f0c417ac213a84b597ff178e9
371ac67deea0ac8c452557a001a3aed65c29f6c550d2e1e85c2fbe3fb85b3ef7
3e56a4985055d1f66fb79ea590062f13b7732587f4a33067ea3ee9d2330e043b
3f7e683e432438eb81fd7c0bcfe2df76b0ed1e2004fad6bcd4bb134094bd360d
405fbe83464869d07a363774c6b85f4e198cee730a5495f9e0f9de7f279a4311
40f2d552c0db3ead874ec52bf624d9ec88007d8b659cd7189fecc3ff19d3d248
424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8
42ae1eb8cc55b4e2382e02323c96a40e80432d3e810bce85f10c75ddacbd2e2b
4531531e27fd238f5f1df78d134fdc1268995007411caf68867a72d72aaeb919
45fdcedbeb833ea40206c98dfcbfa73842f72d53f166a26b47ecc3b01a55286d
460535d21cb0765795ffa52442ac0e6e1d5051bc31407f5e77dac1afa077edcc
46994e9f82d1c3f1d07418795257b9842e83d1bd31c55e7d0f613cb988264fe9
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4abfc20341515e0793cc89ece1d464349fdc7675f925e473fd6d99a0cc18a8b8
4ba8b2431710fcdb79d83b1489e461d61defe658b213d1b39cbf322dcb20d58e
4efcdc6c80c020c85311ffd5ff5bd87183932775ac92802bac0b223ee4e8b156
50be14f88a4eb1eef028a8efa857e15be2d0fe7d344ccb7771e34f31fbd33dcd
50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599
51698055502813cd29205292dfcb7517bd803cf9deb22e21d06bd24fb3bcdf4b
54caf1fa6a1edc50ba279842ba65958d3dfc27ccdd12aa87c20ee5521cc3c0b5
55af9a94aa072cf5c093d7269bd98cec30ecade6ac2bc94dc9b47758630f4ba5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56803e8fac0559c6f22f3b7ab50580285d4b64e77fefe70496e347483ad2e195
59dcd2d919153d915a5a2c47d1294158186372dfc4901cccff7ce02834aeb73d
5b0d97d8d201c90904940d02e81c29041bfdfce0ee774dd8224de6eda208f961
5f767fd14aa58b7eb05ad986cd7b834cc8d0c2d22820f39e0dd950c17ae505b0
60035f8d3292fc0b3155089baabc76fce2178f8d104ef606e4e31cbe0a2803b2
628834657c267940312e1a8ffa1443276b646ed8cd8509f7f8c6ab284e832bd3
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
645ab215148e00ab2ba3fdfc7caec9aa6d0cd5a672078f1d033a01e0f5a44864
65e4d18477e0e194ae2b3848fe053621a40508eeb817ab8c832b8005edd2c6af
673f9d011800204dd6d79b0607fcc635e3be028bcc76308625a65cf678bf1cfa
688ea52c7291b980af811cab2dfc8af5ebb15a01555ddc0f3f312db77b059b74
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d8a9076b5887859a16d3d9264b4d27f4ec0412e1ef51e43cbb1d8f1eaf07541
747a09321aacb9796be726ab2490560a06c01a7171ef773d58670cc575fe22e5
781c3947a11e341be26deaf6932720272733e184602d02fcb3b6dfb658f9d951
78e04595db9933ecf5e24650b1501604f66e2d977befd16f85f449e378aae9b3
79990ca8962ccf1d3948a73a50bcdc3d4a671ecc49c2f59f2db84cf7c7b552a6
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7fd8b996e38f9052f37a3c84da42bd62db9a38e1cc69589d1f5c69d737bd333b
7fe6faaa9000001abfaa88dcdb7e1e06e4c656d596928b59793271eb01852558
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
8444915c7d150ad579f3e581586b2653e06238571c3c7c2bc50432943fac3b57
844ba7cf297ced245b9a3240cab82df42038cbf35d7936cf430790854a019f7c
84aafd3b0424d927bd3bcc5d9a9d1a194d229fd26021e29643a85f1526d4726c
853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29
88068c54a07a2a52393b5c4e9bd0cd1492fa7848fbb3ccfff3d5e38f26e1015a
89290d4672ac1ce466302360408c73c96d10cc7ad67a4a3f972563c88efc1b67
8a6d19321dde38e335a0d585c0a5e083e7ed041bca02a1152c8157112cf15164
8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162
8f235d19f5cf10061b266c784723b2829a7acab9b88ac8924b5aac3d0be0b438
90a531b621d2e8b6d11496fa4dceb4e3a66b73b0453ed8140b7a3b094de729a3
915cbb7f07c967c0ba968097886ee2b4dd64e6cc216b43a11d06401dddf8faeb
91aa9a6c203eab189b868e22be75095642a4a3bc6313cf170b6462e96a4fa069
92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f
9dad152dee0fa578a8f11721162206b98299f9926d203303a92d65d4920104d5
a0b5013409a4dd0a10edb90daa4c92c08dd5277ece8ef414ea7288352bad7bd2
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a491c75feed5de07c5670575157d1a18d8e0cec1254e9a4e09e35473fa20d015
a5fdc3c049758de67218b318b4a6ca0f6d1f5069c1dfa938ea462133d5ab3cfa
a731c8e7201b548a0fc418d1d6a68ba31a1fad59cd836e95906e5f3efa43acd8
a78545ff9d332fc6562856806b47f06b30d9c198b665e2da6cc38b772f0e0c8c
a7edee5011755f4a5a73900cf0e54e042e5ecdecf913b9cebbfb1feeb4d12304
a8400be7d2d60d42fdac04aed87154d78843df12845c5ffb871d274ca8096006
aa55d216890ad204cd829e8c33fe34ef24c4e0638023f54b7d36ea3f0b1e387e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aaa59fde141c30d7324956a07383701818431dc7f56856174c4d20424f5ee915
ac37996ea31bb4a1009ab93325cd2e100f3a04159a10ba7d7335f8f9b6d8a430
ac69e164e518042ea09dfc5c11cbdafeda08ba402dd13197303a075c699b233f
ad79fe59f1583a5788084bea3eac291649744d146441c558657af89a199ef935
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b33ca70bf7322a53faf60a30476d07f1e888d457cbdb66f50bb3c0063d3c06dd
b5f97a2736472069caf7a7c5ff6444518183c7b8cbcb07617d36898d98d9ae22
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136
bdeda331b720b33bf5b8bc88d52d16a1c40da840b41f4692e3ed70253fed9486
c1a12b438b92f44bc2016f691548ce0632e07415b802954f7671222ef17253ef
caa21a65dd9e1df81a57e31bd7e5c336bf6de1d84912074baa5b85fa44744a4f
ccf4add6cbec09e4c302fcfb8c217a485feba24a2837ebbb577d6ad96edf67d8
cd2607bd1e0d28c5c660af6719320d3e1aaac939df14f8888c554c15f5e0ee3f
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
d10dad0283c64a3ce558080e000850d6635c96244e1140770ea285296f88af1f
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d8486a3f9ae75406b6ca3afd7774fc851165a682a248dd28c275de379224135a
db4aa790f6662d4e06c67e22c11d1c4654dbf373d116c16f71ecb82ba5efc244
dd8625bfa35604f050e4dcc7ff10c2c31d7cdf1ce7bdf4cde0d0415dcc74e2fb
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1c64521f13b12cd01b2aec667a5d85b3d8d0c56128fcdd8232adfc7f45536bf
e3aea053185642fa68771f64f22d4ac36bc0460ce86542e008efd81d3dfc54f7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
ea60f766281949bc2177c91021568b584ff6058d917f8c3bb4a61ae1b13216d9
ecc3883f7b177edcd6a59dcdb4f957cba8a1df5180202fcd3f30bd33dd6f7d7b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f184432dd488ab3c95ed958bae7c5af3ba1ad6e2bcb7d922b9f04753b19be689
f2a1abbb9637f0eace228f691af8b0fcf3524dba20769d8dd7457b03ece2c55b
f4e54d8b5abd14920406ad0ce9ae99de43df27b0b8121a25e93536c8b27ab2ca
fa78dee940e5d225c5a02fb723f292e48892209a447919b235ed07de151cd2b4
ffbc89001d744f391897c2e5e3103609c2877b745780a94fb574e3249cbc0314