urlscan.io logo urlscan.io
SecurityTrails logo

www.emser-therme.de Open in urlscan Pro
2a00:116a:101:e0c0::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://halberts.ch/
Effective URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Submission: On December 09 via api from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 47 HTTP transactions. The main IP is 2a00:116a:101:e0c0::, located in Germany and belongs to GODADDY-CGN, DE. The main domain is www.emser-therme.de.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on September 30th 2023. Valid for: a year.
This is the only time www.emser-therme.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

21    2a00:116a:101:e0c0:: (Germany)

ASN60253 (GODADDY-CGN, DE)
halberts.ch
www.emser-therme.de
chat.emser-therme.de
2    2a02:26f0:1700:11::b856:6785 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consent.cookiebot.com
5    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a02:26f0:480:5a6::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consentcdn.cookiebot.com
imgsct.cookiebot.com
9    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
region1.analytics.google.com
2    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.ch
1    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
20 emser-therme.de
www.emser-therme.de
chat.emser-therme.de
1 MB
10 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2189
42 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
375 KB
5 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4340
consentcdn.cookiebot.com — Cisco Umbrella Rank: 4841
imgsct.cookiebot.com — Cisco Umbrella Rank: 5073
117 KB
2 google.ch
www.google.ch — Cisco Umbrella Rank: 30501
515 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2693
www.google.com — Cisco Umbrella Rank: 2
665 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 75
408 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 168
90 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 98
185 B
1 halberts.ch
halberts.ch
134 B
47 10
Domain Requested by
19 www.emser-therme.de 2 redirects www.emser-therme.de
consent.cookiebot.com
9 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
consent.cookiebot.com
5 www.googletagmanager.com www.emser-therme.de
www.googletagmanager.com
www.google-analytics.com
2 www.google.ch
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 connect.facebook.net www.emser-therme.de
connect.facebook.net
2 consentcdn.cookiebot.com consent.cookiebot.com
2 consent.cookiebot.com www.emser-therme.de
consent.cookiebot.com
1 www.facebook.com
1 www.google.com
1 region1.analytics.google.com www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 imgsct.cookiebot.com
1 chat.emser-therme.de www.emser-therme.de
1 halberts.ch 1 redirects
47 15
Subject Issuer Validity Valid
*.emser-therme.de
Starfield Secure Certificate Authority - G2		 2023-09-30 -
2024-09-30		 a year crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-06 -
2024-04-06		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-17 -
2024-04-17		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-09-17 -
2023-12-16		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google.ch
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Frame ID: 3013F5C88F48FDD4DB419E7A83F0532A
Requests: 47 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 0C1C1F976070D248E3409997C1169F03
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Thermen-Restaurant Halberts - gesund und lecker EssenPowered by Cookiebot

Page URL History Show full URLs

  1. https://halberts.ch/ HTTP 302
    https://www.emser-therme.de/de/halberts/ueberblick.html HTTP 301
    https://www.emser-therme.de/halberts/ueberblick.html HTTP 303
    https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

47
Requests

100 %
HTTPS

100 %
IPv6

10
Domains

15
Subdomains

12
IPs

3
Countries

1766 kB
Transfer

4063 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://halberts.ch/ HTTP 302
    https://www.emser-therme.de/de/halberts/ueberblick.html HTTP 301
    https://www.emser-therme.de/halberts/ueberblick.html HTTP 303
    https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request halberts-gesund-und-lecker-essen
www.emser-therme.de/restaurant/
Redirect Chain
  • https://halberts.ch/
  • https://www.emser-therme.de/de/halberts/ueberblick.html
  • https://www.emser-therme.de/halberts/ueberblick.html
  • https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
25 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
53b0bd8f6fa89089f79bab60c00273ab005731f8e2ca3c154bdb2e390b638105
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.com/

Response headers

accept-ch
DPR, Width, Viewport-Width
accept-ranges
bytes
cache-control
max-age=2537737 s-maxage=0
content-encoding
gzip
content-language
de
content-length
7640
content-type
text/html; charset=utf-8
date
Sat, 09 Dec 2023 06:04:07 GMT
expires
Sun, 07 Jan 2024 14:59:44 GMT
pragma
public
server
nginx
vary
Accept-Encoding
x-cache-status
BYPASS
x-content-type-options
nosniff
x-madeby
networker.de // info@networker.de
x-ua-compatible
IE=edge

Redirect headers

cache-control
s-maxage=0
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 09 Dec 2023 06:04:07 GMT
expires
Sat, 09 Dec 2023 06:04:07 GMT
location
https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
server
nginx
x-cache-status
BYPASS
x-content-type-options
nosniff
x-redirect-by
TYPO3 Redirect 55
x-ua-compatible
IE=edge
uc.js
consent.cookiebot.com/ 		108 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e670474d3ff2eb57099f8590c87e2fef7478ba7971bc2d36c2b156ce3fd22c47

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
last-modified
Wed, 29 Nov 2023 14:10:00 GMT
etag
"5c27a8bdcd22da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=319
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
33865
expires
Sat, 09 Dec 2023 06:09:26 GMT
logo-emserTherme.svg
www.emser-therme.de/fileadmin/img/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/img/logo-emserTherme.svg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
9c679ad992d1a879ec18c5cc8f1067091e273069e0f9a0fdf8109e1e3a96d837
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Jan 2020 09:50:48 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
s-maxage=0
accept-ranges
bytes
content-length
2445
expires
Mon, 08 Jan 2024 06:04:07 GMT
csm_Essen_Header_2_0ba05f785d.jpg
www.emser-therme.de/fileadmin/_processed_/0/8/ 		136 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/0/8/csm_Essen_Header_2_0ba05f785d.jpg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
77a0a3b9765f908a797492018562fe3df6d3359dfe46422c457e85f93b1578d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

width
1480
Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Sep 2020 14:39:02 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
139032
expires
Mon, 08 Jan 2024 06:04:07 GMT
csm_Slider_Flammkuchen_2345543e9a.jpg
www.emser-therme.de/fileadmin/_processed_/1/7/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/1/7/csm_Slider_Flammkuchen_2345543e9a.jpg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
25cf4b54a017930625d565d48abc591169e6af1c9ed1fadf296ba91a094de62c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

width
1480
Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Sep 2020 14:39:03 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
164259
expires
Mon, 08 Jan 2024 06:04:07 GMT
emserTherme.css
www.emser-therme.de/fileadmin/emserTherme/css/ 		116 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
6486346001e555545fb15905d239b1e0052f3fbc71e4cbd50bee2e283b460c53
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Nov 2022 08:30:24 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
s-maxage=0
accept-ranges
bytes
content-length
21660
expires
Sun, 08 Dec 2024 06:04:07 GMT
script.php
chat.emser-therme.de/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chat.emser-therme.de/script.php?id=066d9599e6c75794dc42323aa17ed469
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
c21344e7719b8482ac9fa3acf5220d78eeba84ed6dc66f3edb62124ad9249a4c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
js
www.googletagmanager.com/gtag/ 		258 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YBE553RCPW
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f9bdf01119790500be6384870f4301aa8a7e0dbcc54ff907e71725842651d5b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
89716
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 09 Dec 2023 06:04:08 GMT
script.js
www.emser-therme.de/fileadmin/emserTherme/js/ 		567 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/emserTherme/js/script.js?20201109&1683880452
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
82f6aa25ae8a219763490912ea2492fe6d64f6ac6d03adf5f2737479f14ec74f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 May 2023 08:34:12 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=0
accept-ranges
bytes
expires
Sun, 08 Dec 2024 06:04:07 GMT
gtm.js
www.googletagmanager.com/ 		134 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZN583Z
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
70b01eebe4e63d253fed6b39ad7f755d5bc833210bb3ed556f03bcfc26cf79fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
52236
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 09 Dec 2023 06:04:08 GMT
configuration.js
consentcdn.cookiebot.com/consentconfig/77f6dbbe-0381-4c6b-b215-629ed565dc74/emser-therme.de/ 		2 KB
976 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/consentconfig/77f6dbbe-0381-4c6b-b215-629ed565dc74/emser-therme.de/configuration.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:5a6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3fe81e56d590f509e1b113475f6f01eb2babcaf4b420d9b16aecf1f90cc2e1f0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
gzip
last-modified
Sat, 11 Nov 2023 00:08:45 GMT
server
AkamaiNetStorage
etag
"158024fbb2fb57d5ab476191d8fc340a:1699661325.094035"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=63905
cross-origin-resource-policy
cross-origin
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702101848007_35115158_1601045296_51_1093_28_32_146";dur=1
accept-ranges
bytes
content-length
612
expires
Sat, 09 Dec 2023 23:49:13 GMT
cc.js
consent.cookiebot.com/77f6dbbe-0381-4c6b-b215-629ed565dc74/ 		309 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/77f6dbbe-0381-4c6b-b215-629ed565dc74/cc.js?renew=false&referer=www.emser-therme.de&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a07ebfc841db133bd16b29202ad14942fc60207c2a5368fcb2cdbcd679f6c28f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
content-encoding
gzip
last-modified
Sat, 09 Dec 2023 06:04:07 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
csm_19.01_Waffel_031_5aa4da4586.jpg
www.emser-therme.de/fileadmin/_processed_/0/0/ 		67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/0/0/csm_19.01_Waffel_031_5aa4da4586.jpg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
57acc3ca8b687e7ae938fea9c074903a725cc06fa05e3075b42f3481bd98d8c0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 16 Sep 2020 07:21:38 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
68211
expires
Mon, 08 Jan 2024 06:04:07 GMT
csm_18.01.2017_Gastronomie_027_1dd30d9faa.jpg
www.emser-therme.de/fileadmin/_processed_/4/b/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/4/b/csm_18.01.2017_Gastronomie_027_1dd30d9faa.jpg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
17a05ca4850a8e66ed7a124b13b950abc24ad4152d48146e47e1b88641dc42b2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 16 Sep 2020 07:21:41 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
65879
expires
Mon, 08 Jan 2024 06:04:07 GMT
csm_18.01.2017_Gastronomie_098_884b710d68.jpg
www.emser-therme.de/fileadmin/_processed_/8/d/ 		76 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/8/d/csm_18.01.2017_Gastronomie_098_884b710d68.jpg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
d8375de525210c6910d6110601ce1a393f37181d5036533eb17add5aa40b3c30
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Mar 2023 13:17:00 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
77901
expires
Mon, 08 Jan 2024 06:04:07 GMT
emserTherme-ws.svg
www.emser-therme.de/fileadmin/emserTherme/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/emserTherme/img/emserTherme-ws.svg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
34f5d19eda746bf94e699803c2d4127cd80a715930234b3db817dfbabf26780a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 26 Sep 2016 14:41:52 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
s-maxage=0
accept-ranges
bytes
content-length
934
expires
Mon, 08 Jan 2024 06:04:08 GMT
instagram.svg
www.emser-therme.de/fileadmin/img/ 		1 KB
923 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/img/instagram.svg
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
b0c30d37d8e590faf81b6dbe5c9d23fc274a17144cd4a0b3fdeb487a865a039c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Jan 2020 09:50:48 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
s-maxage=0
accept-ranges
bytes
content-length
679
expires
Mon, 08 Jan 2024 06:04:08 GMT
noto-sans-v7-latin-regular.woff2
www.emser-therme.de/fileadmin/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/fonts/noto-sans-v7-latin-regular.woff2
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
3ee26114feb214d4f102e98ad8009b27d374efff10b05095e9bebc8df74c15b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
Origin
https://www.emser-therme.de
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Jan 2020 09:50:48 GMT
server
nginx
x-cache-status
BYPASS
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=0
accept-ranges
bytes
content-length
15572
expires
Mon, 08 Jan 2024 06:04:08 GMT
kannewischer-icons.woff2
www.emser-therme.de/fileadmin/emserTherme/fonts/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/emserTherme/fonts/kannewischer-icons.woff2?23058195
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
78058ce7e5736cc0a7a700369ef4187eff68cbcc5f9f7d7faf2bdc86803fd52d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
Origin
https://www.emser-therme.de
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Jan 2020 09:50:48 GMT
server
nginx
x-cache-status
BYPASS
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=0
accept-ranges
bytes
content-length
5716
expires
Mon, 08 Jan 2024 06:04:08 GMT
noto-sans-v7-latin-700.woff2
www.emser-therme.de/fileadmin/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/fonts/noto-sans-v7-latin-700.woff2
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/fileadmin/emserTherme/css/emserTherme.css?ts=20201021
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
f32325b414fac16d7b02f331d94d282aa099b76a05607557dd5b2fdeba66f5c7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
Origin
https://www.emser-therme.de
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Jan 2020 09:50:48 GMT
server
nginx
x-cache-status
BYPASS
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=0
accept-ranges
bytes
content-length
15628
expires
Mon, 08 Jan 2024 06:04:08 GMT
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 0C1C 		627 B
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:5a6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://www.emser-therme.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.com/

Response headers

accept-ranges
bytes
cache-control
max-age=29563793
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 09 Dec 2023 06:04:08 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Fri, 15 Nov 2024 10:14:01 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1702101848049_35115158_1601045300_14_746_28_0_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
truncated
/ 		293 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
image/png
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZN583Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 09 Dec 2023 05:41:46 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1342
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 09 Dec 2023 07:41:46 GMT
collect
www.google-analytics.com/j/ 		16 B
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=675140712&t=pageview&_s=1&dl=https%3A%2F%2Fwww.emser-therme.de%2Frestaurant%2Fhalberts-gesund-und-lecker-essen&ul=en-us&de=UTF-8&dt=Thermen-Restaurant%20Halberts%20-%20gesund%20und%20lecker%20Essen&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1160974287&gjid=155565513&cid=412424433.1702101848&tid=UA-61876750-1&_gid=82189687.1702101848&_r=1&_slc=1&gtm=45He3bt0n81WZN583Z&gcd=11l1l1l1l1&dma=0&z=1677028011
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
d9df4bfb6436669a89e6015190ece72a850284a2a10e0b69347b6807dad2e64b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
gtm.js
www.googletagmanager.com/ 		177 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WVB7QQC
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
953714e2e62ff297017e26494fa2fd391e62143965a5437aacc396fa0181e134
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
64756
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 09 Dec 2023 06:04:08 GMT
js
www.googletagmanager.com/gtag/ 		258 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YBE553RCPW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZN583Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
30d59dae840f677e0379893b78c692c928f7ac34a0e06016cbe874767faa8923
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
89681
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 09 Dec 2023 06:04:08 GMT
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.emser-therme.de
URL: https://www.emser-therme.de/restaurant/halberts-gesund-und-lecker-essen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 09 Dec 2023 06:04:08 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
vqdZCAscoTUjGouIawNM4nCZM/BeiY98dr93E/3wXOc6PTCHeT7fPK2p3ZLp6Y58bHRvyWTVI47pEDTtdQIwlA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
script.js
www.emser-therme.de/fileadmin/emserTherme/js/ 		567 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.emser-therme.de/fileadmin/emserTherme/js/script.js?20201109&1683880452
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
82f6aa25ae8a219763490912ea2492fe6d64f6ac6d03adf5f2737479f14ec74f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 May 2023 08:34:12 GMT
server
nginx
x-cache-status
BYPASS
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=0
accept-ranges
bytes
expires
Sun, 08 Dec 2024 06:04:08 GMT
1.gif
imgsct.cookiebot.com/ 		35 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=77f6dbbe-0381-4c6b-b215-629ed565dc74
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:5a6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
x-guploader-uploadid
ABPtcPoBGzMZmrlGxf4GGKseq-_5D-vkmJ-HkGZ4wQSyNpnYlMORFiD0ZMWVPGJFB5FS1AtcIBfxUsRu
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
35
last-modified
Mon, 23 Oct 2023 11:39:32 GMT
server
UploadServer
etag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-generation
1698061172769999
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=1800
x-goog-stored-content-length
35
accept-ranges
bytes
content-type
image/gif
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-61876750-1&cid=412424433.1702101848&jid=1160974287&gjid=155565513&_gid=82189687.1702101848&_u=YEBAAEAAAAAAACAAI~&z=2068749933
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3d89d2a833e0c8b73ddaac6d6ec14c4ab06c648ee6574f1b29e9ab8435e2f41e
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		253 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6TLYDE3Y0C&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6d1196cb68ce5b6bc6f7a4d148b9273f728d3d9cfb4c8123dfa0253473ea31e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 06:04:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
86654
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 09 Dec 2023 06:04:08 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 09 Dec 2023 05:41:46 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1342
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 09 Dec 2023 07:41:46 GMT
collect
region1.google-analytics.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-YBE553RCPW&gtm=45je3bt0v895047044z89104242284&_p=1702101847817&gcd=11l1l1l1l1&dma=0&cid=412424433.1702101848&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702101848&sct=1&seg=0&dl=https%3A%2F%2Fwww.emser-therme.de%2Frestaurant%2Fhalberts-gesund-und-lecker-essen&dt=Thermen-Restaurant%20Halberts%20-%20gesund%20und%20lecker%20Essen&en=page_view&_fv=1&_ss=1&tfd=1119
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YBE553RCPW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-6TLYDE3Y0C&gtm=45je3bt0v9136906023&_p=1702101847817&_gaz=1&gcd=11l1l1l1l2&dma=0&gdid=dMWZhNz&ul=en-us&sr=1600x1200&cid=412424433.1702101848&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.emser-therme.de%2Frestaurant%2Fhalberts-gesund-und-lecker-essen&dt=Thermen-Restaurant%20Halberts%20-%20gesund%20und%20lecker%20Essen&sid=1702101848&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1153
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6TLYDE3Y0C&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6TLYDE3Y0C&cid=412424433.1702101848&gtm=45je3bt0v9136906023&aip=1&dma=0&gcd=11l1l1l1l2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6TLYDE3Y0C&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ch/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6TLYDE3Y0C&cid=412424433.1702101848&gtm=45je3bt0v9136906023&aip=1&dma=0&gcd=11l1l1l1l2&z=1555529782
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-61876750-1&cid=412424433.1702101848&jid=1160974287&_u=YEBAAEAAAAAAACAAI~&z=702545079
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ch/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-61876750-1&cid=412424433.1702101848&jid=1160974287&_u=YEBAAEAAAAAAACAAI~&z=702545079
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1345216383095880
connect.facebook.net/signals/config/ 		135 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1345216383095880?v=2.9.138&r=stable&domain=www.emser-therme.de
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
107274f0d7df90151e4b112f6b7ebaab06877186df47aa7bede0b5534dc51318
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 09 Dec 2023 06:04:08 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
l6S6+QRfW39gY6DuPVtN4N5LMxREq8ghLdNlQPnxarpBO+4sy5dhffkp35MRTy/04242tQd7luOrW4Pk8I49EQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1345216383095880&ev=PageView&dl=https%3A%2F%2Fwww.emser-therme.de%2Frestaurant%2Fhalberts-gesund-und-lecker-essen&rl=&if=false&ts=1702101848633&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1702101848632.1195121334&ler=empty&it=1702101848430&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 09 Dec 2023 06:04:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
csm_Essen_Header_2_0ba05f785d.jpg
www.emser-therme.de/fileadmin/_processed_/0/8/ 		136 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/0/8/csm_Essen_Header_2_0ba05f785d.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
77a0a3b9765f908a797492018562fe3df6d3359dfe46422c457e85f93b1578d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Sep 2020 14:39:02 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
139032
expires
Mon, 08 Jan 2024 06:04:09 GMT
csm_Slider_Flammkuchen_2345543e9a.jpg
www.emser-therme.de/fileadmin/_processed_/1/7/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.emser-therme.de/fileadmin/_processed_/1/7/csm_Slider_Flammkuchen_2345543e9a.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:116a:101:e0c0:: , Germany, ASN60253 (GODADDY-CGN, DE),
Reverse DNS
Software
nginx /
Resource Hash
25cf4b54a017930625d565d48abc591169e6af1c9ed1fadf296ba91a094de62c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
viewport-width
1600

Response headers

date
Sat, 09 Dec 2023 06:04:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Sep 2020 14:39:03 GMT
server
nginx
x-cache-status
BYPASS
content-type
image/jpeg
cache-control
s-maxage=0
accept-ranges
bytes
content-length
164259
expires
Mon, 08 Jan 2024 06:04:09 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.google.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Dec 2023 06:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.emser-therme.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| dataLayer object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent object| CookiebotDialog object| CookieConsentDialog object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| gtag function| fbq function| _fbq function| debugLine function| debugSide function| trace function| UGFunctions object| g_ugFunctions function| UGThumbsGeneral function| UGThumbsStrip function| UGTouchThumbsControl function| UGPanelsBase function| UGPanelHandle function| UGStripPanel function| UGGridPanel function| UGThumbsGrid function| UGTiles function| UGTileDesign function| UGAviaControl function| UGSlider function| UGTextPanel function| UGZoomButtonsPanel function| UGBullets function| UGProgressBar function| UGProgressPie function| UGTouchSliderControl function| UGZoomSliderControl function| UGWistiaAPI function| UGSoundCloudAPI function| UGHtml5MediaAPI function| UGVimeoAPI function| UGYoutubeAPI function| UGVideoPlayer object| g_ugYoutubeAPI object| g_ugVimeoAPI object| g_ugHtml5MediaAPI object| g_ugSoundCloudAPI object| g_ugWistiaAPI function| ugCheckForMinJQueryVersion function| ugCheckForErrors function| UniteGalleryMain function| UGLightbox function| UGCarousel function| UGTabs function| UG_API function| UGTheme_tiles function| sendEvent function| uuid object| eventTrigger object| pdfLinks object| forms boolean| formAbort object| formSettings function| $ function| jQuery function| Swiper number| CB_jQueryHoldReadyStarted function| onYouTubeIframeAPIReady number| CB_OnTagsExecuted_Processed function| addEventListenerBase

6 Cookies

Domain/Path Name / Value
.emser-therme.de/ Name: _gid
Value: GA1.2.82189687.1702101848
.emser-therme.de/ Name: _gat_UA-61876750-1
Value: 1
.emser-therme.de/ Name: _ga_YBE553RCPW
Value: GS1.1.1702101848.1.0.1702101848.0.0.0
.emser-therme.de/ Name: _ga
Value: GA1.1.412424433.1702101848
.emser-therme.de/ Name: _ga_6TLYDE3Y0C
Value: GS1.2.1702101848.1.0.1702101848.60.0.0
.emser-therme.de/ Name: _fbp
Value: fb.1.1702101848632.1195121334

1 Console Messages

Source Level URL
Text
other warning URL: https://connect.facebook.net/signals/config/1345216383095880?v=2.9.138&r=stable&domain=www.emser-therme.de(Line 132)
Message:
Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

chat.emser-therme.de
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
halberts.ch
imgsct.cookiebot.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
www.emser-therme.de
www.facebook.com
www.google-analytics.com
www.google.ch
www.google.com
www.googletagmanager.com
2001:4860:4802:34::36
2a00:116a:101:e0c0::
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2008
2a00:1450:4001:811::2003
2a00:1450:4001:82a::200e
2a00:1450:400c:c00::9c
2a02:26f0:1700:11::b856:6785
2a02:26f0:480:5a6::f09
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
107274f0d7df90151e4b112f6b7ebaab06877186df47aa7bede0b5534dc51318
17a05ca4850a8e66ed7a124b13b950abc24ad4152d48146e47e1b88641dc42b2
25cf4b54a017930625d565d48abc591169e6af1c9ed1fadf296ba91a094de62c
30d59dae840f677e0379893b78c692c928f7ac34a0e06016cbe874767faa8923
34f5d19eda746bf94e699803c2d4127cd80a715930234b3db817dfbabf26780a
3d89d2a833e0c8b73ddaac6d6ec14c4ab06c648ee6574f1b29e9ab8435e2f41e
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3ee26114feb214d4f102e98ad8009b27d374efff10b05095e9bebc8df74c15b9
3fe81e56d590f509e1b113475f6f01eb2babcaf4b420d9b16aecf1f90cc2e1f0
53b0bd8f6fa89089f79bab60c00273ab005731f8e2ca3c154bdb2e390b638105
57acc3ca8b687e7ae938fea9c074903a725cc06fa05e3075b42f3481bd98d8c0
6486346001e555545fb15905d239b1e0052f3fbc71e4cbd50bee2e283b460c53
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d1196cb68ce5b6bc6f7a4d148b9273f728d3d9cfb4c8123dfa0253473ea31e6
70b01eebe4e63d253fed6b39ad7f755d5bc833210bb3ed556f03bcfc26cf79fb
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
77a0a3b9765f908a797492018562fe3df6d3359dfe46422c457e85f93b1578d3
78058ce7e5736cc0a7a700369ef4187eff68cbcc5f9f7d7faf2bdc86803fd52d
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
82f6aa25ae8a219763490912ea2492fe6d64f6ac6d03adf5f2737479f14ec74f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
953714e2e62ff297017e26494fa2fd391e62143965a5437aacc396fa0181e134
9c679ad992d1a879ec18c5cc8f1067091e273069e0f9a0fdf8109e1e3a96d837
a07ebfc841db133bd16b29202ad14942fc60207c2a5368fcb2cdbcd679f6c28f
b0c30d37d8e590faf81b6dbe5c9d23fc274a17144cd4a0b3fdeb487a865a039c
c21344e7719b8482ac9fa3acf5220d78eeba84ed6dc66f3edb62124ad9249a4c
d8375de525210c6910d6110601ce1a393f37181d5036533eb17add5aa40b3c30
d9df4bfb6436669a89e6015190ece72a850284a2a10e0b69347b6807dad2e64b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e670474d3ff2eb57099f8590c87e2fef7478ba7971bc2d36c2b156ce3fd22c47
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f32325b414fac16d7b02f331d94d282aa099b76a05607557dd5b2fdeba66f5c7
f9bdf01119790500be6384870f4301aa8a7e0dbcc54ff907e71725842651d5b8