flights.booking.com Open in urlscan Pro
52.222.214.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://flights.booking.com/confirmation/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb67...
Effective URL:
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296...
Submission: On June 10 via api (June 10th 2022, 6:50:33 am UTC) from IE — Scanned from DE

Summary HTTP 66 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 11 domains to perform 66 HTTP transactions. The main IP is 52.222.214.6, located in United States and belongs to AMAZON-02, US. The main domain is flights.booking.com. The Cisco Umbrella rank of the primary domain is 201921.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 1st 2021. Valid for: a year.

This is the only time flights.booking.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 12	52.222.214.6 52.222.214.6	16509 (AMAZON-02) (AMAZON-02)
1 3	37.10.0.220 37.10.0.220	43996 (BOOKING-B...) (BOOKING-BV Booking.com)
14	2600:9000:223... 2600:9000:223f:c000:1f:e2ee:200:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:400c:c1b::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	5.57.19.231 5.57.19.231	43996 (BOOKING-B...) (BOOKING-BV Booking.com)
66	14

12 52.222.214.6 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-6.fra56.r.cloudfront.net

flights.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shelves.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.10.0.220 (Netherlands) 1 redirects

ASN43996 (BOOKING-BV Booking.com, NL)

www.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:223f:c000:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)

q-xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r-xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.57.19.231 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: secure.booking.com

secure.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	booking.com 3 redirects flights.booking.com — Cisco Umbrella Rank: 201921 www.booking.com — Cisco Umbrella Rank: 9323 shelves.booking.com — Cisco Umbrella Rank: 17414 secure.booking.com — Cisco Umbrella Rank: 15911	105 KB
14	bstatic.com q-xx.bstatic.com — Cisco Umbrella Rank: 13463 r-xx.bstatic.com — Cisco Umbrella Rank: 43498 xx.bstatic.com — Cisco Umbrella Rank: 61876	602 KB
10	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 43	22 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 429	106 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6180	692 B
4	google.com www.google.com — Cisco Umbrella Rank: 4	692 B
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 98 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	3 KB
4	bing.com bat.bing.com — Cisco Umbrella Rank: 333	23 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 122	30 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 75	116 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 722	457 B
66	11

	Domain	Requested by
11	flights.booking.com	2 redirects q-xx.bstatic.com
10	www.google-analytics.com	flights.booking.com www.google-analytics.com
10	q-xx.bstatic.com	flights.booking.com q-xx.bstatic.com
7	cdn.cookielaw.org	flights.booking.com cdn.cookielaw.org
4	www.google.de	flights.booking.com
4	www.google.com	flights.booking.com
4	bat.bing.com	www.googletagmanager.com bat.bing.com cdn.cookielaw.org
3	www.booking.com	1 redirects flights.booking.com q-xx.bstatic.com
2	secure.booking.com	xx.bstatic.com
2	xx.bstatic.com	shelves.booking.com
2	r-xx.bstatic.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	www.googleadservices.com	www.googletagmanager.com cdn.cookielaw.org
2	www.googletagmanager.com	flights.booking.com www.googletagmanager.com
1	shelves.booking.com	q-xx.bstatic.com
1	geolocation.onetrust.com	cdn.cookielaw.org
66	17

This site contains links to these domains. Also see Links.

Domain
secure.booking.com
www.booking.com
booking.com

Subject Issuer	Validity	Valid
*.booking.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-01` - `2022-08-21`	a year	crt.sh
*.bstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-20`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
Frame ID: 9496443BE071309E5BF1C0600AB2AC9D
Requests: 64 HTTP requests in this frame

Frame: https://www.booking.com/cookiebanner.html
Frame ID: C71B9E8A9A4DDBDA80463E3E506FCF09
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Flights - Booking.com

Page URL History Show full URLs

https://flights.booking.com/confirmation/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af... HTTP 302
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e71... HTTP 302
https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL2Jvb2tpbmcvb3JkZ... HTTP 302
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e71... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

66
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

17
Subdomains

14
IPs

4
Countries

1005 kB
Transfer

5363 kB
Size

18
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.booking.com/help?source=hc_entry_point_flights_header&lang=de&aid=304142&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ

Search URL Search Domain Scan URL

URL: https://www.booking.com/index.html?aid=304142&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Title: Aufenthalte

Search URL Search Domain Scan URL

URL: https://booking.com/pxgo?token=UmFuZG9tSVYkc2RlIyh9YVyXrXnsfRBJmOE-CkpM7L4bEflhJ8cRL9nQI1KIk9pU5CvMAvoAItQc_RZtOkFdXhqZH4xtF1a0XQ-1qym-TLGMH-fg7iABy5iR8mSdLOEnKEtJT5Hf6moPROgQ8RI1mpYF7so2dn-cjZswT5ouXDxN0Hf9FAhJGZz2SbRiBgdXQWThGY_YGkVphJ4L2fm0CnAaazwI6gPJ31hMo_EVcxRe5iE4NOIp13MIcPnwKr1tkputsSqrxoI1IVJDC8NhllF8KlcK1cOiBN3vTJjKG4yMh-CDfCsYFuYoUFq2lEcBYVDWk5UTB1g&aid=304142&lang=de&url=https%3A%2F%2Fbooking.kayak.com%2Fin%3Fp%3Dsearchbox_link%26sid%3D56b4694cf6fdda20d795ede4a6555bb8%26mc%3DSEK%26a%3Dbdc%252Fsearchbox%26bdclc%3Dde&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Title: Flüge

Search URL Search Domain Scan URL

URL: https://booking.com/pxgo?token=UmFuZG9tSVYkc2RlIyh9YWDUtbaQciWiGSaepgbtV2grl_hSt4a4S6ZN2gZDjqCFqJ5n_51LCt88qfA5vH9wfq5uFp3AeaAD_N4_A8myNQfFlwbo3IgSrXQJiFBkoY3HcCuP7jcQ45Cn-UsxYuQa20JS40MpVDZ_yGLbD_AwY8i8riIuspq9Xd6IgxxfiZslwm1Av9cStrUZU9CfRdsGyz5DiTSyuP4XdxahbzNucpB-skpuqTDa3c4-RXBSzbqlB6JUiIwv3cmoXPeayN4WP8J_7NrSQOnvLVcm5hmcqoQCtpsD8M8As__szW8QXra7OohgglXQFeJGebEdnSv-XA&aid=304142&lang=de&url=https%3A%2F%2Fbooking-se.lastminute.com&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Title: Flug + Hotel

Search URL Search Domain Scan URL

URL: https://www.booking.com/cars/index.html?aid=304142&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Title: Mietwagen

Search URL Search Domain Scan URL

URL: https://www.booking.com/attractions/index.de.html?aid=304142&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ&sid=56b4694cf6fdda20d795ede4a6555bb8&source=booking_index-nav_bar_tours_and_activities
Title: Sehenswürdigkeiten

Search URL Search Domain Scan URL

URL: https://www.booking.com/taxi/index.html?aid=304142&label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Title: Taxis zum/vom Flughafen

Search URL Search Domain Scan URL

URL: https://secure.booking.com/help?source=hc_entry_point_flights_order_page
Title: Zu den Hilfeseiten

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://flights.booking.com/confirmation/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d HTTP 302
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d HTTP 302
https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL2Jvb2tpbmcvb3JkZXItZGV0YWlscy81MjRjNjllM2JiNWI5YzVmOWRmOGU0ZDgwNzAyODRlMTA5YWIxNGE2MGVlZjQyNjZkYjNlNzEwMmQxOTY1YWY2MTI1MzAxOTI5NmUwYTdjZGI2NzYwZDRiMjNhNDdmNDliMTQ1MTM4Y2M0MDMzZWY5ZWUzOTg4OGFhNjdjN2Y4MDVmM2JkMWIzMjczZDY1NzBjYjJjYTg4ZDY2M2Q%3D HTTP 302
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

66 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d Show response
flights.booking.com/booking/order-details/
Redirect Chain

https://flights.booking.com/confirmation/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2...
https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL2Jvb2tpbmcvb3JkZXItZGV0YWlscy81MjRjNjllM2JiNWI5YzVmOWRmOGU0ZDgwNzAyODRlMTA5YWIxNGE2MGVlZjQyNjZkYjNlNzEwMmQxOTY1YW...
https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2...

370 KB
60 KB

157ms
156ms

Document
text/html

52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

065fbfbd72e991c694afec30c905c947c307fad7ad95144a90974592efcd6605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 10 Jun 2022 06:50:27 GMT
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=31536000;
vary: Accept-Encoding
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-id: Mh8A7VJfednfIzU8HdfAcP-mA1wi-_3_rdpztKlZkhEtiJtThjE1QQ==
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 9c9e8200-e889-11ec-a8e4-fbf375086483
x-xss-protection: 1; mode=block

Redirect headers

content-security-policy-report-only: frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=b7cb3019d3a60005&e=UmFuZG9tSVYkc2RlIyh9YajUVvlXfGGzllQHPh7pRN5k9lkwMwCCnXPIxOGjj4WCOEK27lbgfaI;
date: Fri, 10 Jun 2022 06:50:27 GMT
location: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
nel: {"max_age":604800,"report_to":"default"}
report-to: {"max_age":604800,"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}]}
server: nginx
strict-transport-security: max-age=604800
transfer-encoding: chunked
x-content-type-options: nosniff
x-recruiting: Like HTTP headers? Come write ours: https://careers.booking.com
x-xss-protection: 1; mode=block

GET
H2 200 client.6917f3fc.css
q-xx.bstatic.com/flights/web/static/css/ 98 KB
12 KB 53ms
8ms Stylesheet
text/css 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/css/client.6917f3fc.css

Requested by

Host: flights.booking.com
URL: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aa05580c36d52f5d83261ca18394b5758a0213beb5c49e36235854450e4e1995

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 09:15:22 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 77705
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Wed, 07 Sep 2022 08:58:41 GMT", rule-id="expire-static-assets"
last-modified: Thu, 09 Jun 2022 08:58:41 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:f3d84823fbc44e3e8ba5ba1a67f10238
etag: W/"f3d84823fbc44e3e8ba5ba1a67f10238"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: 3MIrzEnb1bNmz8VtbHQ4x8_wBTAufgKa5Ph6gqbzWQbMx6fCi00VLw==
expires: Sat, 09 Jul 2022 09:15:22 GMT

GET
H2 200 screens-CheckoutSirf.e97cd968.chunk.css
q-xx.bstatic.com/flights/web/static/css/ 30 KB
5 KB 54ms
9ms Stylesheet
text/css 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/css/screens-CheckoutSirf.e97cd968.chunk.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

69579ce392e7bd37a22c890898424d1b2c77ad596496bbc21072961e651b0b77

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 13:06:05 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 236662
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Mon, 05 Sep 2022 12:10:57 GMT", rule-id="expire-static-assets"
last-modified: Tue, 07 Jun 2022 12:10:57 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:a955327b6a06d388c83cd71eb016c0b4
etag: W/"a955327b6a06d388c83cd71eb016c0b4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: deozd6Fs3GrKVBdFZBS0R-ORC4LVXlODltcy9BrWtgnNR0zXKRsJUA==
expires: Thu, 07 Jul 2022 13:06:05 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/ 4 KB
2 KB 63ms
28ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/OtAutoBlock.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfe0f34bb0f2721865ce82e28bbc4b37c4ac1d0e4c2bf8909783bfc498357f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 9kttXH5niwhBbLG/+XkC+w==
age: 13274
vary: Accept-Encoding
content-length: 1593
x-ms-lease-status: unlocked
last-modified: Tue, 29 Mar 2022 12:58:59 GMT
server: cloudflare
etag: 0x8DA1183E417743E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 527408ca-901e-00f9-0a6d-431206000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c449d660229-ZRH
expires: Fri, 10 Jun 2022 10:50:27 GMT

GET
H2 200 de.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 146 B
711 B 6ms
6ms Image
image/png 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/de.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c1f1497ae4ade7ce895bc174187b7c5f145d0924c082c86cfed4efda62f305c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 22 May 2022 17:07:38 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
age: 1604569
x-cache: Hit from cloudfront
content-length: 146
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
server: nginx
etag: "5f560e08-92"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: lmxiQOTtEzVtKUhHdAEe9mdfSD1L1sWdAtGjBqhCOBG6MdJfWevFbQ==
expires: Tue, 21 Jun 2022 17:07:38 GMT

GET
H2 200 client.d703e79a.js Show response
q-xx.bstatic.com/flights/web/static/js/ 2 MB
345 KB 21ms
7ms Script
application/javascript 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

67d5844b014cce07a0f325a7e75966d81e43942483506f91dd770a2fa3ca4235

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://flights.booking.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 14:53:17 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 57430
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Wed, 07 Sep 2022 14:34:53 GMT", rule-id="expire-static-assets"
last-modified: Thu, 09 Jun 2022 14:34:53 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:3622187c3a422dcf0c0fe40fabba286a
etag: W/"3622187c3a422dcf0c0fe40fabba286a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
via: 1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: 0HWCawZtnlU7Bk4I-nf7u4ALJ7N5uNp2rm1YlhttnHeKYAu8uU50dQ==
expires: Sat, 09 Jul 2022 14:53:17 GMT

GET
H2 200 screens-CheckoutSirf.18725d34.chunk.js Show response
q-xx.bstatic.com/flights/web/static/js/ 680 KB
141 KB 60ms
50ms Script
application/javascript 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/js/screens-CheckoutSirf.18725d34.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2246ab0e4b1361efe9f9c93ca1f2ca821b99dd34144e20815eab9f0cd6427498

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://flights.booking.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 14:53:17 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 57430
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Wed, 07 Sep 2022 14:34:56 GMT", rule-id="expire-static-assets"
last-modified: Thu, 09 Jun 2022 14:34:56 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:54baf2fd4073b98609037364f4351b93
etag: W/"54baf2fd4073b98609037364f4351b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
via: 1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: xZEmerUUHL2xKNm25-6aV1QqSbEQT6JNFOHJ_4at4A_Fl1ipwSqIUg==
expires: Sat, 09 Jul 2022 14:53:17 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 162 KB
59 KB 38ms
16ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8119b66666cbbc292686041a0eca79e8cc1f9d7841676d730f90277022be9e94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60270
x-xss-protection: 0
last-modified: Fri, 10 Jun 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 10 Jun 2022 06:50:27 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1879
date: Fri, 10 Jun 2022 06:19:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 10 Jun 2022 08:19:08 GMT

GET
H/1.1 200
OK cookiebanner.html Show response
www.booking.com/ Frame C71B 2 KB
2 KB 185ms
184ms Document
text/html 37.10.0.220
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.booking.com/cookiebanner.html

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

Software

nginx /

Resource Hash

63f1f993c1612f1b46e3d771b742a1e00f9378532b500ca93aab28f447b5609d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: br
content-length: 847
content-type: text/html; charset=UTF-8
date: Fri, 10 Jun 2022 06:50:28 GMT
nel: {"report_to":"default","max_age":604800}
report-to: {"max_age":604800,"endpoints":[{"url":"https://nellie.booking.com/report"}],"group":"default"}
server: nginx
strict-transport-security: max-age=604800
vary: User-Agent, Accept-Encoding
x-content-type-options: nosniff
x-recruiting: Like HTTP headers? Come write ours: https://careers.booking.com
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 16ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1448255102&t=pageview&_s=1&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=864394485&gjid=772562839&cid=2054642203.1654843828&tid=UA-116109-57&_gid=326240869.1654843828&_r=1&_slc=1&z=1213031729

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://flights.booking.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 47ms
22ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

22f38bcd5544708fe83348bf6b068d4f521e0cb16c32d0256b7e027760114bad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15069
x-xss-protection: 0
server: cafe
etag: 11223643544955582496
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 10 Jun 2022 06:50:28 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 56ms
39ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96F58797FDCC42598909C47DA91A8C9A Ref B: FRAEDGE1413 Ref C: 2022-06-10T06:50:28Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Fri, 10 Jun 2022 06:50:27 GMT
accept-ranges: bytes
content-length: 11333

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 153 KB
57 KB 35ms
21ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1070314322

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

16f9081a837b90029905c3d43df76c3d731914fa4bd93744471dc8994dbdb087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57994
x-xss-protection: 0
last-modified: Fri, 10 Jun 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 10 Jun 2022 06:50:28 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-116109-57&cid=2054642203.1654843828&jid=864394485&gjid=772562839&_gid=326240869.1654843828&_u=IEBAAEAAAAAAAC~&z=531324676

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 10 Jun 2022 06:50:28 GMT
content-type: text/plain
access-control-allow-origin: https://flights.booking.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64457.e52af85f.chunk.js Show response
q-xx.bstatic.com/flights/web/static/js/ 9 KB
3 KB 6ms
6ms Script
application/javascript 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/js/64457.e52af85f.chunk.js

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

16718d0277eec1466719792f60642cedc57e1e9f8a3dfb11e32a9bd86ac2e517

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://flights.booking.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 07:41:48 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 169720
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Mon, 05 Sep 2022 12:13:03 GMT", rule-id="expire-static-assets"
last-modified: Tue, 07 Jun 2022 13:48:52 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:77220b531ec79ae809205953cadada1f
etag: W/"77220b531ec79ae809205953cadada1f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
via: 1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: OrH6-bFrXvU_0P8htgvFk56kaoXAGWQjb-k9Ltb4xGvvty_fjONjIg==
expires: Fri, 08 Jul 2022 07:41:48 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 42ms
18ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-116109-57&cid=2054642203.1654843828&jid=864394485&_u=IEBAAEAAAAAAAC~&z=972242704

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 40ms
17ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-116109-57&cid=2054642203.1654843828&jid=864394485&_u=IEBAAEAAAAAAAC~&z=972242704

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/481216654/ 2 KB
2 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/481216654/?random=1654843828142&cv=9&fst=1654843828142&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg680&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07cabdb2565283b3f78047c17e4ad806db713bcf99fbbc8ba7dafe77f9cc9561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1141
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK header Show response
www.booking.com/attractions/api/ 16 KB
7 KB 123ms
76ms Fetch
application/json 37.10.0.220
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.booking.com/attractions/api/header?label=gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ&lang=de&aid=304142&product=flights

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

Software

nginx /

Resource Hash

951f272c167dde26eb3a1b79f5bb3e48ece2598b99e294562e3efe51270710b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-options: nosniff
server: nginx
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self'; connect-src 'self' *.booking.com:* wss://*.booking.com:* cdn.cookielaw.org *.google-analytics.com *.onetrust.com; script-src 'self' 'unsafe-inline' *.booking.com:* *.bstatic.com cdn.cookielaw.org bat.bing.com googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.onetrust.com; img-src * data:; style-src 'self' 'unsafe-inline' *.booking.com *.bstatic.com *.googleapis.com; font-src 'self' *.bstatic.com fonts.gstatic.com; frame-src 'self' *.booking.com; object-src 'none'; report-to default
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://flights.booking.com
access-control-max-age: 1209600
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
transfer-encoding: chunked
x-xss-protection: 1; mode=block

POST
H2 202 internal-events Show response
flights.booking.com/track/ 16 B
701 B 51ms
50ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/internal-events

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
vary: Origin
content-length: 16
x-xss-protection: 1; mode=block
x-request-id: 9ceb6980-e889-11ec-bb16-2766179df633
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: MmeL1tQD6JVWl6-dgERJX0iSwhWoavl4uFPbBvyl548nBOuPfDu1Iw==

POST
H2 202 internal-events Show response
flights.booking.com/track/ 16 B
700 B 48ms
48ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/internal-events

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
vary: Origin
content-length: 16
x-xss-protection: 1; mode=block
x-request-id: 9cea7f20-e889-11ec-b119-dda91139e758
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: bHMpsBx_VilJuunv0Web8yXMMFiApiuPU1OQCcb-tdRNBTZVb_j5Qg==

POST
H2 202 route-changes Show response
flights.booking.com/track/ 13 B
698 B 60ms
59ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/route-changes

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

eea30d77847b2d433e61933006a0fffc094452f86be84c4533b3d6122ab77a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
vary: Origin
content-length: 13
x-xss-protection: 1; mode=block
x-request-id: 9ceb6980-e889-11ec-9fbf-63e5d99c0901
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: MlXGzKfbOVOF8qhk76zO0hLo-TOz-As9ATd6875MO9o5z35VENJmDA==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=event&_s=2&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Flights&ea=pb_order_details_landing_in&el=&_u=KEBAAEABAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-57&_gid=326240869.1654843828&z=1174781667

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17629
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 15338614.js Show response
bat.bing.com/p/action/ 0
136 B 153ms
153ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/15338614.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 40B3D53F529F4459BECAE098AFC957F1 Ref B: FRAEDGE1413 Ref C: 2022-06-10T06:50:28Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Fri, 10 Jun 2022 06:50:27 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=pageview&_s=3&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&dp=pb-order-details&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEBAAEABAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-57&_gid=326240869.1654843828&cd2=&cd3=&cd4=&cd5=&cd6=&z=235234193

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17629
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d Show response
flights.booking.com/api/order/ 1 MB
24 KB 383ms
383ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/api/order/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d?includeAvailableExtras=1

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

3dd509a69f735c821f713c74326871cc2584536c0b553a9ee6ee0e63bfa0448c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
X-Flights-Context-Name: pb_order_details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000;
x-xss-protection: 1; mode=block
x-request-id: 9cf861d0-e889-11ec-9f2d-a14655f65604
referrer-policy: no-referrer
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-booking-app-version: d6c3109618e03460c105b1ed975f19c8e9490d7c
access-control-allow-credentials: true
x-amz-cf-id: FnEDVQAnNcmjweiK3Sy0ehOKbiVKKuR4ijId6Qvwqbp7KyvC0nDf9A==

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070314322/ 3 KB
1 KB 74ms
59ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070314322/?random=1654843828245&cv=9&fst=1654843828245&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

186cdc309d7edd5df58a40dea075f9fb738f1bddece4f1e39219fe4df0534f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1165
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/481216654/ 42 B
64 B 36ms
18ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/481216654/?random=1654843828142&cv=9&fst=1654840800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg680&sendb=1&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&async=1&fmt=3&is_vtc=1&random=1065078281&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/481216654/ 42 B
64 B 37ms
19ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/481216654/?random=1654843828142&cv=9&fst=1654840800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg680&sendb=1&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&async=1&fmt=3&is_vtc=1&random=1065078281&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 22ms
22ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 2R9GKwuxJTUynP4on2KYxQ==
age: 8847
vary: Accept-Encoding
content-length: 6921
x-ms-lease-status: unlocked
last-modified: Tue, 07 Jun 2022 19:29:00 GMT
server: cloudflare
etag: 0x8DA48BBF9415CFF
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 5e89c6e3-001e-009a-0cc0-7a5423000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c4698290229-ZRH

GET
H2 200 7163e23c-88a8-41d6-8838-55b75cf39a74.json Show response
cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/ 6 KB
2 KB 45ms
20ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/7163e23c-88a8-41d6-8838-55b75cf39a74.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

980d719e0f0c3899b48b4a243ebc3346dca3d476837023737e3dae174c224c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: NijLD9Qqg3CvTmlifur96A==
age: 12267
vary: Accept-Encoding
content-length: 1844
x-ms-lease-status: unlocked
last-modified: Tue, 29 Mar 2022 12:58:01 GMT
server: cloudflare
etag: 0x8DA1183C19CF29B
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f7dbf7ce-001e-0074-676d-435ea0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c46ed6f020d-ZRH
expires: Fri, 10 Jun 2022 10:50:28 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1070314322/ 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1070314322/?random=1654843828245&cv=9&fst=1654840800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&async=1&fmt=3&is_vtc=1&random=2264518208&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1070314322/ 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1070314322/?random=1654843828245&cv=9&fst=1654840800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&tiba=Flights%20-%20Booking.com&async=1&fmt=3&is_vtc=1&random=2264518208&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 182 B
457 B 75ms
47ms XHR
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 71902c473be3233d-ZRH
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.25.0/ 318 KB
76 KB 21ms
21ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe035b6ff2394b9fc9b4dad0acc9050d633269a5efa7cfeac7e6b8fdc12b7065

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: wv3c0qnkBhaWE//T4i2BGA==
age: 20241744
vary: Accept-Encoding
content-length: 77456
x-ms-lease-status: unlocked
last-modified: Thu, 14 Oct 2021 05:25:45 GMT
server: cloudflare
etag: 0x8D98ED3130CF4D8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a5aa8ace-101e-006b-076c-c485b0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c47895d0229-ZRH

GET
H2 200 de.json Show response
cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/28fe90b0-2a5a-4cf9-8e33-f3878e80e202/ 34 KB
11 KB 19ms
19ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/7163e23c-88a8-41d6-8838-55b75cf39a74/28fe90b0-2a5a-4cf9-8e33-f3878e80e202/de.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96cbbc6c96be20df8300258cce04b1cafdad5cbbb9297e5de46c34b0788cd32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uThn+/tpmYWXkL34jBKhqg==
age: 3410
vary: Accept-Encoding
content-length: 10661
x-ms-lease-status: unlocked
last-modified: Tue, 29 Mar 2022 13:01:28 GMT
server: cloudflare
etag: 0x8DA11843D273F8E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d54e1009-501e-012c-7c6e-431c8e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c47ceaf020d-ZRH
expires: Fri, 10 Jun 2022 10:50:28 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.25.0/assets/ 13 KB
3 KB 20ms
20ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.25.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: QAufc0ozHqszfMLxOJh3oA==
age: 6203
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Fri, 22 Oct 2021 16:52:36 GMT
server: cloudflare
etag: 0x8D9957C59E8C180
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 7d4c3662-a01e-00b5-1c39-cbd519000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71902c47fed9020d-ZRH

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.25.0/assets/ 20 KB
4 KB 29ms
29ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.25.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 19501394
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Fri, 22 Oct 2021 16:52:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: db9eeb43-301e-0115-6a39-cb5c2a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 71902c47fedb020d-ZRH

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 39ms
22ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

22f38bcd5544708fe83348bf6b068d4f521e0cb16c32d0256b7e027760114bad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15069
x-xss-protection: 0
server: cafe
etag: 11223643544955582496
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 10 Jun 2022 06:50:28 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
11 KB 54ms
54ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 900A1E5FED264AD3B3F7654BC3343D95 Ref B: FRAEDGE1413 Ref C: 2022-06-10T06:50:28Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Fri, 10 Jun 2022 06:50:28 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 204 15338614.js Show response
bat.bing.com/p/action/ 0
118 B 330ms
329ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/15338614.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.25.0/otBannerSdk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C62E087342854F11BBC7EF8A9FC273F2 Ref B: FRAEDGE1413 Ref C: 2022-06-10T06:50:28Z
date: Fri, 10 Jun 2022 06:50:28 GMT
x-cache: CONFIG_NOCACHE

GET
H2 200 SeatsBlock.bad0bcbb.chunk.js Show response
q-xx.bstatic.com/flights/web/static/js/ 30 KB
9 KB 8ms
7ms Script
application/javascript 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q-xx.bstatic.com/flights/web/static/js/SeatsBlock.bad0bcbb.chunk.js

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7d15acb57a5e293e933c04adf76c796d6adadc377160ce09bb36e3e99c9d912c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://flights.booking.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 14:09:14 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 232874
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Mon, 05 Sep 2022 12:14:21 GMT", rule-id="expire-static-assets"
last-modified: Tue, 07 Jun 2022 13:50:03 GMT
server: nginx
x-amz-meta-s3cmd-attrs: md5:d2582840f37ca66ddad0d0527defa0f6
etag: W/"d2582840f37ca66ddad0d0527defa0f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
via: 1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: IluCKyIoRmKXmh_6zeB2K98fYUONnIHcdjQvtTEYkrNHb-V2_8iRFw==
expires: Thu, 07 Jul 2022 14:09:14 GMT

POST
H2 202 internal-events Show response
flights.booking.com/track/ 16 B
702 B 46ms
45ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/internal-events

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
vary: Origin
content-length: 16
x-xss-protection: 1; mode=block
x-request-id: 9d325d90-e889-11ec-a8e4-fbf375086483
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: ZFZ5eGprifftvrMdPd5OJhZpxuHNXeDRpTE9XBmzX_zfxbTRQlxUdA==

GET
H2 200 LX.png
r-xx.bstatic.com/data/airlines_logo/ 3 KB
3 KB 51ms
7ms Image
image/png 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r-xx.bstatic.com/data/airlines_logo/LX.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

864ff08871287b3fe17e3dea65543b21bbff5a81575cc34711b4aa226c0d2277

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 16 May 2022 22:36:07 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
age: 2103260
x-cache: Hit from cloudfront
content-length: 2685
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Apr 2022 13:12:00 GMT
server: nginx
etag: "6256cc20-a7d"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IzKWsDImx1aphSw1nTV5rmavAviRMq5EM6mMJnZAMA8LZMcjDayFkw==
expires: Wed, 15 Jun 2022 22:36:07 GMT

GET
H2 200 A3.png
r-xx.bstatic.com/data/airlines_logo/ 3 KB
3 KB 51ms
7ms Image
image/png 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://r-xx.bstatic.com/data/airlines_logo/A3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d7f133bfa332072463cc156af300916957f20268969cbf098b7968a0945dc34e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 18 May 2022 21:51:52 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
age: 1933116
x-cache: Hit from cloudfront
content-length: 3097
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Apr 2022 13:09:56 GMT
server: nginx
etag: "6256cba4-c19"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: D4Mb3ADtUz62sB2tQEfYVcBbTM6Vr155jxfolV7peZmhi_OuKh0Xiw==
expires: Fri, 17 Jun 2022 21:51:52 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=event&_s=4&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Flights&ea=pb_order_details_show_banner_add_luggage&el=&_u=KEBAAEABAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-57&_gid=326240869.1654843828&z=1179730264

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17629
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cross-sell_loader.js Show response
shelves.booking.com/ 1 KB
2 KB 96ms
76ms Script
application/javascript 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://shelves.booking.com/cross-sell_loader.js

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/screens-CheckoutSirf.18725d34.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

fa0ba35e968b178dfaee653309cc7d6c979447f37a0f0a638788303b8e01e6d9

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
last-modified: Tue, 07 Jun 2022 11:49:56 GMT
server: nginx
x-amz-cf-pop: FRA56-P3
etag: "629f3b64-513"
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=0
accept-ranges: bytes
content-length: 1299
x-xss-protection: 1; mode=block
x-amz-cf-id: SOl2WOfCdHO2khldgdiZ8rIiLNi4APYAvyacVBqL7doUzJGZ1B7Zzg==
expires: Fri, 10 Jun 2022 06:50:28 GMT

POST
H2 202 internal-events Show response
flights.booking.com/track/ 16 B
701 B 57ms
57ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/internal-events

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
vary: Origin
content-length: 16
x-xss-protection: 1; mode=block
x-request-id: 9d3bac60-e889-11ec-a8e4-fbf375086483
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: r7EsH2bN-VDQSLbrwg7j0_WSSQxX0UUe5kl8_vx1A2Z0zXdcyD0wRQ==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=event&_s=5&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Flights&ea=pb_order_details_show_banner_seat&el=&_u=KEBAAEABAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-57&_gid=326240869.1654843828&z=762524073

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17629
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 et Show response
flights.booking.com/track/ 4 B
705 B 87ms
87ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/et

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000;
content-length: 4
x-xss-protection: 1; mode=block
x-request-id: 9d40dc80-e889-11ec-95dd-fdfe7d46e376
referrer-policy: no-referrer
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: twNIbEeTRg2CBAj9RnYYGWE2ojtKamA8Y-X1La-Q7u2MeQAB50RtpQ==

GET
H2 200 cross-sell.fa4d779.css
xx.bstatic.com/psb/cross-sell/desktop/ 178 KB
20 KB 70ms
14ms Stylesheet
text/css 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://xx.bstatic.com/psb/cross-sell/desktop/cross-sell.fa4d779.css

Requested by

Host: shelves.booking.com
URL: https://shelves.booking.com/cross-sell_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e9f75fecc3a33448c166cfb0d7e67bbe5f194837259aa024c43bd8fe8b11b469

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 12:02:08 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 240500
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-meta-x-deployment-hash: 806bb99336feeb41b756bf0af8d5510f522f2d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Wed, 05 Oct 2022 11:56:00 GMT", rule-id=""
last-modified: Tue, 07 Jun 2022 11:56:02 GMT
server: nginx
etag: W/"fa4d7791887b12d4f9d4de2655bd0e96"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: IYFfaCg-CpQ7ymRjL-Qy7MnOayETe6ojvrt5nRT_zbfft0yMswzC5g==
expires: Thu, 07 Jul 2022 12:02:08 GMT

GET
H2 200 de_cross-sell.3388343.js Show response
xx.bstatic.com/psb/cross-sell/desktop/ 134 KB
35 KB 74ms
18ms Script
application/javascript 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://xx.bstatic.com/psb/cross-sell/desktop/de_cross-sell.3388343.js

Requested by

Host: shelves.booking.com
URL: https://shelves.booking.com/cross-sell_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3e710d5b314ec8525c58ac18451fb1567bb4f28b601895fae9cb1a5be9f12d8f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 12:22:37 GMT
content-encoding: br
nel: {"report_to":"default","max_age":600}
age: 239270
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-meta-x-deployment-hash: 9965846096d4d6b015acd3ec007d70119be08645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-amz-expiration: expiry-date="Wed, 05 Oct 2022 11:26:53 GMT", rule-id=""
last-modified: Tue, 07 Jun 2022 11:26:55 GMT
server: nginx
etag: W/"3cc2d1c3f4e6341e21ecdc67ee2cda92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
x-amz-cf-id: 0S4qP28zRHFPNFbr6x6O0mIxNgUIk7OepKZqyMG_i-AWjMb4IbEaCQ==
expires: Thu, 07 Jul 2022 12:22:37 GMT

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 10 Jun 2022 06:45:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 10 Jun 2022 07:45:50 GMT

POST
H/1.1 200
OK dist Show response
secure.booking.com/xps/ 5 KB
3 KB 302ms
277ms Fetch
application/json 5.57.19.231
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.booking.com/xps/dist

Requested by

Host: xx.bstatic.com
URL: https://xx.bstatic.com/psb/cross-sell/desktop/de_cross-sell.3388343.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

5.57.19.231 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

secure.booking.com

Software

nginx /

Resource Hash

83964b742a2cdc6940dd714d93215c6f77f64326a653f98fe2285bd9563cce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=17280000
X-Xss-Protection	1; mode=block

Request headers

X-Booking-Language-Code: de
X-Booking-CSRF: undefined
X-Booking-AID: 304142
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json
X-Booking-Pageview-Id: undefined
Referer
X-Booking-ET-Seed: undefined
X-Booking-Session-Id: undefined
X-Booking-CCXP-Version: 2
X-Booking-Platform: www
X-Booking-Csxp-Placement-Page: FLIGHT__MANAGE_BOOKING
accept-language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Jun 2022 06:50:29 GMT
content-encoding: gzip
x-content-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
strict-transport-security: max-age=17280000
transfer-encoding: chunked
x-xss-protection: 1; mode=block

OPTIONS
H/1.1 200
OK dist
secure.booking.com/xps/ Frame 0
0 90ms
47ms Preflight
application/json 5.57.19.231
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.booking.com/xps/dist

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

5.57.19.231 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

secure.booking.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=17280000
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-booking-aid,x-booking-ccxp-version,x-booking-csrf,x-booking-csxp-placement-page,x-booking-et-seed,x-booking-label,x-booking-language-code,x-booking-pageview-id,x-booking-platform,x-booking-session-id
Access-Control-Request-Method: POST
Origin: https://flights.booking.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-booking-aid,x-booking-ccxp-version,x-booking-csrf,x-booking-csxp-placement-page,x-booking-et-seed,x-booking-label,x-booking-language-code,x-booking-pageview-id,x-booking-platform,x-booking-session-id
access-control-allow-methods: POST
access-control-allow-origin: https://flights.booking.com
content-encoding: gzip
content-type: application/json; charset=UTF-8
date: Fri, 10 Jun 2022 06:50:29 GMT
server: nginx
strict-transport-security: max-age=17280000
transfer-encoding: chunked
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 flights_abu_genius_320x192.jpg
q-xx.bstatic.com/data/shelves/ 6 KB
6 KB 7ms
7ms Image
image/jpeg 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/data/shelves/flights_abu_genius_320x192.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

462dccc5ac9900ee03c80ad7e906fdaff3ca0ca287a5464f9b46381002a8cbb8

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 13 May 2022 23:00:54 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
age: 2360975
x-cache: Hit from cloudfront
content-length: 6017
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Jul 2021 13:44:32 GMT
server: nginx
etag: "60ec4740-1781"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: lWpodWUh7D2UMgMcYgLb7pmy7x1hT39oF4ufytlu2zrnY06dSFTHQA==
expires: Sun, 12 Jun 2022 23:00:54 GMT

GET
H2 200 308111561.jpg
q-xx.bstatic.com/xdata/images/hotel/square200/ 13 KB
13 KB 10ms
9ms Image
image/jpeg 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/xdata/images/hotel/square200/308111561.jpg?k=5de878f90a1af3fbbc54966f463f9da80e465db8ae58f753e482a6d2fd9f7e3b&o=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

509e0b25b053a8dbcb831da6eeeec2bf9692dc3cb4ac509dbe5fe3ecc83bbfe9

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 20 May 2022 06:06:00 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
server: nginx
age: 1817069
etag: "3c0e2368f04df127f3de34461e067f400cbf81de"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
content-length: 13036
x-xss-protection: 1; mode=block
x-amz-cf-id: Eb9O3gx6yezPKjJFe6vBf5ARben8BBOwyjd7YlyAx9Oo8m6aWIFZng==
expires: Sun, 19 Jun 2022 06:06:00 GMT

GET
H2 200 29022925.jpg
q-xx.bstatic.com/xdata/images/hotel/square200/ 5 KB
6 KB 10ms
9ms Image
image/jpeg 2600:9000:223f:c000:1f:e2ee:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/xdata/images/hotel/square200/29022925.jpg?k=c62ac0ab278147c324e38fd8145fd03dfafee570f20607ac8aec58909a588bf1&o=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ab3dfa09ff1a40c576860ef154e15251029481302889f66e72d218e4b9c3a3b3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 24 May 2022 05:54:59 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
server: nginx
age: 1472130
etag: "3af5ab1802dfd37399fcfa2bcec0d407b696ec31"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: FRA56-P5
timing-allow-origin: *
content-length: 5538
x-xss-protection: 1; mode=block
x-amz-cf-id: 6sq1VUSeXpmE9TCb2f7n9_uhNL0OjLSoRIzvCM_9U49B1krs94ojEQ==
expires: Thu, 23 Jun 2022 05:54:59 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 16ms
16ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1448255102&t=event&_s=1&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ccxp&ea=loaded&_u=aGDAAEIJAAAAAC~&jid=2106665100&gjid=567346321&cid=2054642203.1654843828&tid=UA-116109-18&_gid=326240869.1654843828&_r=1&_slc=1&z=446872951

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://flights.booking.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=event&_s=2&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ccxp&ea=loaded&_u=aGDAAEIJAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-18&_gid=326240869.1654843828&z=883872495

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17630
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1448255102&t=event&_s=3&dl=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&ul=en-us&de=UTF-8&dt=Flights%20-%20Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ccxp&ea=loaded&_u=aGDAAEIJAAAAAC~&jid=&gjid=&cid=2054642203.1654843828&tid=UA-116109-18&_gid=326240869.1654843828&z=1234357121

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 01:56:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17630
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 64ms
22ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-116109-18&cid=2054642203.1654843828&jid=2106665100&gjid=567346321&_gid=326240869.1654843828&_u=aGDAAEIJAAAAAC~&z=863712734

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 10 Jun 2022 06:50:29 GMT
content-type: text/plain
access-control-allow-origin: https://flights.booking.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-116109-18&cid=2054642203.1654843828&jid=2106665100&_u=aGDAAEIJAAAAAC~&z=138015797

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 19ms
18ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-116109-18&cid=2054642203.1654843828&jid=2106665100&_u=aGDAAEIJAAAAAC~&z=138015797

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Jun 2022 06:50:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 et Show response
flights.booking.com/track/ 4 B
706 B 51ms
51ms Fetch
application/json 52.222.214.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://flights.booking.com/track/et

Requested by

Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.d703e79a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-6.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Requested-From: clientFetch
Referer: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d
X-Booking-Affiliate-Id: 304142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
X-Booking-Label: gen173rf-18CAEY6AcoggI46AdIB1gEaMgBkgECWFjCAQpXaW5kb3dzIDEw2AED8gECWFj4AQGYAgGoAgO4ArPTi5UGwAIB0gIkNzY0YzFjNGItMTZjMC00MWEzLThlM2MtMTRlM2Y5ODE4OWIy2AIB6gIETUFURQ
Content-Type: application/json

Response headers

date: Fri, 10 Jun 2022 06:50:29 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000;
content-length: 4
x-xss-protection: 1; mode=block
x-request-id: 9dd2e350-e889-11ec-9f2d-a14655f65604
referrer-policy: no-referrer
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://flights.booking.com
access-control-allow-credentials: true
x-amz-cf-id: AekC4YvJNGqsQeI5oz3LR1wR4wwgLWQVLU_aVtbEmuwu_urIB6ux-A==

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.booking.com/	1970-01-20 03:42:10	Name: fasc Value: bbffca3e-d9f5-4dd4-800b-29f8d5cd283b
.booking.com/	1970-01-20 12:26:19	Name: pc_payer_id Value: fe2267c3-27b4-4657-855a-05ab369bfefc
.booking.com/	1970-01-20 03:42:10	Name: fsc Value: s%3A21b052a1ae422bb3f2fcd5315ff5ea07.wi1EbRf9ZZ3rV%2BWwvPYbWtZqqbgobmjXLqAmK3uX8uY
flights.booking.com/	1969-12-31 23:59:59	Name: skip_redirect Value: 1
flights.booking.com/	1970-01-20 03:42:10	Name: fsc Value: s%3A21b052a1ae422bb3f2fcd5315ff5ea07.wi1EbRf9ZZ3rV%2BWwvPYbWtZqqbgobmjXLqAmK3uX8uY
.booking.com/	1970-01-20 12:26:19	Name: _pxhd Value: DcN5ffpqlNZY0WDbZ2PbSBYxbHdMjQ4%2F6hng3J5aaHVE30h-GdniG0AKYLBg4FJ9SJDJ8WZCIw42ww-NLe5SBA%3D%3D%3AFjvSnec%2FI5isSHfCi2ks74W2w6xqI-6D6Ddni4wKmPrWvq9GvUtO9WmvUgBkRCp8n4VwPHsOgZ0wKzKvcAFWD8J%2FFvpbmnHAqo6GpFWxdMQ%3D
.booking.com/	1970-01-20 21:11:55	Name: _ga Value: GA1.2.2054642203.1654843828
.booking.com/	1970-01-20 03:42:10	Name: _gid Value: GA1.2.326240869.1654843828
.booking.com/	1970-01-20 03:40:43	Name: _gat Value: 1
.bing.com/	1970-01-20 13:02:19	Name: MUID Value: 1C6707D22E4C6E583C0E166D2F276F3A
.booking.com/	1970-01-20 04:23:55	Name: bkng_frontend_sese_exp Value: 1
.booking.com/	1970-01-20 03:42:10	Name: _uetsid Value: 9ce7b140e88911eca85203c3283d82d2
.booking.com/	1970-01-20 13:02:19	Name: _uetvid Value: 9ce7e5b0e88911ec840e57babfc158c8
.booking.com/	1970-01-20 05:50:19	Name: _gcl_au Value: 1.1.1587230243.1654843828
.doubleclick.net/	1970-01-20 13:02:19	Name: IDE Value: AHWqTUk8Einq9AUn82Z4W9KWhedGwK_K9KxrbsX7G6VIDvmkMiRhY9zVqkJnUH8-
.flights.booking.com/	1970-01-20 07:59:55	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Fri+Jun+10+2022+06%3A50%3A28+GMT%2B0000+(GMT)&version=6.25.0&hosts=&consentId=049342fe-b69b-40cc-8ca9-6dbd3985d342&interactionCount=0&landingPath=https%3A%2F%2Fflights.booking.com%2Fbooking%2Forder-details%2F524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d&groups=C0002%3A0
.booking.com/	1970-01-21 23:28:43	Name: bkng Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbKE7bjkbYWznx76Aitrzw7DtBSmVm7KId91%2F0%2FIBCqmuJIeM%2FkS7XP2u5rYgrI9euPfqytBdEfvRmK%2FtXO8BeUtNHOF3AgoeXnFDv6tfQ8yINIu3pKbcdvgcNSGihQyyAbK10XJUGdqQwm148%2B2DCFSGaV2tE3zrp198QgFvSdS8%3D
.booking.com/	1970-01-20 03:40:43	Name: _gat_ccxp Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d Message: Mixed Content: The page at 'https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d' was loaded over HTTPS, but requested an insecure element 'http://q-xx.bstatic.com/xdata/images/hotel/square200/308111561.jpg?k=5de878f90a1af3fbbc54966f463f9da80e465db8ae58f753e482a6d2fd9f7e3b&o='. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d Message: Mixed Content: The page at 'https://flights.booking.com/booking/order-details/524c69e3bb5b9c5f9df8e4d8070284e109ab14a60eef4266db3e7102d1965af61253019296e0a7cdb6760d4b23a47f49b145138cc4033ef9ee39888aa67c7f805f3bd1b3273d6570cb2ca88d663d' was loaded over HTTPS, but requested an insecure element 'http://q-xx.bstatic.com/xdata/images/hotel/square200/29022925.jpg?k=c62ac0ab278147c324e38fd8145fd03dfafee570f20607ac8aec58909a588bf1&o='. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
cdn.cookielaw.org
flights.booking.com
geolocation.onetrust.com
googleads.g.doubleclick.net
q-xx.bstatic.com
r-xx.bstatic.com
secure.booking.com
shelves.booking.com
stats.g.doubleclick.net
www.booking.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
xx.bstatic.com
142.250.185.98
2600:9000:223f:c000:1f:e2ee:200:93a1
2606:4700:10::6814:b944
2606:4700::6810:9440
2620:1ec:c11::200
2a00:1450:4001:803::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::2003
2a00:1450:4001:828::200e
2a00:1450:4001:82f::2008
2a00:1450:400c:c1b::9b
37.10.0.220
5.57.19.231
52.222.214.6
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
065fbfbd72e991c694afec30c905c947c307fad7ad95144a90974592efcd6605
07cabdb2565283b3f78047c17e4ad806db713bcf99fbbc8ba7dafe77f9cc9561
16718d0277eec1466719792f60642cedc57e1e9f8a3dfb11e32a9bd86ac2e517
16f9081a837b90029905c3d43df76c3d731914fa4bd93744471dc8994dbdb087
186cdc309d7edd5df58a40dea075f9fb738f1bddece4f1e39219fe4df0534f23
1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257
2246ab0e4b1361efe9f9c93ca1f2ca821b99dd34144e20815eab9f0cd6427498
22f38bcd5544708fe83348bf6b068d4f521e0cb16c32d0256b7e027760114bad
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
3dd509a69f735c821f713c74326871cc2584536c0b553a9ee6ee0e63bfa0448c
3e710d5b314ec8525c58ac18451fb1567bb4f28b601895fae9cb1a5be9f12d8f
462dccc5ac9900ee03c80ad7e906fdaff3ca0ca287a5464f9b46381002a8cbb8
4c1f1497ae4ade7ce895bc174187b7c5f145d0924c082c86cfed4efda62f305c
509e0b25b053a8dbcb831da6eeeec2bf9692dc3cb4ac509dbe5fe3ecc83bbfe9
63f1f993c1612f1b46e3d771b742a1e00f9378532b500ca93aab28f447b5609d
67d5844b014cce07a0f325a7e75966d81e43942483506f91dd770a2fa3ca4235
69579ce392e7bd37a22c890898424d1b2c77ad596496bbc21072961e651b0b77
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
7d15acb57a5e293e933c04adf76c796d6adadc377160ce09bb36e3e99c9d912c
8119b66666cbbc292686041a0eca79e8cc1f9d7841676d730f90277022be9e94
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83964b742a2cdc6940dd714d93215c6f77f64326a653f98fe2285bd9563cce09
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
864ff08871287b3fe17e3dea65543b21bbff5a81575cc34711b4aa226c0d2277
951f272c167dde26eb3a1b79f5bb3e48ece2598b99e294562e3efe51270710b1
980d719e0f0c3899b48b4a243ebc3346dca3d476837023737e3dae174c224c59
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
aa05580c36d52f5d83261ca18394b5758a0213beb5c49e36235854450e4e1995
ab3dfa09ff1a40c576860ef154e15251029481302889f66e72d218e4b9c3a3b3
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b96cbbc6c96be20df8300258cce04b1cafdad5cbbb9297e5de46c34b0788cd32
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d7f133bfa332072463cc156af300916957f20268969cbf098b7968a0945dc34e
dfe0f34bb0f2721865ce82e28bbc4b37c4ac1d0e4c2bf8909783bfc498357f27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f75fecc3a33448c166cfb0d7e67bbe5f194837259aa024c43bd8fe8b11b469
eea30d77847b2d433e61933006a0fffc094452f86be84c4533b3d6122ab77a99
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa0ba35e968b178dfaee653309cc7d6c979447f37a0f0a638788303b8e01e6d9
fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f
fe035b6ff2394b9fc9b4dad0acc9050d633269a5efa7cfeac7e6b8fdc12b7065

flights.booking.com Open in urlscan Pro 52.222.214.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

66 Requests

100 %HTTPS

71 %IPv6

11 Domains

17 Subdomains

14 IPs

4 Countries

1005 kBTransfer

5363 kBSize

18 Cookies

8 Outgoing links

Page URL History

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

flights.booking.com Open in urlscan Pro
52.222.214.6 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

17
Subdomains

14
IPs

4
Countries

1005 kB
Transfer

5363 kB
Size

18
Cookies

66 HTTP transactions
0 data transactions