urlscan.io logo urlscan.io
SecurityTrails logo

mshersheyfoundation.org Open in urlscan Pro
209.249.147.60  Public Scan

Go To Rescan Add Verdict Report
URL: https://mshersheyfoundation.org/
Submission: On April 18 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 27 HTTP transactions. The main IP is 209.249.147.60, located in United States and belongs to LOOP-INTERNET, US. The main domain is mshersheyfoundation.org.
TLS certificate: Issued by R3 on March 25th 2024. Valid for: 3 months.
This is the only time mshersheyfoundation.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 209.249.147.60 394868 (LOOP-INTE...)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.17.24.14 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
27 5
20    209.249.147.60 (United States)

ASN394868 (LOOP-INTERNET, US)
PTR: 209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
mshersheyfoundation.org
2    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
fonts.googleapis.com
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
20 mshersheyfoundation.org
mshersheyfoundation.org
412 KB
2 gstatic.com
fonts.gstatic.com
35 KB
2 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 647
17 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 363
fonts.googleapis.com — Cisco Umbrella Rank: 33
34 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
8 KB
27 5
Domain Requested by
20 mshersheyfoundation.org mshersheyfoundation.org
2 fonts.gstatic.com fonts.googleapis.com
2 ssl.google-analytics.com mshersheyfoundation.org
1 fonts.googleapis.com mshersheyfoundation.org
1 cdnjs.cloudflare.com mshersheyfoundation.org
1 ajax.googleapis.com mshersheyfoundation.org
27 6

This site contains links to these domains. Also see Links.

Domain
interland3.donorperfect.net
Subject Issuer Validity Valid
mshersheyfoundation.org
R3		 2024-03-25 -
2024-06-23		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mshersheyfoundation.org/
Frame ID: 6DB2DDF8A3296670D4E81D945FCFE503
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

The M.S. Hershey Foundation

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

506 kB
Transfer

631 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
mshersheyfoundation.org/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
1581f060152a996ba552b20a36ae3cf790a280b7f1ef3680b150becbfefcf2d5
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private
content-encoding
gzip
content-length
3065
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
content-type
text/html; charset=utf-8
date
Thu, 18 Apr 2024 16:35:09 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
screen.css
mshersheyfoundation.org/lib/css/ 		16 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/css/screen.css
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
4cef6243796e581a486986864ea03536b920dbb8d0833d01a29f48d0a6f2fa48
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
4106
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 11 Dec 2019 20:19:11 GMT
server
nginx
etag
"809bd3f60b0d51:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
screen-home.css
mshersheyfoundation.org/lib/css/ 		690 B
867 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/css/screen-home.css
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
249a10836fdd5c81436e2864383bffb59b14119f34af0d0d265d31964e6f4f6d
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
417
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:36 GMT
server
nginx
etag
"06ea5419c1cf1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 22:16:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
238712
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33434
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 22:16:37 GMT
jquery.cycle.all.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.cycle/3.0.3/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.cycle/3.0.3/jquery.cycle.all.min.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8686782091080b31395a43b904da5e95ddbb1e3399ad23aecf42160fc32829d3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
69813
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
7390
last-modified
Mon, 04 May 2020 16:11:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec2-6dbc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyVxUjD49dSgszp85lGuBK1lIIwrbTE0MQS6WP6Cv%2BwXaR99%2FdmkfPQkUUhV9UdmWRaN%2Fl0dvzdjwOeR2I4pVy9GpU4JKhwxvT%2F7BY2oGwmZChcdx3DPjjU4k%2FWOldC4HfxnN1Xt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
876611024fb49030-FRA
expires
Tue, 08 Apr 2025 16:35:09 GMT
imageHolder.js
mshersheyfoundation.org/lib/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/js/imageHolder.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
bd3b6e08d2b335cc8b7444d953fa6a5777787a77d670cdf14b15f9031e6d780f
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
924
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 10 Oct 2014 15:12:14 GMT
server
nginx
etag
"0db71929ce4cf1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
core.js
mshersheyfoundation.org/lib/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/js/core.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
6d1eb211adc9399ec1859a81a10aed38e52c1e53d99fe7e902e5e916f42bf65e
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
724
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:38 GMT
server
nginx
etag
"0331b5619c1cf1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
flashdetect.js
mshersheyfoundation.org/lib/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/js/flashdetect.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
f6fc1b1cb40fa6158b50d9b2ecdabe85d3d73855fa39f6704e12b3e65a1e2d8c
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
1933
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:38 GMT
server
nginx
etag
"0331b5619c1cf1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
logo.gif
mshersheyfoundation.org/lib/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/logo.gif
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
2eba67dfa43006e20a1fdb1b6a8a0527e6134abb1484dda02b62c014ff042502
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:36 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"06ea5419c1cf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/gif
accept-ranges
bytes
content-length
4163
x-xss-protection
1; mode=block
mh_quote.png
mshersheyfoundation.org/lib/img/slider/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/mh_quote.png
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
30a5ef6c32499561dbb14b473060ec920e4af35c9cde5c799cf46574bd7e3e63
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:32 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"042cc482adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
106863
x-xss-protection
1; mode=block
h-gardens-label.png
mshersheyfoundation.org/lib/img/slider/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/h-gardens-label.png
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
54c9337b6ec22f7a9aa2a202c0e7b5c48f7af6115b0206d1d28aa4c66c8311f8
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 18:33:26 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"09f68538dfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
5249
x-xss-protection
1; mode=block
h-story-label.png
mshersheyfoundation.org/lib/img/slider/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/h-story-label.png
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
82c7f28a912979611752fce411f8f28dc7744088613a75676847dec91ef489eb
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 09 Oct 2014 16:09:16 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"0deb35fdbe3cf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
5207
x-xss-protection
1; mode=block
h-theatre-label.png
mshersheyfoundation.org/lib/img/slider/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/h-theatre-label.png
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
658f681dea0418820e56478ab4af0b785307740d29f72aa3ed32de2a8a52a10e
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 18:33:34 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"053cb8938dfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
4936
x-xss-protection
1; mode=block
hershey-gardens-2.jpg
mshersheyfoundation.org/lib/img/slider/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-gardens-2.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
5aac8adec048acddf03781e5cde4a948e4b42fedaf37d4dd15546e91dd0a41f6
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:52:04 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"012df5b2adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
40438
x-xss-protection
1; mode=block
hershey-gardens.jpg
mshersheyfoundation.org/lib/img/slider/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-gardens.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
d74eb2f840e40e8669f74877cc119de5a1a28187a9a7e4d1c7ff8295d553086c
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:58 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"08b4b582adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
55862
x-xss-protection
1; mode=block
hershey-story-2.jpg
mshersheyfoundation.org/lib/img/slider/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-story-2.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
26a75b0a4038a3733b0f3f5100d59f312598e105a44a626d18639e08f528132d
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:52 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"04b8542adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
41637
x-xss-protection
1; mode=block
hershey-story.jpg
mshersheyfoundation.org/lib/img/slider/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-story.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
d03d0f2581cbe36239f4cc1cc79c14109b1f5720b298acc8ec5d90616d69ed31
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:44 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"050f34f2adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
34153
x-xss-protection
1; mode=block
hershey-theatre-2.jpg
mshersheyfoundation.org/lib/img/slider/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-theatre-2.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
8fddf2a8d35dc5861ad7cde2d1cc2668ec87d3c65a22799b94e7b88e2c2fc9d0
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:40 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"0f6904d2adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
46361
x-xss-protection
1; mode=block
hershey-theatre.jpg
mshersheyfoundation.org/lib/img/slider/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/slider/hershey-theatre.jpg
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
4a0ab6730f598be6a398c7cd68bae43129c49e2eab25b00d12927bd52457e9f3
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 03 Oct 2014 16:51:36 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"09c2e4b2adfcf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/jpeg
accept-ranges
bytes
content-length
54476
x-xss-protection
1; mode=block
print.css
mshersheyfoundation.org/lib/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/lib/css/print.css
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
d2e01bfb7d80c18bbc17f87a204aa14aac608d11a4950aaf357e07dd92d3c7f1
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
content-length
1255
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:36 GMT
server
nginx
etag
"06ea5419c1cf1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
css
fonts.googleapis.com/ 		4 KB
787 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Karma:400,500,600,700
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/lib/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b6cef530185a83454b8a9e7dbc371aa73e0df22a82f532095b41b7cc84f166a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/lib/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 18 Apr 2024 16:35:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 18 Apr 2024 16:35:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Apr 2024 16:35:10 GMT
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Apr 2024 15:54:57 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2413
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Thu, 18 Apr 2024 17:54:57 GMT
bg.gif
mshersheyfoundation.org/lib/img/ 		156 B
572 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mshersheyfoundation.org/lib/img/bg.gif
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/lib/css/screen.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
f61d038e49ed65485957eda7c361d3692ceafd983b9f6709f45207c13872c532
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/lib/css/screen.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Aug 2014 10:34:36 GMT
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
etag
"06ea5419c1cf1:0"
x-powered-by
ASP.NET
x-frame-options
SAMEORIGIN
content-type
image/gif
accept-ranges
bytes
content-length
156
x-xss-protection
1; mode=block
va9F4kzAzMZRGLjTZPZ4sK0.woff2
fonts.gstatic.com/s/karma/v16/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/karma/v16/va9F4kzAzMZRGLjTZPZ4sK0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Karma:400,500,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9bc9e3d9388e82d5e809cb9170575703e2512704f83289947aca10d62dffc32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://mshersheyfoundation.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 13 Apr 2024 13:56:05 GMT
x-content-type-options
nosniff
age
441545
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17260
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:42:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 13 Apr 2025 13:56:05 GMT
va9F4kzAzMZRGLibYvZ4sK0.woff2
fonts.gstatic.com/s/karma/v16/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/karma/v16/va9F4kzAzMZRGLibYvZ4sK0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Karma:400,500,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f72c05899bef88f243774b800861a5d5374374eac545d09d7e5283d156421c19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://mshersheyfoundation.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 12 Apr 2024 18:30:03 GMT
x-content-type-options
nosniff
age
511507
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17712
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:43:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Apr 2025 18:30:03 GMT
__utm.gif
ssl.google-analytics.com/r/ 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=607494731&utmhn=mshersheyfoundation.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=de-de&utmje=0&utmfl=-&utmdt=The%20M.S.%20Hershey%20Foundation&utmhid=1648129566&utmr=-&utmp=%2F&utmht=1713458110232&utmac=UA-11806827-2&utmcc=__utma%3D119904660.2095221457.1713458110.1713458110.1713458110.1%3B%2B__utmz%3D119904660.1713458110.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1668671462&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: mshersheyfoundation.org
URL: https://mshersheyfoundation.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 18 Apr 2024 16:35:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
mshersheyfoundation.org/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mshersheyfoundation.org/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.249.147.60 , United States, ASN394868 (LOOP-INTERNET, US),
Reverse DNS
209.249.147.60.IPYX-125459-ZYO.zip.zayo.com
Software
nginx / ASP.NET
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://mshersheyfoundation.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 16:35:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
content-encoding
gzip
server
nginx
content-security-policy
default-src * data: 'unsafe-eval' 'unsafe-inline'
x-powered-by
ASP.NET
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| requiredVersion number| jsVersion object| hrefs string| link_path function| addtrackerlistener function| trackfiles boolean| hasFlash2 boolean| hasFlash3 boolean| hasFlash4 boolean| hasFlash5 boolean| hasFlash6 boolean| hasFlash7 boolean| hasFlash8 boolean| hasFlash9 number| maxVersion number| userVersion boolean| hasRequiredVersion boolean| isIE boolean| isWin function| detectFlash function| insertFlash string| gaJsHost object| _gat object| _gaq object| pageTracker object| gaGlobal object| $curr object| $next

6 Cookies

Domain/Path Name / Value
mshersheyfoundation.org/ Name: ASPSESSIONIDSETQAQBA
Value: LBFLDFIABGCOKNCHDPACDLDO
.mshersheyfoundation.org/ Name: __utma
Value: 119904660.2095221457.1713458110.1713458110.1713458110.1
.mshersheyfoundation.org/ Name: __utmc
Value: 119904660
.mshersheyfoundation.org/ Name: __utmz
Value: 119904660.1713458110.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.mshersheyfoundation.org/ Name: __utmt
Value: 1
.mshersheyfoundation.org/ Name: __utmb
Value: 119904660.1.10.1713458110

3 Console Messages

Source Level URL
Text
javascript warning URL: https://mshersheyfoundation.org/(Line 135)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://mshersheyfoundation.org/(Line 135)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://mshersheyfoundation.org/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
mshersheyfoundation.org
ssl.google-analytics.com
104.17.24.14
209.249.147.60
2a00:1450:4001:81d::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2008
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1581f060152a996ba552b20a36ae3cf790a280b7f1ef3680b150becbfefcf2d5
249a10836fdd5c81436e2864383bffb59b14119f34af0d0d265d31964e6f4f6d
26a75b0a4038a3733b0f3f5100d59f312598e105a44a626d18639e08f528132d
2eba67dfa43006e20a1fdb1b6a8a0527e6134abb1484dda02b62c014ff042502
30a5ef6c32499561dbb14b473060ec920e4af35c9cde5c799cf46574bd7e3e63
4a0ab6730f598be6a398c7cd68bae43129c49e2eab25b00d12927bd52457e9f3
4cef6243796e581a486986864ea03536b920dbb8d0833d01a29f48d0a6f2fa48
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54c9337b6ec22f7a9aa2a202c0e7b5c48f7af6115b0206d1d28aa4c66c8311f8
5aac8adec048acddf03781e5cde4a948e4b42fedaf37d4dd15546e91dd0a41f6
658f681dea0418820e56478ab4af0b785307740d29f72aa3ed32de2a8a52a10e
6d1eb211adc9399ec1859a81a10aed38e52c1e53d99fe7e902e5e916f42bf65e
82c7f28a912979611752fce411f8f28dc7744088613a75676847dec91ef489eb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8686782091080b31395a43b904da5e95ddbb1e3399ad23aecf42160fc32829d3
8fddf2a8d35dc5861ad7cde2d1cc2668ec87d3c65a22799b94e7b88e2c2fc9d0
b6cef530185a83454b8a9e7dbc371aa73e0df22a82f532095b41b7cc84f166a9
bd3b6e08d2b335cc8b7444d953fa6a5777787a77d670cdf14b15f9031e6d780f
c9bc9e3d9388e82d5e809cb9170575703e2512704f83289947aca10d62dffc32
d03d0f2581cbe36239f4cc1cc79c14109b1f5720b298acc8ec5d90616d69ed31
d2e01bfb7d80c18bbc17f87a204aa14aac608d11a4950aaf357e07dd92d3c7f1
d74eb2f840e40e8669f74877cc119de5a1a28187a9a7e4d1c7ff8295d553086c
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
f61d038e49ed65485957eda7c361d3692ceafd983b9f6709f45207c13872c532
f6fc1b1cb40fa6158b50d9b2ecdabe85d3d73855fa39f6704e12b3e65a1e2d8c
f72c05899bef88f243774b800861a5d5374374eac545d09d7e5283d156421c19