www.1stheadlines.com Open in urlscan Pro
2606:4700:3030::6815:199b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1stheadlines.com/
Effective URL:
https://www.1stheadlines.com/
Submission Tags: tranco_l324
Submission: On March 10 via api (March 10th 2024, 9:19:20 am UTC) from DE — Scanned from DE

Summary HTTP 144 Redirects Links 69 Behaviour Indicators

Summary

This website contacted 24 IPs in 6 countries across 23 domains to perform 144 HTTP transactions. The main IP is 2606:4700:3030::6815:199b, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.1stheadlines.com.
TLS certificate: Issued by GTS CA 1P5 on February 7th 2024. Valid for: 3 months.

This is the only time www.1stheadlines.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 10	2606:4700:303... 2606:4700:3030::6815:199b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:ddb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
11	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3 26	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	104.18.13.14 104.18.13.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1 18	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2 2	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2.18.237.8 2.18.237.8	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	54.170.54.208 54.170.54.208	16509 (AMAZON-02) (AMAZON-02)
1	188.65.124.66 188.65.124.66	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
1	2a02:26f0:280... 2a02:26f0:280:3::213:7897	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	52.28.234.74 52.28.234.74	16509 (AMAZON-02) (AMAZON-02)
1	34.252.29.182 34.252.29.182	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
144	24

10 2606:4700:3030::6815:199b (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

1stheadlines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.1stheadlines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ddb (United States)

ASN13335 (CLOUDFLARENET, US)

tags.expo9.exponential.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700::6812:18ad (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdnx.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.13.14 (None, )

ASN13335 (CLOUDFLARENET, US)

a4.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.36.155 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.237.8 (Dublin, Ireland) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-237-8.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.170.54.208 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-54-208.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.65.124.66 (Paris, France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: ingress-03-pub-prod-ix7.vip.dailymotion.com

public-prod-dspcookiematching.dmxleo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:280:3::213:7897 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.234.74 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-234-74.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.29.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-29-182.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 161	1 MB
27	tribalfusion.com 3 redirects s.tribalfusion.com — Cisco Umbrella Rank: 2540 cdnx.tribalfusion.com — Cisco Umbrella Rank: 20681 a4.tribalfusion.com — Cisco Umbrella Rank: 34687 a.tribalfusion.com — Cisco Umbrella Rank: 940	22 KB
13	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 ad.doubleclick.net — Cisco Umbrella Rank: 158 cm.g.doubleclick.net — Cisco Umbrella Rank: 271	246 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	175 KB
10	1stheadlines.com 3 redirects 1stheadlines.com www.1stheadlines.com	47 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 321	97 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	4 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 246	1 KB
2	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 631	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 316	32 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 1089	44 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 582	482 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1563	63 KB
1	dmxleo.com public-prod-dspcookiematching.dmxleo.com — Cisco Umbrella Rank: 2869	122 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 855	166 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 428	125 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 388	239 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 546	295 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 790	472 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	32 KB
1	exponential.com tags.expo9.exponential.com — Cisco Umbrella Rank: 18172	14 KB
0	spotxchange.com Failed sync.search.spotxchange.com Failed
144	23

	Domain	Requested by
50	pagead2.googlesyndication.com	www.1stheadlines.com pagead2.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net s0.2mdn.net tpc.googlesyndication.com
18	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net ad.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
15	s.tribalfusion.com	tags.expo9.exponential.com www.1stheadlines.com s.tribalfusion.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.1stheadlines.com googleads.g.doubleclick.net
8	www.1stheadlines.com	1 redirects www.1stheadlines.com
7	a.tribalfusion.com	3 redirects s.tribalfusion.com
6	www.gstatic.com	www.1stheadlines.com googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
5	s0.2mdn.net	ad.doubleclick.net s0.2mdn.net www.1stheadlines.com
4	fonts.googleapis.com	www.1stheadlines.com googleads.g.doubleclick.net
4	cdnx.tribalfusion.com	www.1stheadlines.com
2	dpm.demdex.net	2 redirects
2	dsum-sec.casalemedia.com	2 redirects
2	www.googletagservices.com	s.tribalfusion.com www.googletagservices.com
2	1stheadlines.com	2 redirects
1	www.google.com	tpc.googlesyndication.com
1	cm.g.doubleclick.net	s.tribalfusion.com
1	beacon.krxd.net	s.tribalfusion.com
1	aa.agkn.com	1 redirects
1	code.createjs.com	s0.2mdn.net
1	public-prod-dspcookiematching.dmxleo.com	s.tribalfusion.com
1	image6.pubmatic.com	s.tribalfusion.com
1	ups.analytics.yahoo.com	s.tribalfusion.com
1	pixel.rubiconproject.com	s.tribalfusion.com
1	us-u.openx.net	s.tribalfusion.com
1	tags.bluekai.com	1 redirects
1	ad.doubleclick.net	www.googletagservices.com
1	a4.tribalfusion.com	www.1stheadlines.com
1	code.jquery.com	www.1stheadlines.com
1	tags.expo9.exponential.com	www.1stheadlines.com
0	sync.search.spotxchange.com Failed	s.tribalfusion.com
144	31

This site contains links to these domains. Also see Links.

Domain
m.1stheadlines.com
s.tribalfusion.com
www.cbsnews.com
abcnews.go.com
www.foxnews.com
www.bbc.co.uk
www.nbcnews.com
www.cnn.com
www.nytimes.com
www.washingtontimes.com
nypost.com
www.equakenews.com

Subject Issuer	Validity	Valid
1stheadlines.com GTS CA 1P5	`2024-02-07` - `2024-05-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
exponential.com Cloudflare Inc ECC CA-3	`2024-01-20` - `2024-12-31`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-26` - `2024-06-19`	6 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
tls.adobe.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-12` - `2025-02-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 31 frames:

Primary Page: https://www.1stheadlines.com/
Frame ID: 62096226B7FE86ED37F301686C4AE7BE
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_nohtml_fy2021.html
Frame ID: 282A86063B2AFB91B4204EEDDCF9A65C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&adk=1812271804&adf=3025194257&lmt=1710062353&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.1stheadlines.com%2F&pra=5&wgl=1&easpi=1&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062353210&bpp=4&bdt=688&idt=171&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4651900103008&frm=20&pv=2&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=198
Frame ID: 5ECEABA17D9ADAE0F228312FA07770DF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Frame ID: DE88AD231E9CBCC405E185D0FAB4A40F
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Frame ID: 08532C685C1664BCD583FD12DB2BBCD5
Requests: 20 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: 6D98B041C98AFF5384937A666321816B
Requests: 7 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1820114.1141592EXPONENTIAL.COM/B28369591.362335104;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=2819128252;ord=bdavj3;click=https%3A%2F%2Fs.tribalfusion.com%2Fh.click%2Fakm4hFWUY1TtQXobFoQbBt1E3s4qBj4an2oTbC1FJfUdbUmPfJnVYsoHML3TZb83Hir5PfGpFvZdXsnR1c311GFonqZbU5bY2TUZbZcVm74PqvQQsZboPtZbO0dFtT6rv3VMXXrBDUmar5PnaR6bD4dUO0trLnWIo5PBT4V76VsMjVV7iP6vmUdv5WrZbY5U2wWEjoTTUlQEUFSGJZdPF6oPtUiWGv54r6rotemXEPM4tQGPGvZa2mJHmdXqqoimyny7xEy2so78PFUeUbBSnRmXQmmosUqZcMPTtwAAiu6eZa4R2lyTmmwAYM3HPrs627r6TV0aMe5BQdssXt38BZbYrr7NLSi9X%2F;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=0,https%3A%2F%2Fwww.1stheadlines.com%2F$0;xdt=0;crlt=1_k!Ip.zG);stc=1;chaa=1;sttr=63;prcl=s
Frame ID: 9E3FBBF5978A5334992541AD50C7E6EB
Requests: 8 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=almW8ZaWrbX5bEpUarmVTYcSTrIRVbIQrAvRWvlWcbV4UTnodEmYa2u2drZdQcMZc46QZdmdZaNVHJ7XbfaXrfiXT6mRUFDWUJ2TtrWnUfxPFrnYq3r4abh2aMRmaMCYUY9WHfUmmrIpGMwpd3K3TFi5tZar4PrJpbrL0VfP1c3V0VvwpTZb42rMTVrvGV674Pqb0ScrOQHfN0dBwWAnO4GBU0UZbDVmm546ZbetFEFMRisyWAoVC72MQ27upZaKopnGO8qHsSYJwj2B8y&mediaDataID=6530936&mediaName=frame.html
Frame ID: 894411D37A6511A9A0B047050EA570E5
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aAmW8ZaTFfGUAv5RTn3SsBqSt7uYd7rW63p2cYVXbZbKT6Xm2PMdQmJB2W3O0tJCntEw36U13cr6TcJdVGZbjP6QOUWJPWrr55b6uVTUvVEJ6QaYLRsYZbRravRt7cWsfU2FqsmWes0qqp3HQZaQVMB2mrZaptTpVHBa0rfa1UB90qqsPbMZbTrv2WWnUnUQnPbrr1EMN5afl5qYPnqfE1FUfWHMXoArans7wU8PGyBiextnKOrA91EuyODIwOpMMoCmTUWbbx3cbcZa&mediaDataID=6546596&mediaName=frame.html
Frame ID: 538EDA4ADFAA0C336F2C43F6B726374F
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aBmVRCTtQ5orJnPrByXaZbr3TFl5TU4oaFIYbZbgUtMQmP3LpGQrpW3C3EY73Wuy5P7ZcprnG0VnPYcF21cJNpajS3bJPTFvBUA3TQa3QQsZbqQtBy1djtT6vp2GB5XrBJVmut46Q7R67K3tvy0HJZbpd6v4mZbV3cMbVsJdUcb8RAFvWdn3UUZb03bimVTjpVaJaSTvHScjJQbAxSdr6Ucb52F6xode0XEepxC2AmDTFumINUS7RwRIJTVrUx6i3lg&mediaDataID=2713736&mediaName=frame.html
Frame ID: 23C53CD1619DF93CDE62808C678D9D71
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aCmWCZc5bEmUqrnVTn8PEZbZaQVfZdPbemSWYiWGM24r6omtAr0qXy3tQEQG7Za4PBFotAqVWFf0rnaYUYf1EEoPU3AUbZbPTtBXorjxQrZbNYTFq4TBf4qv3oT7IYFU9UdnRoAMZansMpmHrJ2av83dup3AFZbmbfL0VvU1sF2XG7nnEvU5Un2WUZbGV633Qab1QVZbsStjt1HFpWm3n3VUY0bZbDVmiw2PQZbPPMKxoqmxR6JWd3hNrTxxpZaZdPQXJm9yAtBXgto6rYG7hrJKekm&mediaDataID=5436426&mediaName=frame.html
Frame ID: FBB7AD713A8231529C556FA46315A9F5
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aDmYpuUAv2REMXSs3nQd7yYtroWAYv3GvUXFUATAip4Av8R6ZbF3Hvq0WQAnHTm5mYQ3sveVsQdWcMeSmrMWWQPUFnR5bTtUqQvWqnlQEBKSVZbZbQFisPHMiWcbU4binod6oXEqw4dvZdPcBZd46BKmdatUH3a0rv71FYfXaiMRrJGWUrSTHU5obfsQrrqYqFt3Tjc4T3YnEFKXUBbWtMXoAfBpGM5otfJw7qkyoQtvAuvU6i9wSANuSZaoM72vWBIMyaXanAPknUYOuAiqrbQGkCquoV&mediaDataID=8039566&mediaName=frame.html
Frame ID: 31C7423EAEC4C51199F0881B3C079D9D
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aEmWgZborJpRUjrXaZbt5TBj2aU3oEFAXFjfUWb1mmfInVUmmHYG2Tvg3taN56nEnbMZa0GMX1s320GvxmqJQ5bQQVrvFUAf1REYQPGrMQdUMYdJnWmny4s3UXbZbJTP6m2PYbPP7D4WQO1trDntTO36MR4c7bVsY8UsMePP3oUtFVWrJP2FZatVqrnWqJbQaBZcQVfAPFEoSWYkVsnS2r6xodqO0qqV2WbZds9ZaDOreZcTdYGn8I6nS3FrPuHy7MSVSXZdomQepXI65B&mediaDataID=6347136&mediaName=frame.html
Frame ID: 642C1494140AECE4EB6E630695CA0D5C
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aFmX9qUqrnTTQdPqYKQGFLRrmmStQaVV354UuumWqsXa2v4dUAPVBH4m3HoHPNTHJ90bMi1FBf0aqtSFvCWbU4VHB3orYqRUJNXaMy5EUh5Tj1mqnH1rJfUtMRm6bLpGrtotrA5EQ72WEM5PnLprYZdYVbU1sUYXVvxpT743FFWTFFZcUPv1RqfXPGZbtQHUNYtBwVPYu3cvWYrYZdVAiw2PZbeR67l2dZbOMouZdP8Mxv6ABODZabPQmkp9mIrrq2QPTvomyouqB6r7IQ0dUTtq9js9&mediaDataID=9148826&mediaName=frame.html
Frame ID: 4A5F8811B97F020A4EC1C9F90883671C
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aGmW0LREMYScUoQHYN0dJnT63O3GZb4YFrDT6qv46Zb7PmJA4WMm1HrLndIo5AJ15cr8Vc3lUsbeRPFuTHrRWFf33UTnUqbsTTrlPqvFSGQKQrIsRdn9UVn25FitotuOYqux3tUDSGjF2AQHoHitTdFhXUf9XrUfXqAMSUUDWbMQVtrUorJxPFrq1EYy4qUg5qQQmTBF1rZb8WH7XnP7KmsMqpW7E3aM85tmN3AvGnEBZd0GeOyou0MCiQpS6nwPPo0sjr9QC0Of&mediaDataID=5578346&mediaName=frame.html
Frame ID: 71EA763B8CA5033D67A451B40359DCC8
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aHmWKZdRUjs1E3s5E7j5E31oTJLXUBcTtFXmPnCns7poW3D5EMk2dEr5AfGnUjGXVnR1cQTXV7xnTvT2rrSTrbDWmf2REj4ScnMPWjr1dvtVP3M3cU00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT3pTEv6PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWPmvmyIMBaBNbfFr6ejpAvuNpAoTsZbAOikeTP&mediaDataID=6719746&mediaName=frame.html
Frame ID: 4B7B8A5F778D82C780174599526D473A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=6365271370&adk=2699336268&adf=3937582785&pi=t.ma~as.6365271370&w=336&lmt=1710062354&format=336x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354407&bpp=4&bdt=1886&idt=4&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=434&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=12
Frame ID: D408C29FD5D8EA8CC055796EDC08B66A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16
Frame ID: C876B995C004F7D128AF5FE0EB61558C
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=1531094781&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354520&bpp=2&bdt=1999&idt=2&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280%2C543x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=1639&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=1&fsb=1&dtd=8
Frame ID: 540FF1CEC1741BB46DD9941D6900CA73
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js
Frame ID: 518968A3C1BC161A95CE479B33CDC7CD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js
Frame ID: 6E583893E5A097845458597FF7F321A7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 86A215EDFD6FFA6EACD93BAC75F36ECA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250
Frame ID: 964773BEAC77A01FCA7A52641C47C767
Requests: 5 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aGmWCZcREMYScUqSdFuYdrnT6UO4cr1XFrDT6qv46Zb7PmJA4WMm1HrLnWAo5AJ15cr8Vc3lUsbeRPFuTHrRWFf23UZaxUqbsTTrlPqvFSGQZbPUewSHQ9UVv54r6nmHur0qyN2WvGSGfZa5PMEotPnVWj6Yrb71FJiXqqtPbQZbUFBXTtMWnrbsQFJyXaFs5aUl2aYPmaBDXbjhTdfTomfBpG7wmHri3qZb7wRJnNFXZdWranMRPRuS254neUVQuyuEXEqPTc1pMlwVZcrgD&mediaDataID=7665496&mediaName=frame.html
Frame ID: 09B8F9EEE5675CF3824317F6199A5BCC
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aHmUKlRUjs1E3s5q7l5aY1oTJKXF38UWFXmPnCns7poW3D5EMk2dEr5mbGnUjGXVnR1cQTXV7xnTvT2rrSTrbCWmnVREj4ScnMPWjr1dvtVPUx3VM00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT7oWTr8PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWP1uBPjUcFXMoxhqN&mediaDataID=6807466&mediaName=frame.html
Frame ID: E79E6E60173727A6293D328ED3B64C7D
Requests: 2 HTTP requests in this frame

Frame: https://s.tribalfusion.com/p.media?clickID=aImVgFTTQdSTYZcSVJBRFZamPH3aWsU35FXxmtiyXEew2tQFSGFD56MZaoWEyTtYfXrnc1UZb7XqitRbJHTrn2TH31mFjmRUMn1Evy4qja4q70mqFKYb7cWH7XmmfLncjmmHME3qQe5tiN46ZbFnbjJ0GUQXsJYXVfNpEvT5U32VUnFUAUTQqv5PG3OPWUO1HvpT63n2GM4YFrBUPus26ZbeR6MK4WQ00dBAVCbMNb6PvsiVp9eBmSFJNFu7YTYc0WSZdqo&mediaDataID=4056396&mediaName=frame.html
Frame ID: 4FE3E08CBE190AEF476BB907A2B0E2F7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js
Frame ID: 160F328F252BC84ADCF36DD72C5103B7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js
Frame ID: 5E3C2FEFD2AF543D51E09EE397005B24
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js
Frame ID: 29BF4D19481708A37F8D3EE0FC4F496F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E901C7974AAF4730F14C1C59331AA367
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 156EFEC30E004C5BFD4B2579176FB08B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

1stHeadlines-Breaking News

Page URL History Show full URLs

http://1stheadlines.com/ HTTP 301
https://1stheadlines.com/ HTTP 301
http://www.1stheadlines.com/ HTTP 301
https://www.1stheadlines.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

144
Requests

94 %
HTTPS

52 %
IPv6

23
Domains

31
Subdomains

24
IPs

6
Countries

1872 kB
Transfer

5043 kB
Size

10
Cookies

69 Outgoing links

These are links going to different origins than the main page.

URL: https://m.1stheadlines.com/
Title: Mobile Version

Search URL Search Domain Scan URL

URL: https://s.tribalfusion.com/j.u?rnd=1674826080&redirect=https://vdx.tv/ad-choices-fromad/

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/2024-daylight-saving-time-change/
Title: Time change for daylight saving happened overnight. What to know.

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/International/wireStory/hundreds-tibetans-march-new-delhi-streets-china-leave-107972825
Title: Hundreds of Tibetans march on New Delhi streets asking China to leave Tibet on uprising anniversary

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/International/wireStory/2-killed-motorcycle-loaded-explosives-detonates-pakistani-city-107972824
Title: 2 killed as a motorcycle loaded with explosives detonates in the Pakistani city of Peshawar

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/International/wireStory/netherlands-opening-holocaust-museum-israeli-presidents-presence-causing-107972733
Title: The Netherlands is opening a Holocaust museum. The Israeli president's presence is causing concern

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/International/wireStory/us-ship-equipment-building-pier-gaza-part-plan-107972734
Title: A US ship with equipment for building a pier is on its way to Gaza, part of a plan to ramp up aid

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/International/wireStory/polls-officially-open-portugals-general-election-mainstream-moderates-107972550
Title: Polls officially open in Portugal’s general election with mainstream moderates trying to keep a populist party at bay

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/us/hollywood-ripper-michael-gargiulo-liked-watch-death-inflicting-pain-victims
Title: 'Hollywood Ripper' Michael Gargiulo 'liked to watch death' after inflicting pain on his victims: 'It's evil'

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/monica-sementilli-says-she-did-not-help-plan-husband-fabio-sementilli-murder-48-hours/
Title: Wife of murdered beauty exec maintains her innocence

Search URL Search Domain Scan URL

URL: https://www.bbc.co.uk/news/world-us-canada-68526494
Title: Designer Donatella Versace rescued from lift

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/us/pentagon-seeks-low-cost-ai-drones-bolster-air-force-companies-competing-opportunity
Title: Pentagon seeks low-cost AI drones to bolster Air Force: Here are the companies competing for the opportunity

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/news/us-news/found-liable-attack-trump-claims-e-jean-carroll-made-false-accusations-rcna142637
Title: Despite being found liable for attack, Trump claims E. Jean Carroll made 'false accusations' against him

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/us/2024/03/10/exp-prince-harry-meghan-uvalde-victims-holmes-031012aseg2-cnni-us.cnn
Title: Prince Harry and Meghan visit family of Uvalde shooting victim

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/10/world/europe/ukraine-women-soldiers-army.html
Title: ‘It’s a Way of Life’: Women Make Their Mark in the Ukrainian Army

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/09/world/asia/china-economy-xi.html
Title: China’s Growth Slows but Xi Jinping Keeps to His Vision

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/09/world/asia/sri-lanka-online-safety-act.html
Title: New Online Speech Law Could Chill Political Humor in Sri Lanka

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/10/world/europe/portugal-election-far-right.html
Title: Portugal’s Election: What to Know

Search URL Search Domain Scan URL

URL: http://www.cnn.com/middleeast/live-news/israel-hamas-war-gaza-news-03-09-24/index.html
Title: March 9, 2024 Israel-Hamas war

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/indonesias-sumatra-island-10-dead-10-missing/
Title: At least 19 dead, 7 missing as flash floods and landslide hit Indonesia

Search URL Search Domain Scan URL

URL: https://www.bbc.co.uk/news/world-us-canada-68526503
Title: US military ship heading to Gaza to build port

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/no-recoverable-oil-left-in-water-from-sheen-off-so/?utm_source=RSS_Feed&utm_medium=RSS
Title: No recoverable oil is left in the water from sheen off Southern California coast, officials say

Search URL Search Domain Scan URL

URL: http://www.cnn.com/politics/live-news/election-campaign-news-03-09-24/index.html
Title: March 9 - 2024 campaign updates

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/katie-britt-used-decades-old-example-of-rapes-in-m/?utm_source=RSS_Feed&utm_medium=RSS
Title: Katie Britt used decades-old example of rapes in Mexico as Republican attack on Biden border policy

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/world/2024/03/09/skier-falls-hidden-waterfall-japan-cprog-js-orig.cnn
Title: Skier falls into a hidden waterfall. His GoPro captured what happens next

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/us/california-suspects-accused-murdering-96-year-old-widow-baking-cookies-birthday-police
Title: California suspects accused of murdering 96-year-old widow who was baking cookies for her birthday: police

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/world/2024/03/09/exp-quest-mh370-anniversary-030803pseg1-cnni-world.cnn
Title: One of aviation's great mysteries. Flight MH370 a decade later

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/biden-and-trump-trade-barbs-over-laken-riley-death/
Title: Biden and Trump trade barbs over Laken Riley death during Georgia rallies

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/live/2024/03/09/us/2024-presidential-election/trump-carroll
Title: Trump goes after Carroll and judge for defamation ruling after posting $91.6 million bond.

Search URL Search Domain Scan URL

URL: https://nypost.com/2024/03/09/us-news/djamshed-nematov-shot-dead-by-cops-after-stabbing-wife-amira-nematov-during-international-womans-day-party-family/
Title: Husband shot dead by cops after stabbing wife during NYC party hadn't 'been well' before fatal encounter: family

Search URL Search Domain Scan URL

URL: https://nypost.com/2024/03/09/us-news/fdny-boss-laura-kavanagh-hunts-down-staffers-who-booed-ny-ag-letitia-james-cheered-for-trump-at-promotion-ceremony/
Title: FDNY boss hunts down staffers who booed NY AG Letitia James, cheered for Trump at promotion ceremony

Search URL Search Domain Scan URL

URL: https://nypost.com/2024/03/09/us-news/nyc-bachelor-buys-facebook-marketplace-ads-to-score-dates/
Title: NYC bachelor buys Facebook Marketplace ads to score dates

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/chaos-unfolds-in-haiti-as-caribbean-leaders-call-an-emergency-meeting-monday/
Title: Chaos unfolds in Haiti as Caribbean leaders call an emergency meeting

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/news/us-news/justice-department-investigating-door-plug-blowout-alaska-airlines-fli-rcna142629
Title: Justice Department investigating door plug blowout on Alaska Airlines flight, report says

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/09/us/politics/us-military-gaza-aid.html
Title: U.S. Military Enters a New Phase With Gaza Aid Operations

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2024/03/09/us/politics/biden-nuclear-russia-ukraine.html
Title: Biden’s Armageddon Moment: When Nuclear Detonation Seemed Possible in Ukraine

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/us/mugshots-week-march-3-9-2024
Title: Mugshots of the week: March 3-9, 2024

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/us/remains-of-girl-16-excavated-from-florida-mobile-home-park-identified-as-autumn-mcclure-missing-since-2004
Title: Remains of girl, 16, excavated from Florida mobile home park identified as Autumn McClure, missing since 2004

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/US/nyc-woman-loses-feet-pushed-subway-train/story?id=107967056
Title: Woman loses both feet after boyfriend pushes her onto subway tracks: Police sources

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/news/us-news/womans-feet-amputated-boyfriend-allegedly-shoves-front-nyc-train-rcna142617
Title: Woman's feet amputated after boyfriend allegedly shoved her in front of NYC train

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/biden-says-regrets-using-term-illegal-describe-suspected-killer-laken-riley/
Title: Biden says he regrets using term illegal to describe murder suspect

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/ireland-constitutional-amendment-redefine-family-womans-roles-rejected-prime-minster
Title: Ireland constitutional amendment to redefine family, woman's roles rejected: Prime Minster

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/us-needs-assurances-qatar-alliance-iran-russia-taliban-appear-doha-defense-exhibition-experts
Title: Iran, Russia and Taliban among guests at nominal US ally Qatar's weapons expo

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/missing-florida-woman-found-alive-shipping-contain/?utm_source=RSS_Feed&utm_medium=RSS
Title: Missing Florida woman found alive in shipping container

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/politics/white-house/biden-says-regrets-reference-illegal-state-union-address-rcna142561
Title: Biden says he regrets referring to 'an illegal' and defends direct criticism of Supreme Court in State of the Union

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/speaker-mike-johnson-pressured-fight-over-ukraine-/?utm_source=RSS_Feed&utm_medium=RSS
Title: Speaker Johnson pressured in fight over Ukraine aid

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/another-top-donor-says-it-will-resume-funding-un-a/?utm_source=RSS_Feed&utm_medium=RSS
Title: Another top donor says it will resume funding the U.N. agency for Palestinians as Gaza hunger grows

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/gunmen-kidnap-15-children-in-yet-anoth-writethru-1/?utm_source=RSS_Feed&utm_medium=RSS
Title: Gunmen kidnap 15 children in yet another school abduction in northern Nigeria

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/el-salvador-extends-anti-gang-emergenc-writethru-1/?utm_source=RSS_Feed&utm_medium=RSS
Title: El Salvador extends anti-gang emergency decree for 24th time. It's now been in effect for two years

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/irish-prime-minister-concedes-defeat-i-writethru-2/?utm_source=RSS_Feed&utm_medium=RSS
Title: Irish prime minister concedes defeat in vote over constitutional amendments about family and women

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/US/helicopter-us-mexico-border-officials/story?id=107940416
Title: 3 killed, 1 injured in National Guard helicopter crash during routine operations

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/archaeology-subatomic-particle-detectors-physics-new-discoveries-naples-italy/
Title: New technology allows archaeologists to use particle physics to explore the past

Search URL Search Domain Scan URL

URL: https://nypost.com/2024/03/09/us-news/first-all-digital-sat-tough-math-section-puts-students-to-the-test/
Title: First all-digital SAT exam, tough math section puts students to the test: 'Worst one yet'

Search URL Search Domain Scan URL

URL: https://nypost.com/2024/03/09/us-news/nypd-k9-photo-exhibit-features-the-dogs-that-protect-the-big-apple/
Title: NYPD K9 photo exhibit features the dogs that protect the Big Apple

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/nigeria-police-say-15-school-children-were-kidnapped/
Title: Nigeria police say 15 school children were kidnapped by armed gunmen

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/news/us-news/meghan-markle-recounts-cruel-bullying-experienced-pregnant-rcna142622
Title: Meghan Markle recounts 'cruel' online bullying during her pregnancies; is keeping distance on social media

Search URL Search Domain Scan URL

URL: https://www.washingtontimes.com/news/2024/mar/9/chicago-bus-driver-union-president-calls-national-/?utm_source=RSS_Feed&utm_medium=RSS
Title: Chicago bus driver union president calls for National Guard on city's transit system

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/gaza-air-drop-mishap-reportedly-kills-5-injures-10-us-jordan-deny-involvement-incident
Title: Gaza air drop mishap reportedly kills five, injures 10 as U.S., Jordan deny any involvement in incident

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/u-s-forces-allies-shoot-down-several-dozen-houthi-drones-red-sea/
Title: U.S. forces, allies shoot down over 2 dozen Houthi drones in Red Sea

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/US/17-million-people-flood-watches-northeast/story?id=107963045
Title: Nearly 17 million people under flood watches in the Northeast

Search URL Search Domain Scan URL

URL: https://abcnews.go.com/US/mauis-women-lead-projects-land-residents-recovering-after/story?id=107883986
Title: Maui's wahine take charge to help land and residents recover after wildfires

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/us/2024/03/09/meghan-duchess-of-sussex-sxsw-panel-online-abuse-cprog-orig-js.cnn
Title: Meghan, Duchess of Sussex, addresses 'hateful' social media

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/china-pursues-aggressive-growth-prevent-devastating-slowdown-government-aims-transform-economy
Title: China pursues aggressive growth to prevent devastating slowdown: government aims to 'transform' economy

Search URL Search Domain Scan URL

URL: https://www.foxnews.com/world/antisemitic-incidents-across-europe-canada-record-levels-5-months-hamas-massacre-israelis
Title: Antisemitic incidents across Europe, Canada hit record levels 5 months after Hamas massacre of Israelis

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/us/2024/03/09/exp-us-disaster-chunk-030904aseg2-cnni-us.cnn
Title: Workers clean up oil spill off California, as barges submerge in Kentucky

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/us/2024/03/08/claudette-colvin-international-womens-day-orig-vf.cnn
Title: Before there was Rosa Parks, there was Claudette Colvin

Search URL Search Domain Scan URL

URL: http://www.cnn.com/videos/us/2024/03/08/united-airlines-plane-tire-fall-takeoff-san-francisco-vpx.cnn
Title: Tire falls off plane immediately after takeoff

Search URL Search Domain Scan URL

URL: https://www.equakenews.com/
Title: Earthquake Reports

Search URL Search Domain Scan URL

URL: https://s.tribalfusion.com/h.click/aFmSK5UqrnTTF7QqUZaQVbZbPr6tPHvcUcv54busmtqnXETN3WbESGfZa46MLpWTrUWZb9YbfdYFjfXaiMRrJHWUv3THrXorZbxPbrqYaJs3TBf4TM1oT7IXU7gUWrUoAUKmVjrmWvG5TZbh5teN5PvZbpr3Zd0GvVXsU1XG7wpTb42FZbWWrjAVPfYPaURScZbMStUr1G3pT6aVv8yYOQX9Vmrv4BPEsrJnU6hPuL/http://a.tribalfusion.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1stheadlines.com/ HTTP 301
https://1stheadlines.com/ HTTP 301
http://www.1stheadlines.com/ HTTP 301
https://www.1stheadlines.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_2J_etwEQsAkYsAkyCB3sAGHjaV1o HTTP 301
https://tpc.googlesyndication.com/simgad/3069489683903485926

Request Chain 66

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=131&external_user_id=18072662062485768859&cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D&cm_dsp_id=131&external_user_id=18072662062485768859&C=1 HTTP 302
https://a.tribalfusion.com/i.match?p=b20&u=Ze17ErmqPNcAADSCAKIceQAA

Request Chain 67

https://tags.bluekai.com/site/4229?id=18072662062485768859&redir=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db3%26u%3D%24_BK_UUID HTTP 302
https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID

Request Chain 73

https://a.tribalfusion.com/i.match?p=b10&u=18072662062485768859&redirect=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662062485768859&expires=180

Request Chain 77

https://dpm.demdex.net/ibs:dpid=22054&dpuuid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22054&dpuuid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D HTTP 302
https://a.tribalfusion.com/i.match?p=b13&u=70830693484455037760820180800853952792

Request Chain 78

https://a.tribalfusion.com/i.match?p=b24&u=18072662062485768859&redirect=https%3A%2F%2Fpublic-prod-dspcookiematching.dmxleo.com%2Fdspreply%3FdspId%3D15%26dspUserId%3D%24TF_USER_ID_ENC%24 HTTP 302
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662062485768859

Request Chain 97

https://aa.agkn.com/adscores/g.pixel?sid=9212295768&_puid=18072662062485768859 HTTP 302
https://a.tribalfusion.com/i.match?p=b23&u=217403104817001173780

Request Chain 98

https://a.tribalfusion.com/i.match?p=b22&u=18072662062485768859&redirect=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dexponential%26partner_uid%3D%24TF_USER_ID_ENC%24 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662062485768859

144 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.1stheadlines.com/
Redirect Chain

http://1stheadlines.com/
https://1stheadlines.com/
http://www.1stheadlines.com/
https://www.1stheadlines.com/

62 KB
11 KB

428ms
427ms

Document
text/html

2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a458e4650fbf53d0b57461de9737fe04b46d59f76002bb3860c989b5b40d05a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 862238c49c2b8ffb-FRA
content-encoding: br
content-type: text/html
date: Sun, 10 Mar 2024 09:19:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FXlb37gq84NSVE2T950ACLS1pqRmFo8QU7oqMqG8%2FWKtJzyBM6SIyF9Aa%2FlQMt5QNI%2FzWfGLx5xvhox7no%2Bm7Tqr7n%2FZSolIuSxbrbHSorVfqUDhh0jupnjGxB%2FFeyRhoN7a%2F9Qxcs0wyl2zKU6xbjc3w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 862238c45818925b-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sun, 10 Mar 2024 09:19:12 GMT
Expires: Sun, 10 Mar 2024 10:19:12 GMT
Location: https://www.1stheadlines.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0cYMfJyE71yRwOtqfVsJeilScEztDWNHu5a28QirnrZ%2BHVdfZUSj4I%2FS4cUMhJSjMG5XB6j9X3A6aAIe6M5Y7V8h%2Bll0UFBPlhwCmYwbu%2F7B2Mk%2FYX0BZVVXxqXbA5UlTRlbA4H3jUEhEJY8ewNtuOhZg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.css
www.1stheadlines.com/bs/bootstrap/css/ 118 KB
19 KB 527ms
526ms Stylesheet
text/css 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/bs/bootstrap/css/bootstrap.css
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49c20e181f3164beca880498d02a727673ac7803ee836bdb4d7188c0d390c14e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2014 11:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1d885-4fd99176289c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U0R5IJ70T%2BrgIn7DHI%2BtwqquBca99NqSr8PxMPaiCBZ3Z7c3UFRGgxyDLS9i7nABgQoTHrIPnuJV%2FHzY6x8IjpdY%2FEj0m18sy7uoOuvNKYqkXHW%2F5iAdNhRhmrCIIv0t%2B23xma%2FM2T3mfNLXA6yiRN7FYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 862238c74ea78ffb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 save_list-d.js Show response
www.1stheadlines.com/bs/ 5 KB
2 KB 429ms
428ms Script
application/javascript 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/bs/save_list-d.js
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ae03e6067f63277cc235f5984712bd667162288e1d8e4590a2262d70a6af781

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:12 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 24 Dec 2022 18:37:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"127c-5f0973361764d-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5Jorsthah85AV3VSWrifOSK%2FHUHsOz%2BJCnEm19ASwk8%2BUc3JTuPtFiIy%2BG3ukZjs%2F8oJ4KkIQlABmfXhks%2Fy7OLBFKZHhfDHa7smp5WpUgyF%2B9yI%2BC4%2B0lXFABVANmrpPr6KTEl4sW8ylT4BnrXI5V6Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 862238c74eb18ffb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 extra-d.css
www.1stheadlines.com/bs/ 5 KB
1 KB 423ms
422ms Stylesheet
text/css 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/bs/extra-d.css
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f914726fad2fab8fa8d46cf0c95ad2bc4c851888ccc924b65fa015f6fd1feb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:12 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2014 23:13:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"138a-4ff5d303a2140-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLKKILAx%2B7DIcyPmn53%2BvN381vPmwJASKG5w2%2F%2FBnx06d7caHcwpa%2BaDeJXbgmSEItnG%2B90wFMjbFmYO7ASUW4UfTZw32yPJKNPc3dUyJMt8GDfa3FhKsHLZ5vzp0V6vT6rz%2B6kiXv8VUabARBMvO7lq%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 862238c74eac8ffb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 non-responsive.css
www.1stheadlines.com/bs/ 3 KB
1 KB 422ms
422ms Stylesheet
text/css 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/bs/non-responsive.css
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e7af5a6ce9821f14bed29e4e343b84571a38955f070347b4aa87a6a14c52bd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:12 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 12 Jul 2014 22:20:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"a7a-4fe0677dbe040-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROAmIumPQ39uwDDczZ0TW6wTHBUjnRM968qNnVHVRQA0XNBMbJyPY0rCOsFUjfEGBO47jr4Xlwnw%2BXZopUOtShkTxSjYVv0Su2sqKEnD6wkPjFmUh84NYtlgmNFYieW41bhTmMhDtgufAZ90HDNiAm7cwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 862238c74ead8ffb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 114ms
68ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6212b23bdecf55f20bd523e9ae7514c4a4c6a8d9a0b6132ff52910cfc7b3531f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51093
x-xss-protection: 0
server: cafe
etag: 7064567534640093721
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sun, 10 Mar 2024 09:19:13 GMT

GET
H2 200 tags.js Show response
tags.expo9.exponential.com/tags/1stHeadlinescom/News/ 60 KB
14 KB 892ms
829ms Script
application/x-javascript 2606:4700::6812:ddb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ddb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d564f33ee9c38939288c5318ce113781b149a1d34b92f9280c3c89cc7e3f5cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400
content-length: 14371
x-function: 151
last-modified: Fri, 03 Nov 2023 05:05:21 GMT
server: cloudflare
x-reuse-index: 1
etag: 1265134696019773103
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=3600, private
cf-ray: 862238c7badb65d6-FRA
expires: Sun, 10 Mar 2024 10:19:13 GMT

GET
H2 200 1sth_265x40.gif
www.1stheadlines.com/images/ 2 KB
2 KB 436ms
435ms Image
image/gif 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.1stheadlines.com/images/1sth_265x40.gif
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9915d586e7ec7b286dff39eab6a047c6bc0d4a148f367b225e90a8930d899cc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:12 GMT
cf-cache-status: MISS
last-modified: Tue, 19 Feb 2013 04:10:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "738-4d60c059d7740"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKzBj%2Ffs38FWTRy4Yjao8lmcT%2FVL1RdP1laNFNrXcqc0Q%2BEBmuIE9%2Bx%2F7hoY1x%2BQqPYcVD7KTGfTaMKt0Q1mg3owQl3%2BsV5mlklSg0MQWI5mLFUgV%2BcRSBwIDJWvMHh4IeToRTUSCGT9k0QM56ptnQjDjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 862238c74eaf8ffb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1848

GET
H2 200 jquery-1.10.2.min.js Show response
code.jquery.com/ 91 KB
32 KB 73ms
21ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.10.2.min.js
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5714537
x-cache: HIT, HIT
content-length: 32788
x-served-by: cache-lga13622-LGA, cache-fra-etou8220105-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1710062353.584695,VS0,VE0
etag: W/"28feccc0-16bb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1, 6646

GET
H3 200 bootstrap.min.js Show response
www.1stheadlines.com/bs/bootstrap/js/ 28 KB
8 KB 422ms
422ms Script
application/javascript 2606:4700:3030::6815:199b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.1stheadlines.com/bs/bootstrap/js/bootstrap.min.js
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:199b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 16 Jun 2014 23:02:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"71b6-4fbfc054b6480-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ex1ufptxzziKrE4aBe9qy91%2FzBld4s13ZIL7UdKsWOeUINGdUjNpJMq224BJND5a2vE4PLjsimPGV4mQWChmzUyXoBcDF%2BtFVbN8%2B48zOvNqGZ7lWIbVe2ly6P6lf0%2FV2Qt%2BA66ypwCm6oADH5S1OSiPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 862238c7dd3a1d9e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/ 405 KB
137 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5540502184419647&plah=www.1stheadlines.com&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f6cdcd60186e1c3797aa870ac1ca5bcc4c33367bd80bbb907b26ed96e1ff3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140459
x-xss-protection: 0
server: cafe
etag: 4056638307876973567
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 09:19:13 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/ Frame 282A 9 KB
4 KB 69ms
21ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_nohtml_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 7445
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 07:15:08 GMT
etag: 5035419970550746386
expires: Sun, 24 Mar 2024 07:15:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5ECE 401 KB
82 KB 653ms
653ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&adk=1812271804&adf=3025194257&lmt=1710062353&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.1stheadlines.com%2F&pra=5&wgl=1&easpi=1&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062353210&bpp=4&bdt=688&idt=171&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4651900103008&frm=20&pv=2&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=198

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5540502184419647&plah=www.1stheadlines.com&aplac=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29f7b218f577be0ef5553bc7b01bda1b53dcb9c2282c092b2f5e47687cd4783f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 84289
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
53ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20navbar-fixed-top%20navbar-inverse&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 displayAd.js Show response
s.tribalfusion.com/ 677 B
918 B 533ms
211ms Script
application/x-javascript 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/displayAd.js?dver=0.9&th=7732572918
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9aeed0ded1075b9cc37ab024128a50f470153ec6e5467dcd2b95187b002fed0

Request headers

Referer: https://www.1stheadlines.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 10 Mar 2024 09:19:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-function: 153
last-modified: Fri, 03 Nov 2023 04:54:34 GMT
server: cloudflare
x-reuse-index: 316
vary: Accept-Encoding
content-type: application/x-javascript
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: private
cf-ray: 862238ceea185d87-FRA
alt-svc: h3=":443"; ma=86400
content-length: 328
expires: Sat, 08 Jun 2024 09:19:13 GMT

GET
H2 200 j.ad Show response
s.tribalfusion.com/ 8 KB
4 KB 186ms
185ms Script
application/x-javascript 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f809360dc662740ba79af7172d8ffc4bf19442fef387afdb07b2f170bf90441d

Request headers

Referer: https://www.1stheadlines.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-function: 101
server: cloudflare
x-reuse-index: 253
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: private, no-cache, no-store, proxy-revalidate
cf-ray: 862238d04bc55d87-FRA
alt-svc: h3=":443"; ma=86400
content-length: 3607
expires: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/ 166 KB
56 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403040101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1cf5229517629f5ab19291cfb8fe801a1fa6f502d5352fec2bf9aea7de5b739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57246
x-xss-protection: 0
server: cafe
etag: 13383317776370870234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 09:19:14 GMT

GET
H2 200 tf_adChoice11.js Show response
cdnx.tribalfusion.com/media/common/adChoice/ 4 KB
1 KB 52ms
43ms Script
application/x-javascript 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnx.tribalfusion.com/media/common/adChoice/tf_adChoice11.js
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9ebddedcebd351bb4e992c15921ef1378358eb1e02a8bae03d249506f2cd11a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
cf-cache-status: HIT
x-function: 301
last-modified: Tue, 11 Apr 2023 06:26:26 GMT
server: cloudflare
age: 85605
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: public
cf-ray: 862238d18d245d87-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 18 KB
8 KB 72ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 10 Mar 2024 09:15:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7823
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 23:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sun, 10 Mar 2024 10:15:00 GMT

GET
H2 200 ipg
a4.tribalfusion.com/ 43 B
291 B 246ms
186ms Image
image/gif 104.18.13.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a4.tribalfusion.com/ipg?ip6=2001:1b60:2:240:3247::10&kv=%7B%22ord%22%3A%201674826080%2C%20%22clientID%22%3A%20800013%7D
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.13.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d1dd2c71b5-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame DE88 9 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 7421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 07:15:33 GMT
etag: 5035419970550746386
expires: Sun, 24 Mar 2024 07:15:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame 0853 9 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 7421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 07:15:33 GMT
etag: 5035419970550746386
expires: Sun, 24 Mar 2024 07:15:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 impl_v99.js Show response
www.googletagservices.com/dcm/ 59 KB
23 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v99.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 04 Mar 2024 19:30:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 481706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23872
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 14:22:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Mar 2025 19:30:48 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6D98 2 KB
900 B 89ms
27ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6700a61b5bd8006d07ddcdf84df499411e0ca045c8e124af25f72b8c4e82dab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Mar 2024 07:34:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Mar 2024 09:19:14 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6D98 2 KB
822 B 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 15:04:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 6D98 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6D98 3 KB
1 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6D98 20 KB
8 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:46:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66776
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:46:18 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6D98 207 KB
63 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame 6D98 36 KB
15 KB 94ms
37ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 22:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 470669
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 02 Jun 2024 22:34:45 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame DE88 15 KB
6 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 16:16:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61380
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6454
x-xss-protection: 0
server: cafe
etag: 9518204868993021864
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 16:16:14 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DE88 205 B
650 B 82ms
31ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:58:06 GMT
x-content-type-options: nosniff
age: 62468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 09 Mar 2025 15:58:06 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DE88 604 B
696 B 82ms
32ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:03:58 GMT
x-content-type-options: nosniff
age: 479716
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 04 Mar 2025 20:03:58 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame DE88 22 KB
9 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 16:16:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61380
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9093
x-xss-protection: 0
server: cafe
etag: 981128176822753981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 16:16:14 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0853 14 KB
1 KB 64ms
28ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Mar 2024 07:32:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Mar 2024 09:19:14 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 0853 2 KB
822 B 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 15:04:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 0853 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 0853 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 0853 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:46:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66776
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:46:18 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 0853 207 KB
63 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame 0853 36 KB
15 KB 82ms
52ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 22:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 470669
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 02 Jun 2024 22:34:45 GMT

GET
H2 200 B28369591.362335104;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=2819128252;ord=bdavj3;click=https%3A%2F%2Fs.tribalfusion.com%2Fh.click%2Fakm4hFWUY1TtQXobFoQbBt1E3s4qBj4an2oTbC1FJfUdbUmPfJnVYsoHML3TZb83Hi... Show response
ad.doubleclick.net/ddm/adi/N1820114.1141592EXPONENTIAL.COM/ Frame 9E3F 63 KB
31 KB 131ms
61ms Document
text/html 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1820114.1141592EXPONENTIAL.COM/B28369591.362335104;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=2819128252;ord=bdavj3;click=https%3A%2F%2Fs.tribalfusion.com%2Fh.click%2Fakm4hFWUY1TtQXobFoQbBt1E3s4qBj4an2oTbC1FJfUdbUmPfJnVYsoHML3TZb83Hir5PfGpFvZdXsnR1c311GFonqZbU5bY2TUZbZcVm74PqvQQsZboPtZbO0dFtT6rv3VMXXrBDUmar5PnaR6bD4dUO0trLnWIo5PBT4V76VsMjVV7iP6vmUdv5WrZbY5U2wWEjoTTUlQEUFSGJZdPF6oPtUiWGv54r6rotemXEPM4tQGPGvZa2mJHmdXqqoimyny7xEy2so78PFUeUbBSnRmXQmmosUqZcMPTtwAAiu6eZa4R2lyTmmwAYM3HPrs627r6TV0aMe5BQdssXt38BZbYrr7NLSi9X%2F;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=0,https%3A%2F%2Fwww.1stheadlines.com%2F$0;xdt=0;crlt=1_k!Ip.zG);stc=1;chaa=1;sttr=63;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

39f75aada56d7c3854113713ce779c00536ea6167e864c2e65354529403644d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 31335
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 9316618008466985130
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 7 KB
7 KB 108ms
49ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/9316618008466985130?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

992ffb31254bff53fe50fbeff43835a4a048b9ab3465c61897d026d6f5584ff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 05 Mar 2025 08:36:21 GMT
date: Tue, 05 Mar 2024 08:36:21 GMT
x-content-type-options: nosniff
age: 434573
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6847
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 02:38:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 15680704448050570156
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 6 KB
7 KB 115ms
56ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/15680704448050570156?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7e35cef352b6346cefad0d2c335576adbd238db1ef2190910d2877f97decb78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Tue, 04 Mar 2025 20:47:00 GMT
date: Mon, 04 Mar 2024 20:47:00 GMT
x-content-type-options: nosniff
age: 477134
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6555
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 01:43:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 13840046643309577763
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 6 KB
6 KB 105ms
47ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/13840046643309577763?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3516487be209784b4ca1d01e27525791fa6df4b7a5456f87e7282a41437cdb24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 05 Mar 2025 07:52:49 GMT
date: Tue, 05 Mar 2024 07:52:49 GMT
x-content-type-options: nosniff
age: 437185
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6162
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 02:47:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 17656015097072688249
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 8 KB
8 KB 87ms
29ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/17656015097072688249?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca3c6f01ebeebaba47764a825f7dcec712d17574e86b610b31abef0def8fe012

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Sat, 08 Mar 2025 15:49:58 GMT
date: Fri, 08 Mar 2024 15:49:58 GMT
x-content-type-options: nosniff
age: 149356
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8234
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 07:08:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 475706372436835430
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 5 KB
5 KB 83ms
25ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/475706372436835430?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eb555ab4348766bc8ecde7a548433d91fb3b68dbe09d5fad080b4fff7755c9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Sat, 08 Mar 2025 19:04:58 GMT
date: Fri, 08 Mar 2024 19:04:58 GMT
x-content-type-options: nosniff
age: 137656
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5480
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 00:38:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 12409945286925076258
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 5 KB
5 KB 93ms
36ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/12409945286925076258?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c63e443e265df1298e4b73524d50add2866c3ece849a198a64dcd509fb28c0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Tue, 04 Mar 2025 22:54:36 GMT
date: Mon, 04 Mar 2024 22:54:36 GMT
x-content-type-options: nosniff
age: 469478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5417
x-xss-protection: 0
last-modified: Thu, 23 Mar 2023 23:13:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 4148737164153528701
tpc.googlesyndication.com/gpa_images/simgad/ Frame 0853 5 KB
5 KB 75ms
24ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/4148737164153528701?w=200&h=200&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c096710e969428c10c9bf10f404878490570406db19f8883b22ec708c2e3ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Sat, 08 Mar 2025 09:55:40 GMT
date: Fri, 08 Mar 2024 09:55:40 GMT
x-content-type-options: nosniff
age: 170614
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4693
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 00:21:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2

200

3069489683903485926
tpc.googlesyndication.com/simgad/ Frame 0853
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_2J_etwEQsAkYsAkyCB3sAGHjaV1o
https://tpc.googlesyndication.com/simgad/3069489683903485926

43 KB
43 KB

24ms
23ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3069489683903485926

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html

Protocol

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b82e2dd387e5aa77c4b69c226a09c74aab31524d4696453011abf429a1ecde4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Thu, 06 Mar 2025 05:26:50 GMT
date: Wed, 06 Mar 2024 05:26:50 GMT
x-content-type-options: nosniff
age: 359544
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43650
x-xss-protection: 0
last-modified: Fri, 07 Jan 2022 13:47:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

Redirect headers

date: Sat, 09 Mar 2024 19:12:20 GMT
x-content-type-options: nosniff
server: cafe
age: 50814
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/3069489683903485926
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Apr 2024 19:12:20 GMT

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 8944 275 B
515 B 185ms
184ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=almW8ZaWrbX5bEpUarmVTYcSTrIRVbIQrAvRWvlWcbV4UTnodEmYa2u2drZdQcMZc46QZdmdZaNVHJ7XbfaXrfiXT6mRUFDWUJ2TtrWnUfxPFrnYq3r4abh2aMRmaMCYUY9WHfUmmrIpGMwpd3K3TFi5tZar4PrJpbrL0VfP1c3V0VvwpTZb42rMTVrvGV674Pqb0ScrOQHfN0dBwWAnO4GBU0UZbDVmm546ZbetFEFMRisyWAoVC72MQ27upZaKopnGO8qHsSYJwj2B8y&mediaDataID=6530936&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca2aec1f9b7b58fb43daec94a9b64f76fa306e8ca886538bdc59823507dd5f65

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d2a90b8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 57

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 538E 381 B
537 B 200ms
200ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aAmW8ZaTFfGUAv5RTn3SsBqSt7uYd7rW63p2cYVXbZbKT6Xm2PMdQmJB2W3O0tJCntEw36U13cr6TcJdVGZbjP6QOUWJPWrr55b6uVTUvVEJ6QaYLRsYZbRravRt7cWsfU2FqsmWes0qqp3HQZaQVMB2mrZaptTpVHBa0rfa1UB90qqsPbMZbTrv2WWnUnUQnPbrr1EMN5afl5qYPnqfE1FUfWHMXoArans7wU8PGyBiextnKOrA91EuyODIwOpMMoCmTUWbbx3cbcZa&mediaDataID=6546596&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa5804b567c65d5cd125d81cf560ae6e3c46cae22704a58794ba57e220309678

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d2a90d8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 18

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 23C5 259 B
472 B 186ms
185ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aBmVRCTtQ5orJnPrByXaZbr3TFl5TU4oaFIYbZbgUtMQmP3LpGQrpW3C3EY73Wuy5P7ZcprnG0VnPYcF21cJNpajS3bJPTFvBUA3TQa3QQsZbqQtBy1djtT6vp2GB5XrBJVmut46Q7R67K3tvy0HJZbpd6v4mZbV3cMbVsJdUcb8RAFvWdn3UUZb03bimVTjpVaJaSTvHScjJQbAxSdr6Ucb52F6xode0XEepxC2AmDTFumINUS7RwRIJTVrUx6i3lg&mediaDataID=2713736&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 601e36c0c8bd564d7ba6f71ba382ec0de9794d979bcad460e0e0332826b0669f

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d2a90f8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 57

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame FBB7 324 B
514 B 184ms
183ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aCmWCZc5bEmUqrnVTn8PEZbZaQVfZdPbemSWYiWGM24r6omtAr0qXy3tQEQG7Za4PBFotAqVWFf0rnaYUYf1EEoPU3AUbZbPTtBXorjxQrZbNYTFq4TBf4qv3oT7IYFU9UdnRoAMZansMpmHrJ2av83dup3AFZbmbfL0VvU1sF2XG7nnEvU5Un2WUZbGV633Qab1QVZbsStjt1HFpWm3n3VUY0bZbDVmiw2PQZbPPMKxoqmxR6JWd3hNrTxxpZaZdPQXJm9yAtBXgto6rYG7hrJKekm&mediaDataID=5436426&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04ac525904a5f556c12f23130be1b68f60f474af169fb55c082f7115507cfdb6

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d3096f8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 57

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 31C7 309 B
507 B 213ms
212ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aDmYpuUAv2REMXSs3nQd7yYtroWAYv3GvUXFUATAip4Av8R6ZbF3Hvq0WQAnHTm5mYQ3sveVsQdWcMeSmrMWWQPUFnR5bTtUqQvWqnlQEBKSVZbZbQFisPHMiWcbU4binod6oXEqw4dvZdPcBZd46BKmdatUH3a0rv71FYfXaiMRrJGWUrSTHU5obfsQrrqYqFt3Tjc4T3YnEFKXUBbWtMXoAfBpGM5otfJw7qkyoQtvAuvU6i9wSANuSZaoM72vWBIMyaXanAPknUYOuAiqrbQGkCquoV&mediaDataID=8039566&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6075669312249475354c8585f29ca820a6d35ba8a9c6e088308218b90e75b5e

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d309708ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 129

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 642C 213 B
431 B 191ms
190ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aEmWgZborJpRUjrXaZbt5TBj2aU3oEFAXFjfUWb1mmfInVUmmHYG2Tvg3taN56nEnbMZa0GMX1s320GvxmqJQ5bQQVrvFUAf1REYQPGrMQdUMYdJnWmny4s3UXbZbJTP6m2PYbPP7D4WQO1trDntTO36MR4c7bVsY8UsMePP3oUtFVWrJP2FZatVqrnWqJbQaBZcQVfAPFEoSWYkVsnS2r6xodqO0qqV2WbZds9ZaDOreZcTdYGn8I6nS3FrPuHy7MSVSXZdomQepXI65B&mediaDataID=6347136&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61a02deb93a0f1ad17d1aeca1bae1e1f0e3464c4fdb73de238362fb94017e9f6

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d319758ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 148

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 4A5F 279 B
488 B 181ms
180ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aFmX9qUqrnTTQdPqYKQGFLRrmmStQaVV354UuumWqsXa2v4dUAPVBH4m3HoHPNTHJ90bMi1FBf0aqtSFvCWbU4VHB3orYqRUJNXaMy5EUh5Tj1mqnH1rJfUtMRm6bLpGrtotrA5EQ72WEM5PnLprYZdYVbU1sUYXVvxpT743FFWTFFZcUPv1RqfXPGZbtQHUNYtBwVPYu3cvWYrYZdVAiw2PZbeR67l2dZbOMouZdP8Mxv6ABODZabPQmkp9mIrrq2QPTvomyouqB6r7IQ0dUTtq9js9&mediaDataID=9148826&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e59cb2bbf582601c8e5cbefad362c256f551b37d9043cb3b7a2fd0484740e4ff

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d319768ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 110

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 71EA 264 B
474 B 193ms
191ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aGmW0LREMYScUoQHYN0dJnT63O3GZb4YFrDT6qv46Zb7PmJA4WMm1HrLndIo5AJ15cr8Vc3lUsbeRPFuTHrRWFf33UTnUqbsTTrlPqvFSGQKQrIsRdn9UVn25FitotuOYqux3tUDSGjF2AQHoHitTdFhXUf9XrUfXqAMSUUDWbMQVtrUorJxPFrq1EYy4qUg5qQQmTBF1rZb8WH7XnP7KmsMqpW7E3aM85tmN3AvGnEBZd0GeOyou0MCiQpS6nwPPo0sjr9QC0Of&mediaDataID=5578346&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 594cb3bcb02eae021dd38c4624fa2ce18c8f23b27effd2da2568ad825b8753c9

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d319828ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 22

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 4B7B 447 B
568 B 188ms
188ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aHmWKZdRUjs1E3s5E7j5E31oTJLXUBcTtFXmPnCns7poW3D5EMk2dEr5AfGnUjGXVnR1cQTXV7xnTvT2rrSTrbDWmf2REj4ScnMPWjr1dvtVP3M3cU00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT3pTEv6PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWPmvmyIMBaBNbfFr6ejpAvuNpAoTsZbAOikeTP&mediaDataID=6719746&mediaName=frame.html
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cdadf89c5d5e2635ebf7e7ae706d568e6240f5da72eaae8c144a70de2174dfb

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d319848ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:14 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 18

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D408 113 KB
39 KB 649ms
648ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=6365271370&adk=2699336268&adf=3937582785&pi=t.ma~as.6365271370&w=336&lmt=1710062354&format=336x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354407&bpp=4&bdt=1886&idt=4&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=434&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=12

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab560133c66882c13dd9f75f15922fc34435e00922142cdac7776bd9a5677fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 39865
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C876 124 KB
41 KB 654ms
653ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfd00e19e3f0d7b8e3baf72f9992c9eb2d6d0d3fa5e0c046b01922c8dff94451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 41540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame 9E3F 12 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1820114.1141592EXPONENTIAL.COM/B28369591.362335104;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=2819128252;ord=bdavj3;click=https%3A%2F%2Fs.tribalfusion.com%2Fh.click%2Fakm4hFWUY1TtQXobFoQbBt1E3s4qBj4an2oTbC1FJfUdbUmPfJnVYsoHML3TZb83Hir5PfGpFvZdXsnR1c311GFonqZbU5bY2TUZbZcVm74PqvQQsZboPtZbO0dFtT6rv3VMXXrBDUmar5PnaR6bD4dUO0trLnWIo5PBT4V76VsMjVV7iP6vmUdv5WrZbY5U2wWEjoTTUlQEUFSGJZdPF6oPtUiWGv54r6rotemXEPM4tQGPGvZa2mJHmdXqqoimyny7xEy2so78PFUeUbBSnRmXQmmosUqZcMPTtwAAiu6eZa4R2lyTmmwAYM3HPrs627r6TV0aMe5BQdssXt38BZbYrr7NLSi9X%2F;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=0,https%3A%2F%2Fwww.1stheadlines.com%2F$0;xdt=0;crlt=1_k!Ip.zG);stc=1;chaa=1;sttr=63;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:30:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:30:43 GMT

GET
DATA 200
OK truncated
/ Frame 0853 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301f0d42a08dd7dc6962a20be45c9c8df12fcc039a52cf0ed53d2b962029b3bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 540F 126 KB
40 KB 482ms
481ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=1531094781&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354520&bpp=2&bdt=1999&idt=2&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280%2C543x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=1639&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=1&fsb=1&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab621d4ae4cd739325a385caba34f1afbf8d539ae6af31e51220a2a5e3d195a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 40846
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9E3F 111 KB
39 KB 83ms
23ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Origin: https://ad.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 08:52:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Mar 2024 08:52:43 GMT

GET
H3 200 j.ad Show response
s.tribalfusion.com/ 2 KB
2 KB 223ms
222ms Script
application/x-javascript 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693
Requested by: Host: tags.expo9.exponential.com
URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1e548be458b0f89f31b64536a1d40501029c4eec7aa32f302c764698b7f4dfe

Request headers

Referer: https://www.1stheadlines.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-function: 101
server: cloudflare
x-reuse-index: 19
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: private, no-cache, no-store, proxy-revalidate
cf-ray: 862238d41aae8ed7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1126
expires: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9E3F 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 21:38:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 474049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Mar 2025 21:38:25 GMT

GET
H2

200

i.match
a.tribalfusion.com/ Frame 8944
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=131&external_user_id=18072662062485768859&cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db20%26u%3D&cm_dsp_id=131&external_user_id=18072662062485768859&C=1
https://a.tribalfusion.com/i.match?p=b20&u=Ze17ErmqPNcAADSCAKIceQAA

43 B
664 B

204ms
204ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b20&u=Ze17ErmqPNcAADSCAKIceQAA
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=almW8ZaWrbX5bEpUarmVTYcSTrIRVbIQrAvRWvlWcbV4UTnodEmYa2u2drZdQcMZc46QZdmdZaNVHJ7XbfaXrfiXT6mRUFDWUJ2TtrWnUfxPFrnYq3r4abh2aMRmaMCYUY9WHfUmmrIpGMwpd3K3TFi5tZar4PrJpbrL0VfP1c3V0VvwpTZb42rMTVrvGV674Pqb0ScrOQHfN0dBwWAnO4GBU0UZbDVmm546ZbetFEFMRisyWAoVC72MQ27upZaKopnGO8qHsSYJwj2B8y&mediaDataID=6530936&mediaName=frame.html
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d5aa3d5d87-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QR8SVRymYcG996%2FXz%2Fo9M%2BWdxfmQ5WALQziRWo5kFGL2dEJGCsDsypFSxYmnNf8Ti%2FJjX5%2FUCZRTUkEQ27KagggLgZ3UMC0mXLzn%2F6Cu%2FqynHlucX%2FcoFYGJXz3ehmdb56PE68Db73viIA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://a.tribalfusion.com/i.match?p=b20&u=Ze17ErmqPNcAADSCAKIceQAA
cache-control: no-cache
cf-ray: 862238d4eff11c36-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

i.match
a.tribalfusion.com/ Frame 23C5
Redirect Chain

https://tags.bluekai.com/site/4229?id=18072662062485768859&redir=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db3%26u%3D%24_BK_UUID
https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID

43 B
762 B

176ms
175ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aBmVRCTtQ5orJnPrByXaZbr3TFl5TU4oaFIYbZbgUtMQmP3LpGQrpW3C3EY73Wuy5P7ZcprnG0VnPYcF21cJNpajS3bJPTFvBUA3TQa3QQsZbqQtBy1djtT6vp2GB5XrBJVmut46Q7R67K3tvy0HJZbpd6v4mZbV3cMbVsJdUcb8RAFvWdn3UUZb03bimVTjpVaJaSTvHScjJQbAxSdr6Ucb52F6xode0XEepxC2AmDTFumINUS7RwRIJTVrUx6i3lg&mediaDataID=2713736&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d77e9d8ed7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://a.tribalfusion.com/i.match?p=b3&u=$_BK_UUID
date: Sun, 10 Mar 2024 09:19:15 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 538E 43 B
295 B 90ms
27ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=b9f5c7de-85f6-48cc-ba86-351b90373b6b&r=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db12%26redirect%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537141727%2526val%253D%2524TF_USER_ID_ENC%2524%26u%3D
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aAmW8ZaTFfGUAv5RTn3SsBqSt7uYd7rW63p2cYVXbZbKT6Xm2PMdQmJB2W3O0tJCntEw36U13cr6TcJdVGZbjP6QOUWJPWrr55b6uVTUvVEJ6QaYLRsYZbRravRt7cWsfU2FqsmWes0qqp3HQZaQVMB2mrZaptTpVHBa0rfa1UB90qqsPbMZbTrv2WWnUnUQnPbrr1EMN5afl5qYPnqfE1FUfWHMXoArans7wU8PGyBiextnKOrA91EuyODIwOpMMoCmTUWbbx3cbcZa&mediaDataID=6546596&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 0853 33 KB
34 KB 80ms
20ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 04:01:15 GMT
x-content-type-options: nosniff
age: 451079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Mar 2025 04:01:15 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0853 0
0 59ms
59ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNYKPEXvtZcPgG526-cAP0LOvwAS7__qrc5Llx9nEDmQQASDzwvUBYJX6moKsB6ABnt2JlwPIAQmpAhfZqZgPWrI-qAMByAPLBKoEhwJP0A6FjNDP4o9PeFBhXk0s72jFKvUt2Og09A9q_5BwYI3hXGXQEe5BcHp5DxhTt8njsvahU95Uw8bR6Ir1fNmJGRcgSCYhsHNEgPjwZYxDlZ2-rIE6gkaiXI25U1SWxNblMQp4L90ZfOFX0k6nrIg1v01OdhGN4R9dW-MnHqEwqU-qmGFidPhvDSI56xdQeRm8CvOUSR4ku12-kpzU7PA1ANSz5l7uYgH_RHa5mkv0Raygf7QHw_7F4z-9Wbtc4zUi2D7aIPirKrv5_9UD9Xx8wGcGzUPQX7dp81kVk86FJV58egQei63hFjlzSy46DIBgFSlVSUCtofpkj-OqiWmKsBwcuwCBacAE47j85J4CiAXf4MHeB5IFBAgEGAGSBQQIBRgEoAYugAfn1ftHqAfZtrECqAevvrECqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrEC2AcA8gcEEPeFCtIIKwiR4YBwEAEYHzIH64uA4L-ADToJgECAgICAgJQoSL39wTpYrov72K7phAOaCY0BaHR0cHM6Ly93d3cubGFkZW56ZWlsZS5kZS91aHJlbi8_ZXg9Mjk5MTUmaz0mbXQ9JmM9NTM4Nzc5MTg4NTUyJnA9JmNpZD0yMDc3MjU3ODIzJmFnaWQ9NzY5ODQyOTQ0OTkmdGlkPSZuPWQmZD1jJnBsPXd3dy4xc3RoZWFkbGluZXMuY29tJmZpaWQ9gAoByAsB2BMLiBQC0BUBgBcBshccChoIABIUcHViLTU1NDA1MDIxODQ0MTk2NDcYALIYCRICk1UYLiIBAA&sigh=P5RLzMwlXDQ&uach_m=%5BUACH%5D&ase=2&template_id=494&cbvp=2&vis=1&nis=5

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_nohtml_fy2021.html
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 10 Mar 2024 09:19:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5189 51 KB
20 KB 27ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 453847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20147
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:15:07 GMT

GET
H3 200 1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E58 51 KB
20 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 453847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20147
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:15:07 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame FBB7
Redirect Chain

https://a.tribalfusion.com/i.match?p=b10&u=18072662062485768859&redirect=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662062485768859&expires=180

0
239 B

120ms
24ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662062485768859&expires=180
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aCmWCZc5bEmUqrnVTn8PEZbZaQVfZdPbemSWYiWGM24r6omtAr0qXy3tQEQG7Za4PBFotAqVWFf0rnaYUYf1EEoPU3AUbZbPTtBXorjxQrZbNYTFq4TBf4qv3oT7IYFU9UdnRoAMZansMpmHrJ2av83dup3AFZbmbfL0VvU1sF2XG7nnEvU5Un2WUZbGV633Qab1QVZbsStjt1HFpWm3n3VUY0bZbDVmiw2PQZbPPMKxoqmxR6JWd3hNrTxxpZaZdPQXJm9yAtBXgto6rYG7hrJKekm&mediaDataID=5436426&mediaName=frame.html
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 24
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=111756&nid=3856&put=18072662062485768859&expires=180
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d4c92d5d87-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET partner
sync.search.spotxchange.com/ Frame 4A5F 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/57628/ Frame 642C 0
125 B 311ms
165ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57628/sync?uid=18072662062485768859&_origin=1&redir=true

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aEmWgZborJpRUjrXaZbt5TBj2aU3oEFAXFjfUWb1mmfInVUmmHYG2Tvg3taN56nEnbMZa0GMX1s320GvxmqJQ5bQQVrvFUAf1REYQPGrMQdUMYdJnWmny4s3UXbZbJTP6m2PYbPP7D4WQO1trDntTO36MR4c7bVsY8UsMePP3oUtFVWrJP2FZatVqrnWqJbQaBZcQVfAPFEoSWYkVsnS2r6xodqO0qqV2WbZds9ZaDOreZcTdYGn8I6nS3FrPuHy7MSVSXZdomQepXI65B&mediaDataID=6347136&mediaName=frame.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 4B7B 0
166 B 182ms
32ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%253A//simage2.pubmatic.com/AdServer/Pug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%2526piggybackCookie%253D18072662062485768859%2526r%253Dhttps%25253A//a.tribalfusion.com/i.match%25253Fp%25253Db11%252526u%25253D%252524%25257BPUBMATIC_UID%25257D
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aHmWKZdRUjs1E3s5E7j5E31oTJLXUBcTtFXmPnCns7poW3D5EMk2dEr5AfGnUjGXVnR1cQTXV7xnTvT2rrSTrbDWmf2REj4ScnMPWjr1dvtVP3M3cU00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT3pTEv6PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWPmvmyIMBaBNbfFr6ejpAvuNpAoTsZbAOikeTP&mediaDataID=6719746&mediaName=frame.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 10 Mar 2024 09:19:14 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

i.match
a.tribalfusion.com/ Frame 71EA
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22054&dpuuid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22054&dpuuid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db13%26u%3D%24%7BDD_UUID%7D
https://a.tribalfusion.com/i.match?p=b13&u=70830693484455037760820180800853952792

43 B
755 B

177ms
177ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b13&u=70830693484455037760820180800853952792
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aGmW0LREMYScUoQHYN0dJnT63O3GZb4YFrDT6qv46Zb7PmJA4WMm1HrLndIo5AJ15cr8Vc3lUsbeRPFuTHrRWFf33UTnUqbsTTrlPqvFSGQKQrIsRdn9UVn25FitotuOYqux3tUDSGjF2AQHoHitTdFhXUf9XrUfXqAMSUUDWbMQVtrUorJxPFrq1EYy4qUg5qQQmTBF1rZb8WH7XnP7KmsMqpW7E3aM85tmN3AvGnEBZd0GeOyou0MCiQpS6nwPPo0sjr9QC0Of&mediaDataID=5578346&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d69d8f8ed7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

dcs: dcs-prod-irl1-1-v058-03d5276f5.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: /v7DIDpQQKs=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://a.tribalfusion.com/i.match?p=b13&u=70830693484455037760820180800853952792
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

dspreply
public-prod-dspcookiematching.dmxleo.com/ Frame 31C7
Redirect Chain

https://a.tribalfusion.com/i.match?p=b24&u=18072662062485768859&redirect=https%3A%2F%2Fpublic-prod-dspcookiematching.dmxleo.com%2Fdspreply%3FdspId%3D15%26dspUserId%3D%24TF_USER_ID_ENC%24
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662062485768859

0
122 B

111ms
31ms

Image
text/plain

188.65.124.66
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662062485768859

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aDmYpuUAv2REMXSs3nQd7yYtroWAYv3GvUXFUATAip4Av8R6ZbF3Hvq0WQAnHTm5mYQ3sveVsQdWcMeSmrMWWQPUFnR5bTtUqQvWqnlQEBKSVZbZbQFisPHMiWcbU4binod6oXEqw4dvZdPcBZd46BKmdatUH3a0rv71FYfXaiMRrJGWUrSTHU5obfsQrrqYqFt3Tjc4T3YnEFKXUBbWtMXoAfBpGM5otfJw7qkyoQtvAuvU6i9wSANuSZaoM72vWBIMyaXanAPknUYOuAiqrbQGkCquoV&mediaDataID=8039566&mediaName=frame.html

Protocol

Server

188.65.124.66 Paris, France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

ingress-03-pub-prod-ix7.vip.dailymotion.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-dm-lb-name: ingress-nginx-nginx-in-cluster-4vt7d
date: Sun, 10 Mar 2024 09:19:14 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 0

Redirect headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:14 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 53
content-type: text/html
location: https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=15&dspUserId=18072662062485768859
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d4d93f5d87-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 86A2 38 KB
13 KB 29ms
28ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 499036
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Mar 2024 14:41:58 GMT
expires: Tue, 04 Mar 2025 14:41:58 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 9E3F 207 KB
63 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16098930704049080402/ Frame 9647 8 KB
3 KB 106ms
21ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e395c031ca38e564379b61e44e7f0f3205abc49e977868540cf565b4ff3858f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 483880
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2768
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Mar 2024 18:54:34 GMT
expires: Tue, 04 Mar 2025 18:54:34 GMT
last-modified: Sat, 16 Dec 2023 11:46:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 9E3F 0
0 80ms
79ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsvS2Qe50wFC_7pz1n0ga6lxoVDG66uJR2AbIaqzkYPKU5oDm2dxz9GYKmdsrI13530xWbmEd76SaVyDUHiEQlnOY5KBnmTBlIZG6lE-f0tSqyWxze-v77RQosDSTaoa9EI1wc2MtrewCG2VWXEj9Iw-w0cizxcSbUNJf_Owgy6c1592oVFcY-vbTw&sig=Cg0ArKJSzMPXYFPiY-bfEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=157&cbvp=1&cstd=154&cisv=r20240306.95117&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 9647 236 KB
63 KB 163ms
43ms Script
text/javascript 2a02:26f0:280:3::213:7897
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:280:3::213:7897 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sun, 10 Mar 2024 09:34:14 GMT

GET
H3 200 728x90.js Show response
s0.2mdn.net/sadbundle/16098930704049080402/ Frame 9647 67 KB
13 KB 22ms
21ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16098930704049080402/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16e63fc15a59a872197b52579e159f1be73135b4691ff7e8ca08aacaab3a77b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 05 Mar 2025 05:00:19 GMT
date: Tue, 05 Mar 2024 05:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447535
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13707
x-xss-protection: 0
last-modified: Sat, 16 Dec 2023 11:46:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 09B8 201 B
424 B 184ms
183ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aGmWCZcREMYScUqSdFuYdrnT6UO4cr1XFrDT6qv46Zb7PmJA4WMm1HrLnWAo5AJ15cr8Vc3lUsbeRPFuTHrRWFf23UZaxUqbsTTrlPqvFSGQZbPUewSHQ9UVv54r6nmHur0qyN2WvGSGfZa5PMEotPnVWj6Yrb71FJiXqqtPbQZbUFBXTtMWnrbsQFJyXaFs5aUl2aYPmaBDXbjhTdfTomfBpG7wmHri3qZb7wRJnNFXZdWranMRPRuS254neUVQuyuEXEqPTc1pMlwVZcrgD&mediaDataID=7665496&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fd4c0492670a96c492f73f0e0ad3d000e2b71e3ce885e30b16d149ee1c0e9c2

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d5dc8a8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:15 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 1230

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame E79E 302 B
500 B 188ms
187ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aHmUKlRUjs1E3s5q7l5aY1oTJKXF38UWFXmPnCns7poW3D5EMk2dEr5mbGnUjGXVnR1cQTXV7xnTvT2rrSTrbCWmnVREj4ScnMPWjr1dvtVPUx3VM00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT7oWTr8PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWP1uBPjUcFXMoxhqN&mediaDataID=6807466&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac14eae85e2c7c7efb1555bcd1daf261764d825b143cec1a0aaad22301e6475e

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d5dc8d8ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:15 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 57

GET
H3 200 p.media Show response
s.tribalfusion.com/ Frame 4FE3 242 B
438 B 187ms
187ms Document
text/html 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/p.media?clickID=aImVgFTTQdSTYZcSVJBRFZamPH3aWsU35FXxmtiyXEew2tQFSGFD56MZaoWEyTtYfXrnc1UZb7XqitRbJHTrn2TH31mFjmRUMn1Evy4qja4q70mqFKYb7cWH7XmmfLncjmmHME3qQe5tiN46ZbFnbjJ0GUQXsJYXVfNpEvT5U32VUnFUAUTQqv5PG3OPWUO1HvpT63n2GM4YFrBUPus26ZbeR6MK4WQ00dBAVCbMNb6PvsiVp9eBmSFJNFu7YTYc0WSZdqo&mediaDataID=4056396&mediaName=frame.html
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a9b07cc0b6fe0e68a05f3c62eebb6488ec6a4b544899947f7df64dcb2d3496e

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 862238d5dc928ed7-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 10 Mar 2024 09:19:15 GMT
expires: 0
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-function: 102
x-reuse-index: 31

GET
H3 200 37536.gif
cdnx.tribalfusion.com/media/ 43 B
301 B 28ms
28ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnx.tribalfusion.com/media/37536.gif
Requested by: Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:14 GMT
cf-cache-status: HIT
age: 2309
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400
content-length: 43
x-function: 301
last-modified: Fri, 04 Oct 2002 21:17:16 GMT
server: cloudflare
etag: 1033766236
vary: Accept-Encoding
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
cf-ray: 862238d5dc908ed7-FRA
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H3 200 gZnWy8mTJh2nv19RYTdHYGEDJC1_M9D7HOMBQELlJo4.js Show response
pagead2.googlesyndication.com/bg/ Frame 86A2 51 KB
20 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gZnWy8mTJh2nv19RYTdHYGEDJC1_M9D7HOMBQELlJo4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8199d6cbc993261da7bf5f51613747606103242d7f33d0fb1ce3014042e5268e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 09:46:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20210
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 07 Mar 2025 09:46:15 GMT

GET
H3 200 9294652535525046301
tpc.googlesyndication.com/daca_images/simgad/ Frame 540F 39 KB
39 KB 22ms
21ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/9294652535525046301

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=1531094781&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354520&bpp=2&bdt=1999&idt=2&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280%2C543x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=1639&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=1&fsb=1&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2517e0422b9fbc572e976de7ee7b224c02d73aed56dc98343a0ceef58b79e390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Sat, 08 Mar 2025 12:59:14 GMT
date: Fri, 08 Mar 2024 12:59:14 GMT
x-content-type-options: nosniff
age: 159601
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40377
x-xss-protection: 0
last-modified: Wed, 07 Jun 2023 11:54:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 540F 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 540F 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 540F 67 B
91 B 31ms
31ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 17:16:10 GMT
x-content-type-options: nosniff
server: cafe
age: 57785
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67
x-xss-protection: 0
expires: Sun, 10 Mar 2024 17:16:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 540F 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:46:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:46:18 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 540F 207 KB
63 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 540F 36 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:50:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66503
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14569
x-xss-protection: 0
server: cafe
etag: 13248958906723212501
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:50:52 GMT

GET
H3

200

i.match
a.tribalfusion.com/ Frame 09B8
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212295768&_puid=18072662062485768859
https://a.tribalfusion.com/i.match?p=b23&u=217403104817001173780

43 B
805 B

194ms
193ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b23&u=217403104817001173780
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aGmWCZcREMYScUqSdFuYdrnT6UO4cr1XFrDT6qv46Zb7PmJA4WMm1HrLnWAo5AJ15cr8Vc3lUsbeRPFuTHrRWFf23UZaxUqbsTTrlPqvFSGQZbPUewSHQ9UVv54r6nmHur0qyN2WvGSGfZa5PMEotPnVWj6Yrb71FJiXqqtPbQZbUFBXTtMWnrbsQFJyXaFs5aUl2aYPmaBDXbjhTdfTomfBpG7wmHri3qZb7wRJnNFXZdWranMRPRuS254neUVQuyuEXEqPTc1pMlwVZcrgD&mediaDataID=7665496&mediaName=frame.html
Protocol: H3
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d81f908ed7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://a.tribalfusion.com/i.match?p=b23&u=217403104817001173780
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame E79E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b22&u=18072662062485768859&redirect=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dexponential%26partner_uid%3D%24TF_USER_ID_ENC%24
https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662062485768859

0
44 B

174ms
41ms

Image
text/plain

34.252.29.182
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662062485768859
Requested by: Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aHmUKlRUjs1E3s5q7l5aY1oTJKXF38UWFXmPnCns7poW3D5EMk2dEr5mbGnUjGXVnR1cQTXV7xnTvT2rrSTrbCWmnVREj4ScnMPWjr1dvtVPUx3VM00UQDTAim4mB8R6fH2dQsXW3AmHen5mJT3sQ7UsF8UsjjPAFuWd33UbM15beuVT7oWTr8PqBZdScQJRrAxRt3dVG335bqtoWqO0qep4dvgQsrZavUmIS8vroWP1uBPjUcFXMoxhqN&mediaDataID=6807466&mediaName=frame.html
Protocol: H2
Server: 34.252.29.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-29-182.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:15 GMT
server: awselb/2.0

Redirect headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 51
content-type: text/html
location: https://beacon.krxd.net/usermatch.gif?partner=exponential&partner_uid=18072662062485768859
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 862238d77ea78ed7-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D408 6 KB
824 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=6365271370&adk=2699336268&adf=3937582785&pi=t.ma~as.6365271370&w=336&lmt=1710062354&format=336x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354407&bpp=4&bdt=1886&idt=4&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=434&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bdb7d822d6afd1c8354749a111f68d56ce5e5db03b8a3028698acfc78358e06d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Mar 2024 09:19:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Mar 2024 07:34:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Mar 2024 09:19:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame D408 2 KB
834 B 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 15:04:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame D408 23 KB
9 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame D408 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame D408 20 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:46:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:46:18 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D408 207 KB
63 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame D408 36 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 22:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 470670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 02 Jun 2024 22:34:45 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 4FE3 170 B
409 B 108ms
33ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=exp&google_cm&google_sc&google_ula=2786954&google_hm=18072662062485768859

Requested by

Host: s.tribalfusion.com
URL: https://s.tribalfusion.com/p.media?clickID=aImVgFTTQdSTYZcSVJBRFZamPH3aWsU35FXxmtiyXEew2tQFSGFD56MZaoWEyTtYfXrnc1UZb7XqitRbJHTrn2TH31mFjmRUMn1Evy4qja4q70mqFKYb7cWH7XmmfLncjmmHME3qQe5tiN46ZbFnbjJ0GUQXsJYXVfNpEvT5U32VUnFUAUTQqv5PG3OPWUO1HvpT63n2GM4YFrBUPus26ZbeR6MK4WQ00dBAVCbMNb6PvsiVp9eBmSFJNFu7YTYc0WSZdqo&mediaDataID=4056396&mediaName=frame.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.tribalfusion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _728x90.jpg
s0.2mdn.net/sadbundle/16098930704049080402/ Frame 9647 4 KB
4 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16098930704049080402/_728x90.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e129324125b22c958dbbfd5d0678567e88f4a0d27ba68f73d81506c04ea3f616

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 05 Mar 2025 05:54:45 GMT
date: Tue, 05 Mar 2024 05:54:45 GMT
x-content-type-options: nosniff
age: 444270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3725
x-xss-protection: 0
last-modified: Sat, 16 Dec 2023 11:46:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 9E3F 0
0 53ms
52ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsvS2Qe50wFC_7pz1n0ga6lxoVDG66uJR2AbIaqzkYPKU5oDm2dxz9GYKmdsrI13530xWbmEd76SaVyDUHiEQlnOY5KBnmTBlIZG6lE-f0tSqyWxze-v77RQosDSTaoa9EI1wc2MtrewCG2VWXEj9Iw-w0cizxcSbUNJf_Owgy6c1592oVFcY-vbTw&sig=Cg0ArKJSzMPXYFPiY-bfEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=575&vt=11&dtpt=418&dett=3&cstd=154&cisv=r20240306.95117&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame C876 14 KB
1 KB 29ms
28ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Mar 2024 09:19:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Mar 2024 07:46:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Mar 2024 09:19:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame C876 2 KB
834 B 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 15:04:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame C876 23 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame C876 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 13:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 13:04:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame C876 20 KB
8 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 14:46:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Mar 2024 14:46:18 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C876 207 KB
63 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:04:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 10:04:16 GMT

GET
H3 200 18f18197045a700707108b7faa532a76.js Show response
www.gstatic.com/mysidia/ Frame C876 36 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/18f18197045a700707108b7faa532a76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c52cf3e31821ac82e857940e065f9372854d00fe9cbcb855017e2ad66d64542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Fri, 08 Mar 2024 02:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15138
x-xss-protection: 0
last-modified: Fri, 08 Mar 2024 01:00:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 06 Jun 2024 02:21:59 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/15636315755980457957/ Frame D408 67 KB
67 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15636315755980457957/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77440223b7bd7602dec80076d686887923d30f5c22ad3d1f3aea370f69ecefd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 05 Mar 2025 02:31:04 GMT
date: Tue, 05 Mar 2024 02:31:04 GMT
x-content-type-options: nosniff
age: 456491
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68392
x-xss-protection: 0
last-modified: Wed, 21 Feb 2024 08:57:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A2 0
28 B 53ms
53ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BYduqEnvtZfnHGOCqjuwPnKSD-AEAAAAAOAHgBAI&bg=!np2lndLNAAZdgtM0fYI7ADQBe5WfOBSdWOWDdfaxVAICVsZ4v54NR5VTTWXOAG1RxYADq-6k0gdp8N0Ui4u8HcRbXWP4AgAAAJZSAAAABGgBB5kC6YVHjeRFa31lYErrkqjq7TH6WuLc51OlGU1vWPzu84UwWcEryU8CCgIQ99H7GjNqaRADOajUZAabOTGGtysNh2-5QLtBT7baoa0anE5KapzkkPt8qOhClZO-a93pmjVEApeD98TfNGHw7cV2QorMw-fFTmXuE2E8BZjFImFob7F9bc7dWpz9YkFESCx6j0AsS0wrk0yA59wRNLhBi4g6DdtweUoIkDQhtk_WhFJrRFCdiBg_HSb_LjMkCWZn6Q2JpxJu4UHiPgpqqV8nMQl6686qQrgs3P_c_O6IfdJGQ7BaClSXfR0Mfbn1CtcsDINGKqU8zRy9VHtzn1up9rLSYGc5iSviif4ipsNuc4MS3WmoeU4xEbujzeGSdV3m2A2f7g_QIgDdMKfN7jkwTThE63kazAELekViE4RIA2nove0iaMHffQV2nu5SWO1UiSCDutqNyJPUk5gOU8MLIr_Da_rt3zOIejCslkrJteGMfkUKEUrlvE0kPVzU3iQzaV1dY9z8SsQHoP2yXWLGmxcH912OxWhStxaIbk972wIJ9paCYfmoXe1CZ5LoSFh3Am-ACqgfFLK-3Y1SvEbKR8dkt8Bm2BXzWu34OVyzGHnMqLZTcPfWoBlPqi6a0VOlUHc_Vh6ZK97VSfLj0cWK1HplWl1AVOwMo7fDuxmKeaqtQLWRnSV8VbJzAvVPuvL35ZCxG498stATkd_Tajj7GRZTDHbrdoXxcK_jv2NnPNg3jevY-uwH9qlUkY-Dm5nbSA17fua49huU6AF6lyfe5S8OezEdIwV288Gu-HEQ1o005OKmuu4MiRZSKvmJYPg65Y9qnHeGXLfePm4GwMuQZpSvs1TdNQtdz-oConwwBC5Np1lztrsWtIzXYTM3Hp4B0lIk76McjHeCngNHlLayqO9EWLRF4o5Opk_IzJm3F1aPlkoHJ9WdiQiFrV1TfxtV7-EYWmqV2_7ZLRDBcgtYzWSiWcy2XlBWaodHwYw

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 image.jpg
s0.2mdn.net/sadbundle/16098930704049080402/ Frame 9647 38 KB
38 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16098930704049080402/image.jpg

Requested by

Host: www.1stheadlines.com
URL: https://www.1stheadlines.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

027cc169759034afd25c168d5b127bf4984d63d7d399fed244296c4628bd2dd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16098930704049080402/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Tue, 04 Mar 2025 17:35:51 GMT
date: Mon, 04 Mar 2024 17:35:51 GMT
x-content-type-options: nosniff
age: 488604
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38707
x-xss-protection: 0
last-modified: Sat, 16 Dec 2023 11:46:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 540F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed67975e0d79686146dee901d574d20808f9be194a7b6b7a0a9028ffa0f1cfc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/662927549962539115/ Frame C876 20 KB
20 KB 52ms
52ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/662927549962539115/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2c19fdfaee877751f87606bc7b7d8012432e60e379c4e4d5e5626b4b5b76542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20031
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 17:39:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Mar 2025 09:19:15 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 540F 0
0 54ms
53ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGt7vEnvtZeKVJeDPgrAPnOa0yAymvLGrdtyMzM2_EWQQASDzwvUBYJX6moKsB6ABmO7qoQPIAQKpAhfZqZgPWrI-qAMByAPJBKoEigJP0Ib47ggngeloKH269PpsrTSyM3L3C3yJydkbnvmPAmd6u4rzvrQ-Avdv2lW7hNuhUmH4fKIfSUjBkDG6K9FmyCcXU97nZ7SeeDJwbRd_SGF0eavZR-t0ebS0IsOnQoppZFcRTk29fY-c5ipQPrAnGOGv4PrNIDgyhRnJAttpNXPB678FefYKynxdyoH5n8zCIVYt9nY7CWhNiY-aCjHNiKuRLpcnB4l4orFZicR1DoGXG7cvF0rc670Nehe5RYVUbV9EXVNVIGwmwNl9LfAn34xKVSiqCxeUNWjqjgZHptU-LVmIYPX2CBaQeMywnq8JMf676F1gjNCKwgmyYjaoYlxXZqJdWygDJ8AE7ffy-a4EiAWv69a4S5IFBAgEGAGSBQQIBRgEoAYCgAfQkZVeqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQ3e8Q0ggrCJHhgHAQARgfMgfri4Dgv4ANOgmAQICAgICAlChIvf3BOljnrb_ZrumEA5oJOWh0dHA6Ly93d3cuZGV0b21hc28td2F0Y2hlcy5jb20vZDAyLTUwLTkwP3ZvdWNoZXI9c3BlY2lhbIAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi01NTQwNTAyMTg0NDE5NjQ3GACyGAkSArtPGAIiAQA&sigh=ksTxufZPAlY&uach_m=%5BUACH%5D&ase=2&cbvp=2&vis=1&nis=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=1531094781&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354520&bpp=2&bdt=1999&idt=2&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280%2C543x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=1639&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=1&fsb=1&dtd=8
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D408 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f90421ec813e20ba287378c38cbe1aca8adbdac72cbe2597aa2986aca6874381

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js Show response
pagead2.googlesyndication.com/bg/ Frame 160F 51 KB
20 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 453848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20147
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:15:07 GMT

GET
DATA 200
OK truncated
/ Frame C876 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d3d34f6ae71b7727a6b69877929523cbc88b0c46dd849b67aee50653a7596b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D408 15 KB
15 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 05:37:46 GMT
x-content-type-options: nosniff
age: 445289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Mar 2025 05:37:46 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D408 15 KB
16 KB 25ms
25ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:16:13 GMT
x-content-type-options: nosniff
age: 478982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Mar 2025 20:16:13 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D408 15 KB
15 KB 27ms
27ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:54:29 GMT
x-content-type-options: nosniff
age: 476686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Mar 2025 20:54:29 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame C876 33 KB
33 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 04:01:15 GMT
x-content-type-options: nosniff
age: 451080
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Mar 2025 04:01:15 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D408 0
0 52ms
52ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnqQIEnvtZZi0Hvbo18cPoquZqAenw8GqdoT6rN7zEmQQASDzwvUBYJX6moKsB6ABv5-wzSjIAQmpAhfZqZgPWrI-qAMByAPLBKoElAJP0KwuIjXzTUnVaX_A9J2n7f07_EcRWmjgjURj6nLaYnXCEeGmdAcMjtBjWQZjHis6JKeC5bEmeSDIhl9JrTAfzmNzpGPsro3w4pkBrygPd5Uly8W988RJxJF8z8YIFl4mYnnXN6_RCCJ2g_e4Q5UQOye4bIQDeRNyjQT_DVhY6waNeDTuxEl3E4n5QOklfD3-V2H9D4WYL0gTaS5jWtPcJvpwZKl71hjlE-lEIEXMn2VQZwNlMn_1wv5FrRmBGgiNef-eo8PZu_DHjK93vC5A51rQ0wNnuGDbPwzE5b6HkYuvSpNRgdCPHP2BhLkZkRMfOdCaimMY_TJKvWo7_fywmKthx8TmRg0rKnTVE8GXfM674vvABIiZ1tXWBIgFjNCDlU6SBQQIBBgBkgUECAUYBKAGLoAHv9eArQOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAPIHBBD5ywnSCCsIkeGAcBABGB8yB-uLgOC_gA06CYBAgICAgICUKEi9_cE6WL_KuNmu6YQDmgn9AWh0dHBzOi8vZGVyaWxhLmNvbS9hcnRpY2xlcy9wZW9wbGUtc2xlZXAtd2l0aC1wYWluLTM_bD1kZSZjPWV1ciZ2bmRyPWRlcmdnc2ltJnN1YmlkMz0yMDk4MjA2NTE2NCZzdWJpZD0xNjA3MDQwNzI4NDAmc3ViaWQyPTY5MzE5MTQ3Nzk0NSZzdWJpZDQ9JnV0bV9zb3VyY2U9R29vZ2xlJnV0bV9tZWRpdW09Q1BDJnV0bV9jYW1wYWlnbj1HZW5lcmFsJnV0bV90ZXJtPTI0dzA0X0EtQkFEU0xFRVBfY2FydG9vbl8xMCZzdWJpZDM9MjA5ODIwNjUxNjSACgHICwG4E-QD2BMM0BUBmBYBgBcBshccChoIABIUcHViLTU1NDA1MDIxODQ0MTk2NDcYALIYCRICnWMYLiIBAA&sigh=SwJM4KW70ag&uach_m=%5BUACH%5D&ase=2&template_id=484&cbvp=2&vis=1&nis=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=6365271370&adk=2699336268&adf=3937582785&pi=t.ma~as.6365271370&w=336&lmt=1710062354&format=336x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354407&bpp=4&bdt=1886&idt=4&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1600x1200%2C1005x124&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=434&ady=298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=12
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C876 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CqN-1EnvtZd_JIcyigrAPmYiTqAKV8Lebdqa53_6WEr_hHhABIPPC9QFglfqagqwHoAH5q4SFA8gBCakCF9mpmA9asj6oAwHIA8sEqgSKAk_Qm4WGqldwvAcXqQEX7Hv5W0TAyfv_L_dFWRRcnV5AVcf-8WaUQ_EV724BjjEuOJlRFH962k9-TCFO7G_OqcZGRBwC2KbNV6uU-UA9FjzZB2BKgmmETMJfHrpXqGNSukvmMsoN778-D5tKsThswdTamkc-XEOUAOn5XMoU2QDotsyeas0tMEvEnXgiFMOcZRG-dJqmy4o2Os0kN1GC3HYNk7b_OLmPv0IM-Z86_g1emjNyqjUvvjRwawAG_lNWbbfA6drPzDWrK_zcceImCeTjaJaNBl9lzPP93uEjDcLSaacdlbdZvFGVKs3BertwaLN-uyGR0iS4wNVbcgE5hOwbh9PH7kNzOFVHwATTsPWGqwSIBdu88NFIkgUECAQYAZIFBAgFGASgBi6AB-_T-3qoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAPIHBBCZjhDSCCsIkeGAcBABGB8yB-uLgOC_gA06CYBAgICAgICUKEi9_cE6WK7ku9mu6YQDmgmGAWh0dHBzOi8vd3d3Lm1pbm9zYmVhY2guY29tLz91dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWNwYyZtYXRjaHR5cGU9Jm5ldHdvcms9ZCZrZXl3b3JkPSZkZXZpY2U9YyZjaWQ9MTk0OTkwNjQ5MjMmZ3JwaWQ9MTQ4OTk2MTg0MTQ3gAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTU1NDA1MDIxODQ0MTk2NDcYALIYCRICkVQYLiIBAA&sigh=CDhnf64vOdg&uach_m=%5BUACH%5D&ase=2&template_id=5000&cbvp=2&vis=1&nis=5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5E3C 51 KB
20 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 453848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20147
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:15:07 GMT

GET
H3 200 1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js Show response
pagead2.googlesyndication.com/bg/ Frame 29BF 51 KB
20 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1zgHIv7PRgG-iYsx4Mp4gQSytzfgI2cd0hh8WxdX2bs.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5540502184419647&output=html&h=280&slotname=2340350376&adk=4031431845&adf=4134834997&pi=t.ma~as.2340350376&w=543&fwrn=4&fwrnh=100&lmt=1710062354&rafmt=1&format=543x280&url=https%3A%2F%2Fwww.1stheadlines.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710062354458&bpp=12&bdt=1937&idt=12&shv=r20240306&mjsv=m202403040101&ptt=9&saldr=aa&abxe=1&eo_id_str=ID%3Ddc2f4bc5b2367976%3AT%3D1710062353%3ART%3D1710062353%3AS%3DAA-AfjZ1nJZja28nyYLWXp4ex_Gf&prev_fmts=0x0%2C1600x1200%2C1005x124%2C336x280&nras=3&correlator=4651900103008&frm=20&pv=1&ga_vid=1305266685.1710062353&ga_sid=1710062353&ga_hid=1344759737&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=330&ady=933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95325257%2C31081587%2C31081643%2C42531705%2C44795922%2C95326317%2C95322329%2C95324161%2C95325785%2C95326922&oid=2&pvsid=342944619911695&tmod=1166126543&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&fsb=1&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 05 Mar 2024 03:15:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 453848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20147
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Mar 2025 03:15:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 104ms
64ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240306&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7453813ad735d221484596a950cb332d3fff155375f36a3328e8911381e196d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12337
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 09:19:15 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E901 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 79453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Mar 2024 11:15:02 GMT
expires: Sun, 09 Mar 2025 11:15:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 156E 829 B
1 KB 73ms
28ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

642f0f1673741d8d2f6f5faef0ef70de5373dc573de3ed74eb63f8145c145752

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZVFIVARPvEO1-fGfoS0CMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.1stheadlines.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZVFIVARPvEO1-fGfoS0CMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 10 Mar 2024 09:19:15 GMT
expires: Sun, 10 Mar 2024 09:19:15 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0853 42 B
64 B 54ms
53ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugu9kVuA_zYlTgHdwnt-SSSvRuhPJU2Rhq5sMDLMCvTfcGCRerfXfxfEa5fshtRALgg2nggMV-R9qECls3nkLtB4P1xhP6YFdWtVczoIlLL6SU75rjivvH1Tr1sJdA8kHj9JV8Qndqad2hRwEO2XW9Uz4wT-eQuLX3taW790IR&sig=Cg0ArKJSzGX_eq4LUcE7EAE&id=lidar2&mcvt=1003&p=0,0,124,1005&mtos=87,733,1003,1021,1021&tos=87,646,270,18,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=599515400&rst=1710062354223&rpt=399&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js Show response
pagead2.googlesyndication.com/bg/ Frame E901 39 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sat, 09 Mar 2024 15:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64482
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15541
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Mar 2025 15:24:33 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E901 0
10 B 22ms
21ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?j7wZcQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:15 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E3F 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssy5p2Ay3cXETgaSB1zmCq5-nOJqVB_ZKbqaWpoJXRujxSrEvrcWpDGuUVTOtGfQ4ppp5CVclBwfuOtMB0sh6uMAd2Hrp0jnBnD6k1mGkPFl3lzWSTYeXtIGCG-GNrmswbTO5YGfuri&sig=Cg0ArKJSzMhRGiGhwCF3EAE&id=lidar2&mcvt=1013&p=0,0,90,728&mtos=1013,1013,1013,1013,1013&tos=1013,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=2819128252&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=599515400&rst=1710062354315&rpt=587&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 156E 0
0 50ms
50ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240306&jk=342944619911695&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

GET
H3 200 ad_choices_i_UR.png
cdnx.tribalfusion.com/media/common//adChoice/icon/ 513 B
774 B 31ms
31ms Image
image/png 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnx.tribalfusion.com/media/common//adChoice/icon/ad_choices_i_UR.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1afa262e624f1634b15d619047f0addeb94a4f964711ae7d89997559ab75e77f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:16 GMT
cf-cache-status: HIT
age: 917
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400
content-length: 513
x-function: 301
last-modified: Tue, 11 Apr 2023 06:26:26 GMT
server: cloudflare
etag: 1681194386
vary: Accept-Encoding
content-type: image/png; charset=utf-8
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
cf-ray: 862238de484a8ed7-FRA
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H3 200 ad_choices_UR.png
cdnx.tribalfusion.com/media/common//adChoice/icon/ 2 KB
2 KB 29ms
29ms Image
image/png 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnx.tribalfusion.com/media/common//adChoice/icon/ad_choices_UR.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69f04517e8026c40b59c45b86cce990587bd1480ed65a966767c49f3afb9683b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Sun, 10 Mar 2024 09:19:16 GMT
cf-cache-status: HIT
age: 86158
p3p: CP="NOI DEVo TAIa OUR BUS"
alt-svc: h3=":443"; ma=86400
content-length: 1608
x-function: 301
last-modified: Tue, 11 Apr 2023 06:26:26 GMT
server: cloudflare
etag: 1681194386
vary: Accept-Encoding
content-type: image/png; charset=utf-8
access-control-allow-origin: *
cache-control: public
accept-ranges: bytes
cf-ray: 862238de484f8ed7-FRA
expires: Tue, 31 Dec 2030 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C876 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsueHmXPGoDgNRRJgYcvu56Qqv4RppRdsbc3LEVuFcDPczrHJKfOqs5CdbR5oo3QsyXrWM9xkpmDWCrHbSqsZsjGSh-6t6UJh65gcwa1fQ-MLQfaRNTJjjfCIOvqb4olM3dG_Zm02xgs9OhE0c4L93tg5PtNyIrTEpGPp08Q9kvd&sig=Cg0ArKJSzPtC5rTANy6WEAE&id=lidar2&mcvt=1000&p=0,0,280,543&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=0.95&if=1&vu=1&app=0&itpl=22&adk=4031431845&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=599515500&rst=1710062354475&rpt=945&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D408 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssh0aMpvMUUowivPbXo3wSnp0mQc3zuq7AJhBnEUnQMtg1_lf1-jWGGo98r7ZoeGAnkiuNNUUNJjUSYJCt24FBy5fX6QZqX8dTU7R0pj3vwJ3UaJ_QIpYq2gf4oTtwcGXVFnKgsU6zGqIdlVfSx8ce_QzSnTkpde5pqkbbtIq0v&sig=Cg0ArKJSzPRIjlVgmEIZEAE&id=lidar2&mcvt=1002&p=0,0,280,336&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2699336268&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=599515500&rst=1710062354421&rpt=987&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Mar 2024 09:19:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 53ms
53ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240306&jk=342944619911695&bg=!KCulK2TNAAZsmiNCTJo7ADQBe5WfOGQSj5UF_lC_SiZng5D-_M3cv5GIcvloMLhXA1nM2N20jn78_bJ1wYM_BVrfJEu0AgAAAGtSAAAAA2gBBwoAFx0t6r-0hjPwtdJeEkD9L0ZwiFHregoCmQLPI4TOV3jjQodvs_cwahgcUEcv0X2pl0aDtq3RmW5F6B054RzanRAY6GPLQ4YxYpboApGleuwKwYJNOC7phuZKn8KgePcsroCH-5BJkcDojal4ZbUOnr44fmZkQXPEb0_dmCZM3MKodih--dy5uhVrtZejQnCT0i-OIpg3lHdhBh3vwwa6xg1jASQD4p1Cz68r7GxGpCK8w6RufoW2_7qmo4eqKiUY7YwZMHo-8Z4C3wmVTlFC-tFAnQvIL5pTOl9jQio9qr76TLD-SClERFlkQQn3YK5s6qjfZzufzTOUTdJe7tOFVdQytaleUCQWbkshHHw4gwJeWZSbKAzYD_UTovI-FYiAw7oyNzaUmiK5bCaRA6NxVP9ihEEgUqQPEYRjAfcXuHSgUE8fHYTLvgWxgszeirKuTPc-HZcWSeRnJUeFNnPBQbYRqU2DTvbF9KJej0uhG__Dx_k97vmZcyi-dbsNrYvPTVFM8ij65GJfVAjvL-z_y4Wyozut0t5mRzg80RikmR4_MCY1ID6h946voTYfUps-5l_VGCmu1HEbzqrR_yTYfFJD5mUjWpm2YueQGpOPsjc3sLxKYZVt9tCDefbnd4TtbqkeD6DLjc1m1-qx0ozhJDya5FyVFqE3WZ0HnbGH_igQAW5K0mcTVY6ivSJPVY5wItUu-s6tvNeGBHaVzF6GjCqLgajhUEL3ZfjnjoaN5FOOzCAV7kfgA8QOgxZCCZiSIKhPhxr83A9qr21d_uVm-KQigvKnmGceOAMQ9xd5nppD1kHvI630bg-JMd030S9NYah40TUayNU9KzLilYqDMGlVgxrqVi68FT8L62bNpSCqPLmnJsE1mYV81UA4aV_-Tg0fBR9nWIrIZyPl08hU1NqEXPp9Qgk3PZbqlZeoqUNZNAX9eUcpv156KWeapHut30OagPngyLoIJDHCT5g8l_8cT0g9gdg38zE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.1stheadlines.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.1stheadlines.com/	1970-01-20 23:20:14	Name: __eoi Value: ID=dc2f4bc5b2367976:T=1710062353:RT=1710062353:S=AA-AfjZ1nJZja28nyYLWXp4ex_Gf
.casalemedia.com/	1970-01-21 03:46:38	Name: CMID Value: Ze17ErmqPNcAADSCAKIceQAA
.casalemedia.com/	1970-01-20 21:10:38	Name: CMPS Value: 2184
.casalemedia.com/	1970-01-20 21:10:38	Name: CMPRO Value: 2184
.demdex.net/	1970-01-20 23:20:14	Name: demdex Value: 70830693484455037760820180800853952792
.dpm.demdex.net/	1970-01-20 23:20:14	Name: dpm Value: 70830693484455037760820180800853952792
.bluekai.com/	1970-01-20 23:25:59	Name: bku Value: CH999OJffVD1SDGA
.bluekai.com/	1970-01-20 23:25:59	Name: bkpa Value: KJy9qQYHd02pSUHknpx01MAdSVx21EQyBp/tBM/yBM/6meDlBMQTBEAZzZPASU/2ScH6zc1k16Wk1ARk1AjCn7H0SVJCqsjNztkFqi8Mqt6k1AjonZNC5sBGJEBszYDpHs/pJE/t5uDpHYD0Ba2YuN2PPDkW9yeVhi9v
.agkn.com/	1970-01-21 03:46:38	Name: ab Value: 0001%3AW7uppEXqeZyg%2FwJD0xwj9b%2Bt2FNr%2BvZH
.tribalfusion.com/	1970-01-20 21:10:38	Name: ANON_ID Value: aEnTo6RZdySlAIUMnXRx7JOJPHCZcO7tdRPyZaSFnAR7Sxqk5USkNZbqicYu6fV9Zdx3VBvUhDoVaZaTrRn83asqfuNpTsFp08Uf3lQZcHRJcEUgN1Wbpc1wEgPvfeRVkbuuoXlR5O6pMZakZc1TiTVZdXHYDT37QrM8XbXUMIqaBZbImP8HMB6JXnuWZdOt2M9ZaRxCCvs0ZbDmNNoHBphetIDk3y2myTiE2eT1aEvqt6eVfs

64 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 830) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/displayAd.js?dver=0.9&th=7732572918, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 830) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/displayAd.js?dver=0.9&th=7732572918, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 1708) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 1708) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=728x90,468x60&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=1&adContainerId=richmedia_2&rnd=2271169(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 34) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 34) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v99.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 104) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.1stheadlines.com/(Line 94) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/(Line 122) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/(Line 122) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/(Line 122) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 1708) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.expo9.exponential.com/tags/1stHeadlinescom/News/tags.js(Line 1708) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s.tribalfusion.com/j.ad?flashVer=0&ver=1.29&th=7732572918&tagKey=902877430&site=1stheadlinescom&adSpace=news&center=1&noAd=1&size=160x600,120x600&env=display&url=https%3A%2F%2Fwww.1stheadlines.com%2F&f=0&p=2277449&tKey=almneMTbr12UAsVabqVqvi3d3NUjte2t&a=3&adContainerId=richmedia_4&rnd=2272693, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=8731&uid=18072662062485768859&redir=https%3A//a.tribalfusion.com/i.match%3Fp%3Db19%26u%3D$SPOTX_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.1stheadlines.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1stheadlines.com
a.tribalfusion.com
a4.tribalfusion.com
aa.agkn.com
ad.doubleclick.net
beacon.krxd.net
cdnx.tribalfusion.com
cm.g.doubleclick.net
code.createjs.com
code.jquery.com
dpm.demdex.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
public-prod-dspcookiematching.dmxleo.com
s.tribalfusion.com
s0.2mdn.net
sync.search.spotxchange.com
tags.bluekai.com
tags.expo9.exponential.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
us-u.openx.net
www.1stheadlines.com
www.google.com
www.googletagservices.com
www.gstatic.com
sync.search.spotxchange.com
104.18.13.14
104.18.36.155
142.250.184.198
142.250.185.226
185.64.190.78
188.65.124.66
2.18.237.8
2606:4700:3030::6815:199b
2606:4700::6812:18ad
2606:4700::6812:ddb
2a00:1450:4001:803::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:827::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a02:26f0:280:3::213:7897
2a04:4e42::649
3.75.62.37
34.252.29.182
35.244.159.8
52.28.234.74
54.170.54.208
69.173.144.139
027cc169759034afd25c168d5b127bf4984d63d7d399fed244296c4628bd2dd3
04ac525904a5f556c12f23130be1b68f60f474af169fb55c082f7115507cfdb6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0eb555ab4348766bc8ecde7a548433d91fb3b68dbe09d5fad080b4fff7755c9f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16e63fc15a59a872197b52579e159f1be73135b4691ff7e8ca08aacaab3a77b4
1afa262e624f1634b15d619047f0addeb94a4f964711ae7d89997559ab75e77f
1f6cdcd60186e1c3797aa870ac1ca5bcc4c33367bd80bbb907b26ed96e1ff3d7
2517e0422b9fbc572e976de7ee7b224c02d73aed56dc98343a0ceef58b79e390
29f7b218f577be0ef5553bc7b01bda1b53dcb9c2282c092b2f5e47687cd4783f
2c096710e969428c10c9bf10f404878490570406db19f8883b22ec708c2e3ce4
2cdadf89c5d5e2635ebf7e7ae706d568e6240f5da72eaae8c144a70de2174dfb
2fd4c0492670a96c492f73f0e0ad3d000e2b71e3ce885e30b16d149ee1c0e9c2
301f0d42a08dd7dc6962a20be45c9c8df12fcc039a52cf0ed53d2b962029b3bb
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a
3516487be209784b4ca1d01e27525791fa6df4b7a5456f87e7282a41437cdb24
39f75aada56d7c3854113713ce779c00536ea6167e864c2e65354529403644d3
3a9b07cc0b6fe0e68a05f3c62eebb6488ec6a4b544899947f7df64dcb2d3496e
3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
3e7af5a6ce9821f14bed29e4e343b84571a38955f070347b4aa87a6a14c52bd2
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
49c20e181f3164beca880498d02a727673ac7803ee836bdb4d7188c0d390c14e
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed67975e0d79686146dee901d574d20808f9be194a7b6b7a0a9028ffa0f1cfc
535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
594cb3bcb02eae021dd38c4624fa2ce18c8f23b27effd2da2568ad825b8753c9
5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8
5f914726fad2fab8fa8d46cf0c95ad2bc4c851888ccc924b65fa015f6fd1feb7
601e36c0c8bd564d7ba6f71ba382ec0de9794d979bcad460e0e0332826b0669f
61a02deb93a0f1ad17d1aeca1bae1e1f0e3464c4fdb73de238362fb94017e9f6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6212b23bdecf55f20bd523e9ae7514c4a4c6a8d9a0b6132ff52910cfc7b3531f
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
642f0f1673741d8d2f6f5faef0ef70de5373dc573de3ed74eb63f8145c145752
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6700a61b5bd8006d07ddcdf84df499411e0ca045c8e124af25f72b8c4e82dab3
69f04517e8026c40b59c45b86cce990587bd1480ed65a966767c49f3afb9683b
6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a
6c63e443e265df1298e4b73524d50add2866c3ece849a198a64dcd509fb28c0b
6d3d34f6ae71b7727a6b69877929523cbc88b0c46dd849b67aee50653a7596b1
7453813ad735d221484596a950cb332d3fff155375f36a3328e8911381e196d8
77440223b7bd7602dec80076d686887923d30f5c22ad3d1f3aea370f69ecefd0
7c52cf3e31821ac82e857940e065f9372854d00fe9cbcb855017e2ad66d64542
7e395c031ca38e564379b61e44e7f0f3205abc49e977868540cf565b4ff3858f
8199d6cbc993261da7bf5f51613747606103242d7f33d0fb1ce3014042e5268e
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460
8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
9915d586e7ec7b286dff39eab6a047c6bc0d4a148f367b225e90a8930d899cc6
992ffb31254bff53fe50fbeff43835a4a048b9ab3465c61897d026d6f5584ff6
9ae03e6067f63277cc235f5984712bd667162288e1d8e4590a2262d70a6af781
9b82e2dd387e5aa77c4b69c226a09c74aab31524d4696453011abf429a1ecde4
a2c19fdfaee877751f87606bc7b7d8012432e60e379c4e4d5e5626b4b5b76542
a458e4650fbf53d0b57461de9737fe04b46d59f76002bb3860c989b5b40d05a9
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
aa5804b567c65d5cd125d81cf560ae6e3c46cae22704a58794ba57e220309678
ab560133c66882c13dd9f75f15922fc34435e00922142cdac7776bd9a5677fa8
ab621d4ae4cd739325a385caba34f1afbf8d539ae6af31e51220a2a5e3d195a9
ac14eae85e2c7c7efb1555bcd1daf261764d825b143cec1a0aaad22301e6475e
b1e548be458b0f89f31b64536a1d40501029c4eec7aa32f302c764698b7f4dfe
bdb7d822d6afd1c8354749a111f68d56ce5e5db03b8a3028698acfc78358e06d
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bfd00e19e3f0d7b8e3baf72f9992c9eb2d6d0d3fa5e0c046b01922c8dff94451
ca2aec1f9b7b58fb43daec94a9b64f76fa306e8ca886538bdc59823507dd5f65
ca3c6f01ebeebaba47764a825f7dcec712d17574e86b610b31abef0def8fe012
d564f33ee9c38939288c5318ce113781b149a1d34b92f9280c3c89cc7e3f5cbe
d7380722fecf4601be898b31e0ca788104b2b737e023671dd2187c5b1757d9bb
d9ebddedcebd351bb4e992c15921ef1378358eb1e02a8bae03d249506f2cd11a
df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0
e129324125b22c958dbbfd5d0678567e88f4a0d27ba68f73d81506c04ea3f616
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e59cb2bbf582601c8e5cbefad362c256f551b37d9043cb3b7a2fd0484740e4ff
e9aeed0ded1075b9cc37ab024128a50f470153ec6e5467dcd2b95187b002fed0
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1cf5229517629f5ab19291cfb8fe801a1fa6f502d5352fec2bf9aea7de5b739
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6075669312249475354c8585f29ca820a6d35ba8a9c6e088308218b90e75b5e
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f7e35cef352b6346cefad0d2c335576adbd238db1ef2190910d2877f97decb78
f809360dc662740ba79af7172d8ffc4bf19442fef387afdb07b2f170bf90441d
f90421ec813e20ba287378c38cbe1aca8adbdac72cbe2597aa2986aca6874381

www.1stheadlines.com Open in urlscan Pro 2606:4700:3030::6815:199b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

94 %HTTPS

52 %IPv6

23 Domains

31 Subdomains

24 IPs

6 Countries

1872 kBTransfer

5043 kBSize

10 Cookies

69 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.1stheadlines.com Open in urlscan Pro
2606:4700:3030::6815:199b Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

94 %
HTTPS

52 %
IPv6

23
Domains

31
Subdomains

24
IPs

6
Countries

1872 kB
Transfer

5043 kB
Size

10
Cookies

144 HTTP transactions
4 data transactions