URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Submission: On March 20 via api from US — Scanned from DE

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 72 HTTP transactions. The main IP is 18.66.147.98, located in United States and belongs to AMAZON-02, US. The main domain is www.mercaden-boeblingen.de.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 13th 2024. Valid for: a year.
This is the only time www.mercaden-boeblingen.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
38 mercaden-boeblingen.de
www.mercaden-boeblingen.de
581 KB
12 cdnpservers.net
sonaesierracms-v2.cdnpservers.net
115 KB
5 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 5029
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5632
imgsct.cookiebot.com — Cisco Umbrella Rank: 6210
112 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
region1.google-analytics.com — Cisco Umbrella Rank: 1728
42 KB
4 gstatic.com
fonts.gstatic.com
www.gstatic.com
243 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
250 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 5
2 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 78
69 KB
1 sonaesierra.info
s.sonaesierra.info
504 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
72 10
Domain Requested by
38 www.mercaden-boeblingen.de www.mercaden-boeblingen.de
consent.cookiebot.com
12 sonaesierracms-v2.cdnpservers.net www.mercaden-boeblingen.de
3 www.google-analytics.com www.googletagmanager.com
consent.cookiebot.com
3 fonts.gstatic.com fonts.googleapis.com
3 www.googletagmanager.com www.mercaden-boeblingen.de
www.googletagmanager.com
consent.cookiebot.com
2 consentcdn.cookiebot.com consent.cookiebot.com
2 www.google.com www.mercaden-boeblingen.de
consent.cookiebot.com
2 consent.cookiebot.com www.mercaden-boeblingen.de
consent.cookiebot.com
2 www.youtube.com www.mercaden-boeblingen.de
www.youtube.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 imgsct.cookiebot.com
1 s.sonaesierra.info www.mercaden-boeblingen.de
1 fonts.googleapis.com www.mercaden-boeblingen.de
72 14
Subject Issuer Validity Valid
*.sonaesierra.org
Amazon RSA 2048 M02
2024-03-13 -
2025-04-11
a year crt.sh
*.google.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-28 -
2025-02-27
a year crt.sh
*.cdnpservers.net
Amazon RSA 2048 M01
2023-09-14 -
2024-10-13
a year crt.sh
www.google.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-26 -
2025-02-26
a year crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-26 -
2024-05-20
3 months crt.sh
sonaesierra.info
E1
2024-02-16 -
2024-05-16
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Frame ID: BF402517BB92DD8AB3008BE573AAC499
Requests: 71 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 8AE8028A94BA2D006899AECA625B88A4
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Hair Express - Mercaden Boeblingen

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • piwik\.js|piwik\.php

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

72
Requests

100 %
HTTPS

92 %
IPv6

10
Domains

14
Subdomains

13
IPs

2
Countries

1416 kB
Transfer

4075 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

72 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.mercaden-boeblingen.de/geschafte/hair-express/
53 KB
15 KB
Document
General
Full URL
https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
884f8d18f46e5a8349e3c64210d3987baac1f693c91e52031bafbe177f85e381
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
22
cache-control
public, max-age=120
content-encoding
gzip
content-length
12609
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
content-type
text/html; charset=UTF-8
date
Wed, 20 Mar 2024 00:02:13 GMT
last-modified
Wed, 20 Mar 2024 00:02:13 GMT
link
<https://www.mercaden-boeblingen.de/wp-json/>; rel="https://api.w.org/", <https://www.mercaden-boeblingen.de/wp-json/wp/v2/store/5406>; rel="alternate"; type="application/json"
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-cf-id
NqCrpWDN2xyHeQUd6NAq1m6SsFLLXonEOY_3Nn14nZxyWweoYzrf4Q==
x-amz-cf-pop
FRA60-P4
x-cache
Hit from cloudfront
x-cache-cms
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-req-host
www.mercaden-boeblingen.de
x-req-url
/geschafte/hair-express/
x-xss-protection
1; mode=block
style.min.css
www.mercaden-boeblingen.de/wp-includes/css/dist/block-library/
102 KB
16 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/css/dist/block-library/style.min.css?ver=6.3.1
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:28 GMT
x-amz-cf-pop
FRA60-P4
age
6017
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
13841
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:55 GMT
etag
"19824-60b7580899a47-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/css/dist/block-library/style.min.css?ver=6.3.1
x-amz-cf-id
stwdrdf8rGLKBxq6CYwU_FXGjYhS2WUpF3bd25jSL-jD9-MImqcu5w==
expires
Tue, 19 Mar 2024 23:22:18 GMT
mediaelementplayer-legacy.min.css
www.mercaden-boeblingen.de/wp-includes/js/mediaelement/
11 KB
5 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
2592
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"2bf8-60b758092e532-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
x-amz-cf-id
9iDSlM8VOU_K09_y3qVY6tVlb6Zif0qKM772IXqiv-oALg1bJlyMyA==
expires
Tue, 19 Mar 2024 23:58:36 GMT
wp-mediaelement.min.css
www.mercaden-boeblingen.de/wp-includes/js/mediaelement/
4 KB
3 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.3.1
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:28 GMT
x-amz-cf-pop
FRA60-P4
age
6017
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
1156
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 25 Jun 2020 00:59:33 GMT
etag
"105a-5a8de1b0c9f54-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.3.1
x-amz-cf-id
_V-NEGnEz3vRtBaPXWZ1fDg0ADkqgmKs8vdim_Wct9xW6SiGuBb6Kg==
expires
Tue, 19 Mar 2024 23:22:18 GMT
santapress-public-all.min.css
www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/css/
30 KB
8 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/css/santapress-public-all.min.css?ver=1.5.2
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
73d2c831aa2825d5d1e3303f8f08707b11467c58881b1050d05b16ce2b08cb32
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:28 GMT
x-amz-cf-pop
FRA60-P4
age
6017
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
5778
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 30 Nov 2023 23:28:05 GMT
etag
"76c0-60b6700eefc68-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/santapress/public/css/santapress-public-all.min.css?ver=1.5.2
x-amz-cf-id
4mAbmyKgzQA0fEkIKi8ZbutjnzEZYB-Aol8YXBlE54zzzGxKSIO0aQ==
expires
Tue, 19 Mar 2024 23:22:18 GMT
smartbanner.css
www.mercaden-boeblingen.de/wp-content/plugins/sierra-mobile/public/css/
27 B
2 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-mobile/public/css/smartbanner.css?ver=1.0.1
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
51c69ff3e1d02281ed0c5cf123e217e889f7e26ca6339dfbd73378357e32258f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
date
Tue, 19 Mar 2024 23:17:11 GMT
x-amz-cf-pop
FRA60-P4
age
5407
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
27
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 25 Jun 2020 00:59:22 GMT
etag
"1b-5a8de1a5d1268"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-mobile/public/css/smartbanner.css?ver=1.0.1
x-amz-cf-id
Ry3C4NO6mcQRNTfz9knhn9STI7gv0Oi-px_CZBWnr5xQiCdTPC_jNQ==
expires
Tue, 19 Mar 2024 23:32:28 GMT
products-public.css
www.mercaden-boeblingen.de/wp-content/plugins/sierra-products/public/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-products/public/css/products-public.css?ver=2.4.0
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
686434b563920599701ef91b5791295c4a687b2a4754c82612fbd684b568f742
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
1006
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 25 Jun 2020 00:59:22 GMT
etag
"d94-5a8de1a6b4afe-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-products/public/css/products-public.css?ver=2.4.0
x-amz-cf-id
wB-bF9HYTfYBPFsB6Fgt-eaSXIB_xF3LO8AyxiiiWktDvHdWWH3L8Q==
expires
Wed, 20 Mar 2024 00:51:52 GMT
main-d2acff621e.min.css
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/
395 KB
56 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
dcf976d85eeb8dd399479c74ec436db8f674cf02f2f9d32e9a82198ceb67a8e9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
55526
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 14 Mar 2024 21:38:45 GMT
etag
"62dd5-613a5b73e9b39-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
x-amz-cf-id
dqN70pns24a1iCjV8wCH57dDrrAbacF0Iw-zks04GWOWfQd6hD_9JQ==
expires
Tue, 19 Mar 2024 23:58:36 GMT
style.min.css
www.mercaden-boeblingen.de/wp-content/plugins/video-conferencing-with-zoom-api/assets/public/css/
16 KB
5 KB
Stylesheet
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/video-conferencing-with-zoom-api/assets/public/css/style.min.css?ver=4.3.2
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
3419f9d6689f68e7bab5bbbd11b511e1b5c75872bd6f526501110bff277b5422
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:17:11 GMT
x-amz-cf-pop
FRA60-P4
age
5407
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
2825
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:50 GMT
etag
"406e-60b7580376350-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/video-conferencing-with-zoom-api/assets/public/css/style.min.css?ver=4.3.2
x-amz-cf-id
yepFhJ1m1asLDoEZaMhb7h-TrqgTIsJNBeEGsMAjitEenFUL5i0Iyg==
expires
Tue, 19 Mar 2024 23:32:28 GMT
jquery.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/
85 KB
32 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
30343
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"155ba-60b7580926062-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
x-amz-cf-id
fUCXluBA77tp2Ma2ki8MEQnN5ZL3aYUClJ9dirudKaoSJe4KnwKRIw==
expires
Wed, 20 Mar 2024 00:51:52 GMT
jquery-migrate.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/
13 KB
7 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
4872
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"3509-60b75809248f2-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
x-amz-cf-id
CjHRsx8cHLxhsO8KbA03H2IT_vevftavstXocySVQLNNd6YeukTmSw==
expires
Wed, 20 Mar 2024 00:51:52 GMT
sierra-mobile-public.js
www.mercaden-boeblingen.de/wp-content/plugins/sierra-mobile/public/js/
24 KB
11 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-mobile/public/js/sierra-mobile-public.js?ver=1.0.1
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
8f27c9a85a821a7e74b3c837349a3d82956d2412d5287307109b3881e0faf644
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
9400
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 13 Dec 2023 23:17:15 GMT
etag
"5e63-60c6c5e284143-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-mobile/public/js/sierra-mobile-public.js?ver=1.0.1
x-amz-cf-id
ngptGbdBYhXS1z2kqyIlrZgcxmg6xAxsFdUQ9AQdvMtwPunVOgsgIQ==
expires
Wed, 20 Mar 2024 00:51:52 GMT
player_api
www.youtube.com/
993 B
2 KB
Script
General
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5bb22e81453d6b69b10d640ba35b9a6ff3cc402d23e8b034bb3a1f1cee362084
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Wed, 20 Mar 2024 00:02:35 GMT
uc.js
consent.cookiebot.com/
109 KB
34 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
341f707ebe00267db1fd017fe3c780ce991dc4b271e94e2bcd1b0988eb1db06a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
last-modified
Mon, 11 Mar 2024 10:50:26 GMT
etag
"92efefeca173da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=1047
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
34338
expires
Wed, 20 Mar 2024 00:20:02 GMT
e1569acd-a91c-42ed-8916-eb579d8db7ad.hair-express.png
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
3 KB
4 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/e1569acd-a91c-42ed-8916-eb579d8db7ad.hair-express.png
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7460fb7fce57c88e340c7f3cf99e429b60ed5a2462010c987e711131da170c43
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 13:19:43 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
38572
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
3029
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 05 Aug 2019 15:45:17 GMT
etag
"c2f-58f60983db2f0-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/e1569acd-a91c-42ed-8916-eb579d8db7ad.hair-express.png
x-amz-cf-id
F8VUUfln05MZnN1Tya_yr1hIuxvudWTQV4Z77d8DJ9IQb4njBRY5Ig==
expires
Tue, 19 Mar 2024 14:19:43 GMT
beleza-e-saude.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/02/
26 KB
27 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/02/beleza-e-saude.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
46621d9a367db3fec21613e3ded8094f3297e12769c6c0e814597d9cc5e07f94
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 13:14:49 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
39980
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
26706
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Tue, 11 Apr 2023 11:13:37 GMT
etag
"688d-5f90d95462ea8-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2023/02/beleza-e-saude.jpg
x-amz-cf-id
qzxChfQqNANtpGBBToGEH60fR9yevBktBb8xFLKtAbr-8AqNDs1nWA==
expires
Tue, 19 Mar 2024 13:56:14 GMT
popup-gravity-forms.js
www.mercaden-boeblingen.de/wp-content/plugins/sierra-forms/src/scripts/
392 B
2 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-forms/src/scripts/popup-gravity-forms.js?ver=2020.11.25
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
942c808c90eeef73cabc505634ff2f39b7f17f70ccbdb75ccf9f1f755c74a028
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:28 GMT
x-amz-cf-pop
FRA60-P4
age
5407
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
279
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 01 Nov 2021 22:21:42 GMT
etag
"188-5cfc199f465a7-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-forms/src/scripts/popup-gravity-forms.js?ver=2020.11.25
x-amz-cf-id
1BN6TA-sLddr2wbXxD2ZAHZ7xUmjQrd94zc4v6iCBZlvrmK_tDWRYw==
expires
Tue, 19 Mar 2024 23:32:28 GMT
santapress-public-all.min.js
www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/js/
10 KB
5 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/js/santapress-public-all.min.js?ver=1.5.2
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
88068273b6d7a7d5ef2e2e04374c8f3cc3ee9b10116beb66a4848d31a1eaa80f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
3174
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 30 Nov 2023 23:28:05 GMT
etag
"296d-60b6700f41ce8-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/santapress/public/js/santapress-public-all.min.js?ver=1.5.2
x-amz-cf-id
p1pbQhETLsqP0675uo8JCpghq7o5Q-Rb2eJPle6tqaezxae2N-Nwng==
expires
Wed, 20 Mar 2024 00:51:52 GMT
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9be27582bb35a57e3e78487af6c35f2ecf7def838a52e7e50234f97cb8bf2d7c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 20 Mar 2024 00:02:35 GMT
charts.js
www.mercaden-boeblingen.de/wp-content/plugins/sierra-capacity-chart/src/scripts/
221 KB
71 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-capacity-chart/src/scripts/charts.js?ver=2020.10.21
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
780fb2721eeddf53a3897b377d85348968e7f47bd732208b9ae9cfd86a608689
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:43:26 GMT
x-amz-cf-pop
FRA60-P4
age
4749
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
70156
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Tue, 27 Oct 2020 09:45:22 GMT
etag
"374c0-5b2a3e7d81f24-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-capacity-chart/src/scripts/charts.js?ver=2020.10.21
x-amz-cf-id
DApjDwRpmWBNQMVzynkNvMkxPkwfXqWjII94Z8xCyvAld2g1IWoTIA==
expires
Tue, 19 Mar 2024 23:43:26 GMT
core.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/
21 KB
9 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
7099
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"53be-60b7580926832-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
x-amz-cf-id
88YUy94Ho7nJoU4hjeMpWMZ4gbbr4XNCemGf0c_g76Ah-Uv42EGt_g==
expires
Tue, 19 Mar 2024 23:58:36 GMT
datepicker.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/
36 KB
13 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
10893
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"8f79-60b75809273ea-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
x-amz-cf-id
JopknbZ3fL4hlSxn_OlK985lqmkO_ts_uwA_1MvDxfN9TtQ-jiByxQ==
expires
Tue, 19 Mar 2024 23:58:36 GMT
vendor-1852fb9807.min.js
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/
191 KB
58 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/vendor-1852fb9807.min.js
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
125ecbab83c47f94b78cd89a3174cb06333b8fac88243b04692e721f5c1016d8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:29 GMT
x-amz-cf-pop
FRA60-P4
age
5406
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
57759
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 27 Sep 2023 21:55:06 GMT
etag
"2fdd5-6065e3e8f8867-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/js/vendor-1852fb9807.min.js
x-amz-cf-id
XkaXBn8CGJoT3PGh0wy4wScY7dSI9ClLLo7wMgrWSn4mwl9U4KjSPw==
expires
Tue, 19 Mar 2024 23:32:29 GMT
main-e9137c87b2.min.js
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/
94 KB
28 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/main-e9137c87b2.min.js
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
07fc3e9506d212709f0b4d98a3d20f89b39e28d96f461ae8412cef3d47547216
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
26794
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 14 Mar 2024 21:38:45 GMT
etag
"1791d-613a5b73fdf71-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/js/main-e9137c87b2.min.js
x-amz-cf-id
3BB_Za7KtWKUBwRbV4lUbCrlmWRHqTo5JKSytX-FKG1Mif5flN6vxw==
expires
Tue, 19 Mar 2024 23:58:36 GMT
css2
fonts.googleapis.com/
30 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1c7510cd1ecdcdbaf8d47f7e32f1ef6d2606f379c10cc95581e302cb148d95a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 19 Mar 2024 22:37:58 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Mar 2024 00:02:35 GMT
www-widgetapi.js
www.youtube.com/s/player/589f1394/www-widgetapi.vflset/
216 KB
67 KB
Script
General
Full URL
https://www.youtube.com/s/player/589f1394/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/player_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3aa0d66887bc53fa2c3aae867f345f2765cd72da482bf5b297fedcdc56259f21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 22:13:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
6528
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68373
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 04:21:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 19 Mar 2025 22:13:47 GMT
matomo.js
www.mercaden-boeblingen.de/matomo/
65 KB
22 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/matomo/matomo.js
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33 /
Resource Hash
a98bcbffd5d9ea7bf01dfdc4d0b7f0c75bfcefffa62a51e237082f7d05d18987

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 04:35:17 GMT
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified
Wed, 15 Feb 2023 15:40:20 GMT
server
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
x-amz-cf-pop
FRA60-P4
age
70064
etag
W/"10300-5f4bee5cfec37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
qwl0uEllrhwu-kjwxg9OF-UM6yWfDRyIEwZJkAU3PA1oaK_zs0a_Eg==
gtm.js
www.googletagmanager.com/
234 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-554FGSN
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fc585ff2b14d773735862f4da5d85e7b9e13003115d2974928cf3b26afa4100d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81538
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 20 Mar 2024 00:02:35 GMT
configuration.js
consentcdn.cookiebot.com/consentconfig/40b805a8-a230-4134-96aa-09c56951930b/mercaden-boeblingen.de/
2 KB
874 B
Script
General
Full URL
https://consentcdn.cookiebot.com/consentconfig/40b805a8-a230-4134-96aa-09c56951930b/mercaden-boeblingen.de/configuration.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8178c066755eed955c80bcf3e50ce55c6c41ceec136925a2366f0ff59b96aa43

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
last-modified
Fri, 15 Mar 2024 14:01:57 GMT
server
AkamaiNetStorage
etag
"5020c79de67a1917292cd0639ea16036:1710511317.450147"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=19283
cross-origin-resource-policy
cross-origin
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1710892955260_388276619_1546338563_16_574_6_8_146";dur=1
accept-ranges
bytes
content-length
511
expires
Wed, 20 Mar 2024 05:23:58 GMT
cc.js
consent.cookiebot.com/40b805a8-a230-4134-96aa-09c56951930b/
281 KB
76 KB
Script
General
Full URL
https://consent.cookiebot.com/40b805a8-a230-4134-96aa-09c56951930b/cc.js?renew=false&referer=www.mercaden-boeblingen.de&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
260697fe72934dc499471d3fce5a1d09e2337a2ea41eaded44a8882b6c728b48

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
last-modified
Wed, 20 Mar 2024 00:02:35 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
mercaden-logo-weiss-e1682520171640.png
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/04/
17 KB
17 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/04/mercaden-logo-weiss-e1682520171640.png
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c0b9d73b38a7522c8c96eb7a9541c3767456ff575c9b55d681397132e44409fb
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 05:23:30 GMT
x-amz-cf-pop
FRA56-P9
age
67145
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
16516
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 26 Apr 2023 14:45:29 GMT
etag
"4316-5fa3e4a8be218-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2023/04/mercaden-logo-weiss-e1682520171640.png
x-amz-cf-id
5t3Z2lyvLW0MHji5VAr65y1guOJ9fMVbNdFBn2vM_-2SrTFvoUlv_Q==
expires
Tue, 19 Mar 2024 06:23:30 GMT
search-white.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
574 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/search-white.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
d6b98ea78112f5c3e1cf859feecafbaa2e98f66826a88a488347246e53cfa4e0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
321
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"23e-5f05e8a81ab89-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/search-white.svg
x-amz-cf-id
-zxNF9kTIbTV1DPt6mcdf7hya529za5CUYjFZpceqOhdGg9F0afsCg==
expires
Wed, 20 Mar 2024 00:51:52 GMT
facebook.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/social/
378 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/social/facebook.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
321dbc58b66d060771e8aa337251f86f52bf72446db419cb9a1317181b1002b7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:17:13 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
255
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"17a-5f05e8a830731-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/social/facebook.svg
x-amz-cf-id
ltGLfS_xUyivXMWgB77XvibWwKETkUPiLj5uczYYoEbnDuRizt7vFA==
expires
Tue, 19 Mar 2024 23:58:36 GMT
instagram.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/social/
1 KB
3 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/social/instagram.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
7f1d8f42d73d428a1f6023b224df693bae605cf2ab7b711dbc58442c54e28be6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:36 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
588
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"576-5f05e8a830731-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/social/instagram.svg
x-amz-cf-id
XPC2DdiTNMvTiTQivlvf10a9DKWaInZn0yzFaKOX2khNuRi0YR3ZdA==
expires
Tue, 19 Mar 2024 23:58:36 GMT
clock-white.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/status/
418 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/status/clock-white.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
8c5ff22c57348cc2736fd54f88b1c348c763773656b1ea179b9f8000df8c7f6d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Wed, 20 Mar 2024 00:02:14 GMT
x-amz-cf-pop
FRA60-P4
age
21
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
263
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"1a2-5f05e8a830731-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/status/clock-white.svg
x-amz-cf-id
ofTxf4enCpesO9B7-awVpksHEAkryAHYHSriYozwI5dM6sRIHCohyg==
expires
Wed, 20 Mar 2024 01:02:14 GMT
arrow-left.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
335 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/arrow-left.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
014e6991ed5a8556286d740753c217bb809e52a23299a55da1e920e569afd924
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:53:56 GMT
x-amz-cf-pop
FRA60-P4
age
519
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
230
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"14f-5f05e8a805f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/arrow-left.svg
x-amz-cf-id
FWGTn-c07nfCyJv9IYsg3ff8OqB_u2HSHyeI8mtghJCP6qPs0tJCFg==
expires
Wed, 20 Mar 2024 00:53:56 GMT
arrow-right.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
334 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/arrow-right.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
86d2eaff99541321e05447bb59f38337e6f880b8f6b62622058943489f105830
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:29 GMT
x-amz-cf-pop
FRA60-P4
age
5406
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
229
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"14e-5f05e8a806368-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/arrow-right.svg
x-amz-cf-id
-fQFbFtqNjNJztskSeMPABE_DSVscf8yKjg7KPE1RPlUr1xzXaiEvQ==
expires
Tue, 19 Mar 2024 23:32:29 GMT
4be86426-db25-4b93-be8f-87fe25d496c0.Beautybyhacer-170x170.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/12/
3 KB
4 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/12/4be86426-db25-4b93-be8f-87fe25d496c0.Beautybyhacer-170x170.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
868ea2d3b1aa1e16f9ffb2c91039ae42563c6b8f5f0cbe671a8547ebbceab18f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 13:19:43 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
38572
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
2961
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 21 Dec 2023 05:47:38 GMT
etag
"be8-60cfea3261768-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2023/12/4be86426-db25-4b93-be8f-87fe25d496c0.Beautybyhacer-170x170.jpg
x-amz-cf-id
nFPfvMCWTKVM-5LpV0WuyK5xSpG5eSnLuCscC2k0GNFPoKgL9d2nEw==
expires
Tue, 19 Mar 2024 14:19:43 GMT
527ce089-8f5f-4861-b6f3-63f6a321754d.180117-bbc-logo-fotofix-0001_1.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
6 KB
6 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/527ce089-8f5f-4861-b6f3-63f6a321754d.180117-bbc-logo-fotofix-0001_1.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5b98549ced47813dce00649b7963bca2bd82a29a8395cce51a87aadf71399dde
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 09:32:07 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
52228
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
5784
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 05 Aug 2019 15:45:18 GMT
etag
"1736-58f60984b4398-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/527ce089-8f5f-4861-b6f3-63f6a321754d.180117-bbc-logo-fotofix-0001_1.jpg
x-amz-cf-id
26KEO2RWyxmr8cq-Oz_WXTkaPzPKjwZY0opQUGNfOTCNMe38UHV5RA==
expires
Tue, 19 Mar 2024 10:32:07 GMT
2a31f5e6-ccef-4941-aff6-8cffb477185e.Unbenannt-1-170x170.png
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/04/
3 KB
3 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2023/04/2a31f5e6-ccef-4941-aff6-8cffb477185e.Unbenannt-1-170x170.png
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0bfce8a94a17481e074f61bf69f44000e184b1244543eff80a97a483a8b049a7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 07:32:38 GMT
x-amz-cf-pop
FRA56-P9
age
59397
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
2622
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 12 Apr 2023 05:58:28 GMT
etag
"c2c-5f91d4c02d498-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2023/04/2a31f5e6-ccef-4941-aff6-8cffb477185e.Unbenannt-1-170x170.png
x-amz-cf-id
43nLXFqaBBbOOP6peaNkWiZZOf2CjRvtgTMSotJaCSW8-YP-tjdPiQ==
expires
Tue, 19 Mar 2024 08:32:38 GMT
82b78642-6773-4b8a-9fe0-771f333446a3.kiddieland.png
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
5 KB
5 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/82b78642-6773-4b8a-9fe0-771f333446a3.kiddieland.png
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b98d45b43eb72c33bab171f28da46a0d47981c5beb8429020a6ab04ca651f85b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 07:32:38 GMT
x-amz-cf-pop
FRA56-P9
age
59397
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
4601
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Aug 2019 08:07:07 GMT
etag
"125e-5909c0f331080-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/82b78642-6773-4b8a-9fe0-771f333446a3.kiddieland.png
x-amz-cf-id
XGXADtWxXwqXjxyCDACBqrmkA6A4-89C_hTTqTseABZbMnkKmJcKlg==
expires
Tue, 19 Mar 2024 08:32:38 GMT
a2866cc6-ab12-45eb-946b-db09132398d1.ksk-bb.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
5 KB
6 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/a2866cc6-ab12-45eb-946b-db09132398d1.ksk-bb.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
721be71a7703cd082857051e9b94044d0c9a5e23b36e2912c675dbb80f2e7a5d
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 07:32:38 GMT
x-amz-cf-pop
FRA56-P9
age
59397
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
4992
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 05 Aug 2019 15:51:49 GMT
etag
"13fb-58f60af9b9638-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/a2866cc6-ab12-45eb-946b-db09132398d1.ksk-bb.jpg
x-amz-cf-id
VSxMMEuBklNoV7Dw47xsU2RTKIbQiAabNmeg2FGF-QNQYYAN2k4Z-g==
expires
Tue, 19 Mar 2024 08:32:38 GMT
de9b4195-7ad8-4c26-8895-fca5d57f637f.SmartPunkt560x560.png
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2021/03/
24 KB
23 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2021/03/de9b4195-7ad8-4c26-8895-fca5d57f637f.SmartPunkt560x560.png
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
859a325a2410a6a83e7a2801b506d97b75f4df1c896e448e26efd650631597f0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 12:56:14 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
39981
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
23197
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 18 Mar 2021 06:37:02 GMT
etag
"6100-5bdc9d3bdbe28-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2021/03/de9b4195-7ad8-4c26-8895-fca5d57f637f.SmartPunkt560x560.png
x-amz-cf-id
NuMKlIMMDzCFZCoMoqXqSp1noe9DTnA82JLE01qgHm2v_CzpMHZtoA==
expires
Tue, 19 Mar 2024 13:56:14 GMT
d86ba32f-bd24-418d-98fd-cd0c278885ff.service.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
9 KB
10 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/d86ba32f-bd24-418d-98fd-cd0c278885ff.service.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
390211945212261d2eb78a99b35d4308bcec43c84e5db30c1f7752963578614c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 09:32:08 GMT
x-amz-cf-pop
FRA56-P9
age
52227
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
9085
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 05 Aug 2019 15:52:13 GMT
etag
"23d6-58f60b106b728-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/d86ba32f-bd24-418d-98fd-cd0c278885ff.service.jpg
x-amz-cf-id
btGa4vaxauxgA02swdKjyeFQZ5Gdft_MnG0fqpALlhKuP-FY1dI7aA==
expires
Tue, 19 Mar 2024 10:32:08 GMT
bd714ec0-fd2c-4ce5-8d09-20aa334cfb83.stylenails.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
4 KB
4 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/bd714ec0-fd2c-4ce5-8d09-20aa334cfb83.stylenails.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4b3cd40a761ec198c83e3e2b0cae89c3d1bf2b62910b7f8414c9a8e5fb9f8b54
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 Mar 2024 07:55:42 GMT
x-amz-cf-pop
FRA56-P9
age
58013
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
3844
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 28 Aug 2019 17:30:47 GMT
etag
"f8a-59130bfe3eaa0-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/bd714ec0-fd2c-4ce5-8d09-20aa334cfb83.stylenails.jpg
x-amz-cf-id
_pyXwKUTamnKzSjCYqy-cE2-WSxZXpGG4CxsGEi1uhV7QMFPfnRFgw==
expires
Tue, 19 Mar 2024 08:55:42 GMT
97c7f163-17a1-420c-9b49-810257ba0242.volksbank.jpg
sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/
6 KB
7 KB
Image
General
Full URL
https://sonaesierracms-v2.cdnpservers.net/wp-content/uploads/sites/56/2019/08/97c7f163-17a1-420c-9b49-810257ba0242.volksbank.jpg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:5e00:10:8660:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
103cefe04cc37e4683eb88e695bbe5c190b38ae2d9a08ac0f0e2e01ab4900f68
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mercaden-boeblingen.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 12:20:29 GMT
content-encoding
gzip
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *;
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P9
age
42126
x-req-host
sonaesierracms-v2.cdnpservers.net
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
5994
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 05 Aug 2019 15:52:41 GMT
etag
"17f4-58f60b2b02168-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/uploads/sites/56/2019/08/97c7f163-17a1-420c-9b49-810257ba0242.volksbank.jpg
x-amz-cf-id
PaiDXTR0WGjuJTX6fKvrnwBEXtGf8PZKOETYkLlv97lyqZxYqK8FBQ==
expires
Tue, 19 Mar 2024 13:20:29 GMT
phone-white.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
8 KB
5 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/phone-white.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
73dcbc1e0377a7f17bd4c87d7f4c942a3ad770e5ba12e3aeda645a8a1d756a23
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:29 GMT
x-amz-cf-pop
FRA60-P4
age
5406
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
3020
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"2120-5f05e8a81a7a1-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/phone-white.svg
x-amz-cf-id
X9BQB14Lvbd4doF_OB40SYDhNpDUNTjmnWhsGeeY9rH_Of2ohgzs2Q==
expires
Tue, 19 Mar 2024 23:32:29 GMT
info.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
584 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/info.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
0ef3cd3380ed6509e2f997139e6fc3c33ddab14e66bac42bcaae7b0eef862ba4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:57 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
292
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"248-5f05e8a810778-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/info.svg
x-amz-cf-id
o6Tp5GEJwkdP4Hlr664pR4_N4GBSjO_-t7alfRS7hqdqC4bzdfWfpA==
expires
Tue, 19 Mar 2024 23:58:36 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mercaden-boeblingen.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 07:45:16 GMT
x-content-type-options
nosniff
age
58639
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14712
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Mar 2025 07:45:16 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mercaden-boeblingen.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 07:44:56 GMT
x-content-type-options
nosniff
age
58659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Mar 2025 07:44:56 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/
14 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mercaden-boeblingen.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 23:09:09 GMT
x-content-type-options
nosniff
age
89606
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Mar 2025 23:09:09 GMT
matomo.php
www.mercaden-boeblingen.de/matomo/
0
328 B
Ping
General
Full URL
https://www.mercaden-boeblingen.de/matomo/matomo.php?action_name=Hair%20Express%20-%20Mercaden%20Boeblingen&idsite=31&rec=1&r=218049&h=1&m=2&s=35&url=https%3A%2F%2Fwww.mercaden-boeblingen.de%2Fgeschafte%2Fhair-express%2F&_id=&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=YJzVSL&pf_net=16&pf_srv=7&pf_tfr=1&pf_dm1=125&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/matomo/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
server
Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
x-amz-cf-pop
FRA60-P4
x-powered-by
PHP/7.4.33
x-cache
Miss from cloudfront
access-control-allow-origin
https://www.mercaden-boeblingen.de
access-control-allow-credentials
true
x-amz-cf-id
8W-RlMcTSX_dgZ8qEiIdEM3aZyq4w22j3V2Yc9Bz3JpGnCHfze901g==
piwik.php
s.sonaesierra.info/
43 B
504 B
Ping
General
Full URL
https://s.sonaesierra.info/piwik.php?action_name=Hair%20Express%20-%20Mercaden%20Boeblingen&idsite=56&rec=1&r=532966&h=1&m=2&s=35&url=https%3A%2F%2Fwww.mercaden-boeblingen.de%2Fgeschafte%2Fhair-express%2F&_id=&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=wDMBkq&pf_net=16&pf_srv=7&pf_tfr=1&pf_dm1=125&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/matomo/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:835a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
cf-cache-status
DYNAMIC
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rES65nBpMCFBVgSdApY9JW7IClFTR7yC85hw595EgF0hRYyl3G%2BXivuJrf9zZDqteJgvUT4WVIDQrk95JrT%2BmdsBUm%2BXNbKvV3RXBVjW%2BAsFqY5SlZqlmcZGlMrQUDZeLSk9jiFN9WOAKFDmYNAwxLA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cf-ray
86716f2d7bd94cc5-SIN
alt-svc
h3=":443"; ma=86400
content-length
43
js
www.googletagmanager.com/gtag/
240 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-GN7599PPQM&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-554FGSN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7b370e7b9082ad4781dc332ad44af3eef93fca7f8fcf9a68b368410d6b6e1ada
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87171
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 20 Mar 2024 00:02:35 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-554FGSN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 19 Mar 2024 23:38:42 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1433
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 20 Mar 2024 01:38:42 GMT
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 8AE8
627 B
811 B
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=30056825
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 20 Mar 2024 00:02:35 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Sun, 02 Mar 2025 21:09:40 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1710892955357_388276619_1546338621_16_649_12_0_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
popup-gravity-forms.js
www.mercaden-boeblingen.de/wp-content/plugins/sierra-forms/src/scripts/
392 B
2 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-forms/src/scripts/popup-gravity-forms.js?ver=2020.11.25
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
942c808c90eeef73cabc505634ff2f39b7f17f70ccbdb75ccf9f1f755c74a028
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:28 GMT
x-amz-cf-pop
FRA60-P4
age
5407
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
279
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 01 Nov 2021 22:21:42 GMT
etag
"188-5cfc199f465a7-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-forms/src/scripts/popup-gravity-forms.js?ver=2020.11.25
x-amz-cf-id
vIxn73LB_j5LvUNMjh2rZkBTRbGAL6WGvBeeKTIN-Dcryvl-IIMaaw==
expires
Tue, 19 Mar 2024 23:32:28 GMT
1.gif
imgsct.cookiebot.com/
35 B
479 B
Image
General
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=40b805a8-a230-4134-96aa-09c56951930b
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
x-guploader-uploadid
ABPtcPrDS40Yiw_dA_Vkp2okMGssUIvMN-MBDrkwwNMdSQyrKoWhT5BeAeZ42QJAyOqoGrpobERuSUbDNA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
35
last-modified
Mon, 23 Oct 2023 11:39:32 GMT
server
UploadServer
etag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-generation
1698061172769999
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=1800
x-goog-stored-content-length
35
accept-ranges
bytes
content-type
image/gif
santapress-public-all.min.js
www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/js/
10 KB
5 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/santapress/public/js/santapress-public-all.min.js?ver=1.5.2
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
88068273b6d7a7d5ef2e2e04374c8f3cc3ee9b10116beb66a4848d31a1eaa80f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:51:52 GMT
x-amz-cf-pop
FRA60-P4
age
643
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
3174
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 30 Nov 2023 23:28:05 GMT
etag
"296d-60b6700f41ce8-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/santapress/public/js/santapress-public-all.min.js?ver=1.5.2
x-amz-cf-id
dP8IcqOxRHHjOS6VtWizWMNs97t8r3Llz2HWeiiA3jmTElwAk_n-oA==
expires
Wed, 20 Mar 2024 00:51:52 GMT
charts.js
www.mercaden-boeblingen.de/wp-content/plugins/sierra-capacity-chart/src/scripts/
221 KB
71 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/plugins/sierra-capacity-chart/src/scripts/charts.js?ver=2020.10.21
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
780fb2721eeddf53a3897b377d85348968e7f47bd732208b9ae9cfd86a608689
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:43:26 GMT
x-amz-cf-pop
FRA60-P4
age
4749
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
70156
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Tue, 27 Oct 2020 09:45:22 GMT
etag
"374c0-5b2a3e7d81f24-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/plugins/sierra-capacity-chart/src/scripts/charts.js?ver=2020.10.21
x-amz-cf-id
_Xuf5Pz5ySlIdPayFzEXMmKiQLNO5XpgaO18hcykuNssJZZOVbImAg==
expires
Tue, 19 Mar 2024 23:43:26 GMT
core.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/
21 KB
9 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
7099
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"53be-60b7580926832-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
x-amz-cf-id
l6ZOilSL6qsxg6Wwli9wYH9D1Y3Mex-eIr_29DA5CCDnImN7oe20vw==
expires
Tue, 19 Mar 2024 23:58:36 GMT
cookies.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
1 KB
3 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/cookies.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
fe72c4e5702698ac4c4bb97e9d19fbac29dcfe91545da8582bf0bd30c3e5dfbe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:17:14 GMT
x-amz-cf-pop
FRA60-P4
age
3606
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
514
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"4a1-5f05e8a807308-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/cookies.svg
x-amz-cf-id
zAm2fLobTvISmruJX9w23KPxGewmXIosh0xL6f5mMZ5ei-Vg-4lwoA==
expires
Wed, 20 Mar 2024 00:02:29 GMT
check-white.svg
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/
165 B
2 KB
Image
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/img/icons/generic/check-white.svg
Requested by
Host: www.mercaden-boeblingen.de
URL: https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/css/main-d2acff621e.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
80beb94b6d9f0c718112bc381ca5ca01e9e9d44c225260dbdaf1649985f4b003
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 23:02:29 GMT
x-amz-cf-pop
FRA60-P4
age
3606
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
152
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 21 Dec 2022 23:02:04 GMT
etag
"a5-5f05e8a806368-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/img/icons/generic/check-white.svg
x-amz-cf-id
atgB40sMfSvrrgpxeYnrSAljViKCXVRfXcxFzFecvd3vRG_GIkUdyw==
expires
Wed, 20 Mar 2024 00:02:29 GMT
datepicker.min.js
www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/
36 KB
13 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
10893
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Fri, 01 Dec 2023 16:45:56 GMT
etag
"8f79-60b75809273ea-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
x-amz-cf-id
HWmQe2D1eddm7EpH5gGCpsm39ZvCJMWtlPgk4Uuw9XrsekGBPVO6-A==
expires
Tue, 19 Mar 2024 23:58:36 GMT
vendor-1852fb9807.min.js
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/
191 KB
58 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/vendor-1852fb9807.min.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
125ecbab83c47f94b78cd89a3174cb06333b8fac88243b04692e721f5c1016d8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:32:29 GMT
x-amz-cf-pop
FRA60-P4
age
5406
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
MISS
content-length
57759
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 27 Sep 2023 21:55:06 GMT
etag
"2fdd5-6065e3e8f8867-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/js/vendor-1852fb9807.min.js
x-amz-cf-id
-Gdb9QK1eIxzzYyYlnSUqVm1dL1dVn8q2_u4T6-Idfn7rw-G66qKPw==
expires
Tue, 19 Mar 2024 23:32:29 GMT
main-e9137c87b2.min.js
www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/
94 KB
28 KB
Script
General
Full URL
https://www.mercaden-boeblingen.de/wp-content/themes/sonae-sierra/dist/js/main-e9137c87b2.min.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-98.fra60.r.cloudfront.net
Software
/
Resource Hash
07fc3e9506d212709f0b4d98a3d20f89b39e28d96f461ae8412cef3d47547216
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
date
Tue, 19 Mar 2024 22:58:56 GMT
x-amz-cf-pop
FRA60-P4
age
3839
x-req-host
www.mercaden-boeblingen.de
x-cache
Hit from cloudfront
x-cache-cms
HIT
content-length
26794
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 14 Mar 2024 21:38:45 GMT
etag
"1791d-613a5b73fdf71-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
x-req-url
/wp-content/themes/sonae-sierra/dist/js/main-e9137c87b2.min.js
x-amz-cf-id
OoiatOr24ThSStEFWNz9Azwbc-3mKBiR2U6vyE91aCiIPLrc3bJw_Q==
expires
Tue, 19 Mar 2024 23:58:36 GMT
js
www.googletagmanager.com/gtag/
240 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-GN7599PPQM&l=dataLayer&cx=c
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
35c32e228f4111521eda145176532069aa06b39a4fdfdef08dd610a77b911a5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87171
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 20 Mar 2024 00:02:35 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 19 Mar 2024 23:38:42 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1433
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 20 Mar 2024 01:38:42 GMT
api.js
www.google.com/recaptcha/
1 KB
935 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9be27582bb35a57e3e78487af6c35f2ecf7def838a52e7e50234f97cb8bf2d7c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 00:02:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 20 Mar 2024 00:02:35 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/
496 KB
198 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fb255a09760e965ef08595da3507477280a6617ff12a2f65b27fe756b5c719b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.mercaden-boeblingen.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Tue, 19 Mar 2024 16:47:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26076
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
202568
x-xss-protection
0
last-modified
Fri, 15 Mar 2024 21:41:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Mar 2025 16:47:59 GMT
collect
region1.google-analytics.com/g/
0
262 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-GN7599PPQM&gtm=45je43i0v9114973570z8839990120za200&_p=1710892955239&gcs=G100&gcd=13p3p3l2l5&npa=1&dma_cps=sypham&dma=1&gtm_up=1&cid=1649100811.1710892956&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=denied&_eu=EA&_s=1&sid=1710892955&sct=1&seg=0&dl=https%3A%2F%2Fwww.mercaden-boeblingen.de%2Fgeschafte%2Fhair-express%2F&dt=Hair%20Express%20-%20Mercaden%20Boeblingen&en=page_view&_fv=1&_ss=1&tfd=741
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GN7599PPQM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Mar 2024 00:02:35 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.mercaden-boeblingen.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1269576125&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mercaden-boeblingen.de%2Fgeschafte%2Fhair-express%2F&ul=en-us&de=UTF-8&dt=Hair%20Express%20-%20Mercaden%20Boeblingen&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEAAAAABEAAAAAAAIk~&cid=1649100811.1710892956&tid=UA-146450809-1&_gid=1998018134.1710892956&gtm=45He43i0n81554FGSNv839990120za200&gcs=G100&gcd=13p3p3l2l5&dma_cps=sypham&dma=1&npa=1&z=1372172125
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Mar 2024 03:54:42 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
72473
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| SierraAPI function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| _paq function| gtag object| dataLayer object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent number| CB_jQueryHoldReadyStarted object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| CookiebotDialog object| CookieConsentDialog object| gaplugins object| data function| renderInvisibleReCaptcha function| Color function| Chart function| Swiper object| Cookies function| Pristine object| intlTelInputGlobals function| intlTelInput object| AOS object| SonaeSierra object| SonaeSierraI18n function| _typeof function| _readOnlyError function| _regeneratorRuntime function| asyncGeneratorStep function| _asyncToGenerator function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| ownKeys function| _objectSpread function| _defineProperty function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray object| app string| BASE_GOOGLE_MAPS_URL string| BASE_WAZE_URL function| getWazeLink function| getGoogleMapsLink function| getRandomInt function| getRandomBetween function| scrollToElement function| serializeData object| trackInfoType string| ckFstPopUp string| ckPopUpView object| modalPopup string| chartClass object| chartTypes object| yearColors object| translate object| trafficValues object| weekdays object| months function| initCharts function| checkFirstVisit function| abbreviate function| changeWeekday function| getData function| renderDataDay function| renderDataWeek function| renderDataYear function| setupChartOptions object| SIERRA_COOKIES number| TARGET_BREAKPOINT_RESOLUTION object| $loyaltyForm function| loyaltyValidation object| SIERRA_HUB function| elementsOverlap object| SIERRA_STICKY object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client number| CB_OnTagsExecuted_Processed object| recaptcha object| gaGlobal object| gaData function| addEventListenerBase

4 Cookies

Domain/Path Name / Value
www.mercaden-boeblingen.de/ Name: AWSALB
Value: xmPrMZTa6WkoZSJNi3wuq16PkbOYYl8z6NQ8S7+lR3g4eM/30QAnGDCqBtPS/0NmzWtl0IENVTI8s6SZ6tS+eqaXgrRoyaKFIjUj4sKf9+3D1Yt0zwUpRvXYHySU
.youtube.com/ Name: YSC
Value: CcA4Fp3EDNI
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: G1IkRs0ar8A
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgEg%3D%3D

6 Console Messages

Source Level URL
Text
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mercaden-boeblingen.de/geschafte/hair-express/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

consent.cookiebot.com
consentcdn.cookiebot.com
fonts.googleapis.com
fonts.gstatic.com
imgsct.cookiebot.com
region1.google-analytics.com
s.sonaesierra.info
sonaesierracms-v2.cdnpservers.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.mercaden-boeblingen.de
www.youtube.com
18.66.147.98
2001:4860:4802:34::36
2600:9000:2670:5e00:10:8660:8940:93a1
2606:4700:3035::ac43:835a
2a00:1450:4001:806::2003
2a00:1450:4001:808::2008
2a00:1450:4001:809::200e
2a00:1450:4001:811::2004
2a00:1450:4001:81d::200a
2a00:1450:4001:828::2003
2a00:1450:4001:831::200e
2a02:26f0:1700:11::b856:6785
2a02:26f0:3500:886::f09
014e6991ed5a8556286d740753c217bb809e52a23299a55da1e920e569afd924
07fc3e9506d212709f0b4d98a3d20f89b39e28d96f461ae8412cef3d47547216
0bfce8a94a17481e074f61bf69f44000e184b1244543eff80a97a483a8b049a7
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
0ef3cd3380ed6509e2f997139e6fc3c33ddab14e66bac42bcaae7b0eef862ba4
103cefe04cc37e4683eb88e695bbe5c190b38ae2d9a08ac0f0e2e01ab4900f68
125ecbab83c47f94b78cd89a3174cb06333b8fac88243b04692e721f5c1016d8
1c7510cd1ecdcdbaf8d47f7e32f1ef6d2606f379c10cc95581e302cb148d95a6
260697fe72934dc499471d3fce5a1d09e2337a2ea41eaded44a8882b6c728b48
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
321dbc58b66d060771e8aa337251f86f52bf72446db419cb9a1317181b1002b7
3419f9d6689f68e7bab5bbbd11b511e1b5c75872bd6f526501110bff277b5422
341f707ebe00267db1fd017fe3c780ce991dc4b271e94e2bcd1b0988eb1db06a
35c32e228f4111521eda145176532069aa06b39a4fdfdef08dd610a77b911a5a
390211945212261d2eb78a99b35d4308bcec43c84e5db30c1f7752963578614c
3aa0d66887bc53fa2c3aae867f345f2765cd72da482bf5b297fedcdc56259f21
3fb255a09760e965ef08595da3507477280a6617ff12a2f65b27fe756b5c719b
46621d9a367db3fec21613e3ded8094f3297e12769c6c0e814597d9cc5e07f94
4b3cd40a761ec198c83e3e2b0cae89c3d1bf2b62910b7f8414c9a8e5fb9f8b54
51c69ff3e1d02281ed0c5cf123e217e889f7e26ca6339dfbd73378357e32258f
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5b98549ced47813dce00649b7963bca2bd82a29a8395cce51a87aadf71399dde
5bb22e81453d6b69b10d640ba35b9a6ff3cc402d23e8b034bb3a1f1cee362084
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
686434b563920599701ef91b5791295c4a687b2a4754c82612fbd684b568f742
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
721be71a7703cd082857051e9b94044d0c9a5e23b36e2912c675dbb80f2e7a5d
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
73d2c831aa2825d5d1e3303f8f08707b11467c58881b1050d05b16ce2b08cb32
73dcbc1e0377a7f17bd4c87d7f4c942a3ad770e5ba12e3aeda645a8a1d756a23
7460fb7fce57c88e340c7f3cf99e429b60ed5a2462010c987e711131da170c43
780fb2721eeddf53a3897b377d85348968e7f47bd732208b9ae9cfd86a608689
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7b370e7b9082ad4781dc332ad44af3eef93fca7f8fcf9a68b368410d6b6e1ada
7f1d8f42d73d428a1f6023b224df693bae605cf2ab7b711dbc58442c54e28be6
80beb94b6d9f0c718112bc381ca5ca01e9e9d44c225260dbdaf1649985f4b003
8178c066755eed955c80bcf3e50ce55c6c41ceec136925a2366f0ff59b96aa43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
859a325a2410a6a83e7a2801b506d97b75f4df1c896e448e26efd650631597f0
868ea2d3b1aa1e16f9ffb2c91039ae42563c6b8f5f0cbe671a8547ebbceab18f
86d2eaff99541321e05447bb59f38337e6f880b8f6b62622058943489f105830
88068273b6d7a7d5ef2e2e04374c8f3cc3ee9b10116beb66a4848d31a1eaa80f
884f8d18f46e5a8349e3c64210d3987baac1f693c91e52031bafbe177f85e381
8c5ff22c57348cc2736fd54f88b1c348c763773656b1ea179b9f8000df8c7f6d
8f27c9a85a821a7e74b3c837349a3d82956d2412d5287307109b3881e0faf644
942c808c90eeef73cabc505634ff2f39b7f17f70ccbdb75ccf9f1f755c74a028
9be27582bb35a57e3e78487af6c35f2ecf7def838a52e7e50234f97cb8bf2d7c
a98bcbffd5d9ea7bf01dfdc4d0b7f0c75bfcefffa62a51e237082f7d05d18987
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b98d45b43eb72c33bab171f28da46a0d47981c5beb8429020a6ab04ca651f85b
c0b9d73b38a7522c8c96eb7a9541c3767456ff575c9b55d681397132e44409fb
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6b98ea78112f5c3e1cf859feecafbaa2e98f66826a88a488347246e53cfa4e0
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
dcf976d85eeb8dd399479c74ec436db8f674cf02f2f9d32e9a82198ceb67a8e9
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc585ff2b14d773735862f4da5d85e7b9e13003115d2974928cf3b26afa4100d
fe72c4e5702698ac4c4bb97e9d19fbac29dcfe91545da8582bf0bd30c3e5dfbe