www.aucklandmuseum.com Open in urlscan Pro
20.43.132.132 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.aucklandmuseum.com/
Effective URL:
https://www.aucklandmuseum.com/
Submission: On November 16 via api (November 16th 2023, 6:34:03 am UTC) from US — Scanned from SG

Summary HTTP 162 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 19 domains to perform 162 HTTP transactions. The main IP is 20.43.132.132, located in Singapore, Singapore and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.aucklandmuseum.com.
TLS certificate: Issued by Thawte TLS RSA CA G1 on May 5th 2023. Valid for: a year.

This is the only time www.aucklandmuseum.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
53 135	20.43.132.132 20.43.132.132	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	13.224.250.96 13.224.250.96	16509 (AMAZON-02) (AMAZON-02)
4	142.251.10.97 142.251.10.97	15169 (GOOGLE) (GOOGLE)
2	13.107.246.59 13.107.246.59	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
18	13.227.254.59 13.227.254.59	16509 (AMAZON-02) (AMAZON-02)
2	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
3	151.101.1.26 151.101.1.26	54113 (FASTLY) (FASTLY)
2	52.239.197.68 52.239.197.68	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	45.60.125.73 45.60.125.73	19551 (INCAPSULA) (INCAPSULA)
3	157.240.7.26 157.240.7.26	32934 (FACEBOOK) (FACEBOOK)
2	13.224.250.18 13.224.250.18	16509 (AMAZON-02) (AMAZON-02)
1 3	74.125.24.154 74.125.24.154	15169 (GOOGLE) (GOOGLE)
2	64.233.170.155 64.233.170.155	15169 (GOOGLE) (GOOGLE)
3	103.229.10.171 103.229.10.171	16509 (AMAZON-02) (AMAZON-02)
7	96.17.96.24 96.17.96.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	20.24.4.131 20.24.4.131	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.192.150.84 54.192.150.84	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.10.99 142.251.10.99	15169 (GOOGLE) (GOOGLE)
2	142.251.175.94 142.251.175.94	15169 (GOOGLE) (GOOGLE)
1	54.192.150.50 54.192.150.50	16509 (AMAZON-02) (AMAZON-02)
1	54.72.40.201 54.72.40.201	16509 (AMAZON-02) (AMAZON-02)
1	157.240.13.35 157.240.13.35	32934 (FACEBOOK) (FACEBOOK)
1	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
162	24

135 20.43.132.132 (Singapore, Singapore) 53 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.aucklandmuseum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.250.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-96.sin52.r.cloudfront.net

cdn.scaleflex.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.10.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.246.59 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

js.monitor.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 13.227.254.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-254-59.sin52.r.cloudfront.net

ajrctguoxo.cloudimg.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.26 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.239.197.68 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

akmprod.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.125.73 (United States)

ASN19551 (INCAPSULA, US)

myaccount.aucklandmuseum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.7.26 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-sin6.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.250.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-18.sin52.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.24.154 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f154.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.170.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.229.10.171 (Singapore)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 96.17.96.24 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a96-17-96-24.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.24.4.131 (Singapore, Singapore)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

southeastasia-1.in.applicationinsights.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.150.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-150-84.sin2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.10.99 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sd-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.175.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f94.1e100.net

www.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.150.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-150-50.sin2.r.cloudfront.net

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.40.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-40-201.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.13.35 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-sin6.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
137	aucklandmuseum.com 53 redirects www.aucklandmuseum.com myaccount.aucklandmuseum.com	6 MB
18	cloudimg.io ajrctguoxo.cloudimg.io	558 KB
7	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 742	148 KB
6	azure.com js.monitor.azure.com — Cisco Umbrella Rank: 1535 southeastasia-1.in.applicationinsights.azure.com — Cisco Umbrella Rank: 323968	113 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	368 KB
4	scaleflex.it cdn.scaleflex.it — Cisco Umbrella Rank: 173565	31 KB
3	google.com analytics.google.com — Cisco Umbrella Rank: 157 Failed www.google.com — Cisco Umbrella Rank: 2 Failed	1 KB
3	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1245 pixel.quantserve.com — Cisco Umbrella Rank: 964	18 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net Failed	4 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 727 script.hotjar.com — Cisco Umbrella Rank: 901 Failed	67 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	144 KB
3	polyfill.io polyfill.io — Cisco Umbrella Rank: 1329	996 B
2	google.com.sg www.google.com.sg — Cisco Umbrella Rank: 13407 Failed	565 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145	4 KB
2	windows.net akmprod.blob.core.windows.net	4 MB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	59 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	186 B
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6398	162 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1212 Failed	2 KB
162	19

	Domain	Requested by
135	www.aucklandmuseum.com	53 redirects www.aucklandmuseum.com ajrctguoxo.cloudimg.io js.monitor.azure.com
18	ajrctguoxo.cloudimg.io	www.aucklandmuseum.com
7	analytics.tiktok.com	www.aucklandmuseum.com analytics.tiktok.com
4	southeastasia-1.in.applicationinsights.azure.com	js.monitor.azure.com
4	www.googletagmanager.com	www.aucklandmuseum.com www.googletagmanager.com
4	cdn.scaleflex.it	www.aucklandmuseum.com
3	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
3	polyfill.io	www.aucklandmuseum.com
2	www.google.com	www.aucklandmuseum.com
2	www.google.com.sg	www.aucklandmuseum.com
2	secure.quantserve.com	www.aucklandmuseum.com
2	www.googleadservices.com	www.googletagmanager.com
2	static.hotjar.com	www.googletagmanager.com
2	myaccount.aucklandmuseum.com	www.aucklandmuseum.com
2	akmprod.blob.core.windows.net	www.aucklandmuseum.com
2	code.jquery.com	www.aucklandmuseum.com
2	js.monitor.azure.com	www.aucklandmuseum.com
1	pixel.quantserve.com	www.aucklandmuseum.com
1	www.facebook.com	www.aucklandmuseum.com
1	content.hotjar.io	js.monitor.azure.com
1	rules.quantcount.com	secure.quantserve.com
1	script.hotjar.com	static.hotjar.com
1	analytics.google.com	www.googletagmanager.com
0	stats.g.doubleclick.net Failed	www.googletagmanager.com
162	25

This site contains links to these domains. Also see Links.

Domain
store.aucklandmuseum.com
learn.aucklandmuseum.com
form.jotform.co
myaccount.aucklandmuseum.com
www.google.com
www.museumsofauckland.com
www.aucklandcouncil.govt.nz
www.facebook.com
twitter.com
instagram.com
pinterest.com
www.youtube.com
www.tripadvisor.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.aucklandmuseum.com Thawte TLS RSA CA G1	`2023-05-05` - `2024-06-03`	a year	crt.sh
*.scaleflex.it Amazon RSA 2048 M02	`2023-02-23` - `2024-01-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
js.monitor.azure.com Microsoft Azure RSA TLS Issuing CA 07	`2023-09-20` - `2024-09-14`	a year	crt.sh
*.cloudimg.io GeoTrust TLS RSA CA G1	`2023-05-26` - `2024-06-01`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
polyfill.io Certainly Intermediate R1	`2023-11-12` - `2023-12-12`	a month	crt.sh
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 05	`2023-10-25` - `2024-06-27`	8 months	crt.sh
secure-apse2-1.tessituranetwork.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-13` - `2024-09-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-25` - `2023-11-23`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
prod.ai.ingestion.msftcloudes.com Microsoft Azure RSA TLS Issuing CA 03	`2023-09-04` - `2024-08-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google.com.sg GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.aucklandmuseum.com/
Frame ID: 51B9BA8797F20771B963A64918279B70
Requests: 160 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home - Auckland War Memorial Museum

Page URL History Show full URLs

http://www.aucklandmuseum.com/ HTTP 301
https://www.aucklandmuseum.com/ Page URL
https://www.aucklandmuseum.com/ Page URL

Detected technologies

Kentico CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

/CMSPages/GetResource\.ashx

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

162
Requests

80 %
HTTPS

0 %
IPv6

19
Domains

25
Subdomains

24
IPs

3
Countries

11249 kB
Transfer

14689 kB
Size

27
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://store.aucklandmuseum.com/?utm_source=AM&utm_medium=home&utm_campaign=header
Title: Store

Search URL Search Domain Scan URL

URL: https://learn.aucklandmuseum.com/programme-search
Title: School Programmes

Search URL Search Domain Scan URL

URL: https://learn.aucklandmuseum.com/akoranga-reo-maori-programme-search
Title: Akoranga i roto i te Reo Māori

Search URL Search Domain Scan URL

URL: https://learn.aucklandmuseum.com/resources
Title: School Resources

Search URL Search Domain Scan URL

URL: https://form.jotform.co/83161312567858
Title: Booking Enquiry

Search URL Search Domain Scan URL

URL: https://learn.aucklandmuseum.com/essential-documents
Title: Plan a Class Visit

Search URL Search Domain Scan URL

URL: https://learn.aucklandmuseum.com/
Title: AM Learn

Search URL Search Domain Scan URL

URL: https://myaccount.aucklandmuseum.com/account/create/brief?returnurl=https://www.aucklandmuseum.com/thanks
Title: Sign up

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/place/Auckland+War+Memorial+Museum/@-36.8603795,174.7756335,17z/data=!3m1!4b1!4m5!3m4!1s0x6d0d480b4bfd8503:0xb879d9072a5a83c0!8m2!3d-36.8603838!4d174.7778222
Title: The Auckland Domain Parnell, Auckland New Zealand

Search URL Search Domain Scan URL

URL: https://myaccount.aucklandmuseum.com/account/login?returnurl=/account/update
Title: Login to your account

Search URL Search Domain Scan URL

URL: https://www.museumsofauckland.com/
Title: Visit Auckland´s most loved cultural attractions, events, and galleries that explore our diverse history

Search URL Search Domain Scan URL

URL: https://www.aucklandcouncil.govt.nz/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AucklandMuseum

Search URL Search Domain Scan URL

URL: https://twitter.com/aucklandmuseum/

Search URL Search Domain Scan URL

URL: http://instagram.com/aucklandmuseum/

Search URL Search Domain Scan URL

URL: http://pinterest.com/aucklandmuseum/

Search URL Search Domain Scan URL

URL: http://www.youtube.com/aucklandmuseum

Search URL Search Domain Scan URL

URL: http://www.tripadvisor.com/Attraction_Review-g255106-d257273-Reviews-Auckland_Museum-Auckland_Central_North_Island.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/79976

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.aucklandmuseum.com/ HTTP 301
https://www.aucklandmuseum.com/ Page URL
https://www.aucklandmuseum.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.aucklandmuseum.com/ HTTP 301
https://www.aucklandmuseum.com/

Request Chain 16

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

Request Chain 17

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

Request Chain 18

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

Request Chain 19

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

Request Chain 20

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

Request Chain 21

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

Request Chain 22

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

Request Chain 23

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

Request Chain 45

https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/Museums-of-Auckland-Logo_1.png?lang=en-NZ&width=300&height=143&ext=.png HTTP 301
https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/museums-of-auckland-logo_1.png?lang=en-NZ&width=300&height=143&ext=.png

Request Chain 47

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterLinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf HTTP 301
https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

Request Chain 48

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterIcons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a HTTP 301
https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

Request Chain 71

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961485226/?random=1057506416&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=zbdVZbeBN9iQmsMP7um_6As&sscte=1&crd=&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRFzVljETo7jOQQbA73GQ0R8FHSKqabmFPTg&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRlE3Zk1aWUdwdUVucldZQXRzZk1LQl8yQkczX3paWUJSSjdKczJ2dFRZUU1DNEZ6aFJCU1lBIhMI95uGn_PHggMVWIhmAh3u9A-9 HTTP 302
https://www.google.com/pagead/1p-conversion/961485226/?random=1057506416&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRlE3Zk1aWUdwdUVucldZQXRzZk1LQl8yQkczX3paWUJSSjdKczJ2dFRZUU1DNEZ6aFJCU1lBIhMI95uGn_PHggMVWIhmAh3u9A-9&is_vtc=1&ocp_id=zbdVZbeBN9iQmsMP7um_6As&cid=CAQSKQDICaaNApPKTCH8Q4DlwpB8AmhPSsklVrlQr6A07pMCwovpB1afkKji&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF_vbNsbzzATZ1ryJNA6Zhgt6tQNC25Flbw&random=3716443371

Request Chain 92

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

Request Chain 93

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

Request Chain 94

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

Request Chain 95

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

Request Chain 96

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

Request Chain 97

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

Request Chain 98

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

Request Chain 99

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg HTTP 301
https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

Request Chain 118

https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/Museums-of-Auckland-Logo_1.png?lang=en-NZ&width=300&height=143&ext=.png HTTP 301
https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/museums-of-auckland-logo_1.png?lang=en-NZ&width=300&height=143&ext=.png HTTP 301
https://www.aucklandmuseum.com/AucklandMuseum/files/af/af12f9ff-59e7-4953-96df-42d9344fdad3.png

Request Chain 120

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterLinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf HTTP 301
https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

Request Chain 121

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterIcons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a HTTP 301
https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

Request Chain 148

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=07dVZZWkKvrJmsMPuvujsA4&sscte=1&crd=&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF56Nt4haFlu0ZJtL4MPk7PG0a-QKkzVzrg&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRmRfektYc0hTanRVbVl0bEhUci1hUFk4emFPT0tGZF9DUE1wWkJGeWZoUEowb29yOTRhSmtnIhMI1dnnofPHggMV-qRmAh26_Qjm HTTP 302
https://www.google.com/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRmRfektYc0hTanRVbVl0bEhUci1hUFk4emFPT0tGZF9DUE1wWkJGeWZoUEowb29yOTRhSmtnIhMI1dnnofPHggMV-qRmAh26_Qjm&is_vtc=1&ocp_id=07dVZZWkKvrJmsMPuvujsA4&cid=CAQSKQDICaaN4zWp5hjL-0E6U9g6gZ__doaLmpxEDYp8EQCRJTL6q-q6ZI3i&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF03D8CqWBbz7R-C3fjtPUo6K7D_ewSgY6g&random=2441989361 HTTP 302
https://www.google.com.sg/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRmRfektYc0hTanRVbVl0bEhUci1hUFk4emFPT0tGZF9DUE1wWkJGeWZoUEowb29yOTRhSmtnIhMI1dnnofPHggMV-qRmAh26_Qjm&is_vtc=1&ocp_id=07dVZZWkKvrJmsMPuvujsA4&cid=CAQSKQDICaaN4zWp5hjL-0E6U9g6gZ__doaLmpxEDYp8EQCRJTL6q-q6ZI3i&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF03D8CqWBbz7R-C3fjtPUo6K7D_ewSgY6g&random=2441989361&ipr=y

162 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
www.aucklandmuseum.com/
Redirect Chain

http://www.aucklandmuseum.com/
https://www.aucklandmuseum.com/

88 KB
19 KB

709ms
331ms

Document
text/html

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0123bd7958bfdb03bd1837709a8c48bcf4c96606a6653acdd92c99f06d9ffbdc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, no-store, must-revalidate
Content-Encoding: deflate
Content-Length: 16878
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Nov 2023 06:33:42 GMT
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge IE=Edge
X-XSS-Protection: 1; mode=block

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Content-Length: 154
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Nov 2023 06:33:42 GMT
Location: https://www.aucklandmuseum.com/
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.css
www.aucklandmuseum.com/client/css/modular/ 155 KB
39 KB 187ms
126ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/modular/main.css

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3eb85bd8ec9e2a7bb4dcb724db025f2f43ba2df3028fb458e1ad6d5d6c9da0fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 37022
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.carousel.min.css
www.aucklandmuseum.com/client/css/modular/ 3 KB
4 KB 433ms
200ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/modular/owl.carousel.min.css

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

86f7986267e1c6750cf52c26b40c104df3f01087e80d1390380fd25ea03e7e8e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 1168
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GetCSS.aspx
www.aucklandmuseum.com/CMSPages/ 491 B
3 KB 437ms
136ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/CMSPages/GetCSS.aspx?_webparts=1334

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c4157ee31d70c084decc800eef3363e9d28f494e470d9c486d39d34430a394f6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: attachment; filename="Footer.css"
Content-Length: 363
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 24 Jan 2018 02:30:29 GMT
Server: Microsoft-IIS/10.0
ETag: "webpart|Footer"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:44 GMT

GET
H/1.1 200
OK WebResource.axd Show response
www.aucklandmuseum.com/ 23 KB
8 KB 441ms
111ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZMgPr6v3kY2AZ4Hp3HObKqvUyLSMp-5yJgD4rQov37ub8Rw0mQ2&t=637815128020000000

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 6007
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Sat, 26 Feb 2022 09:53:22 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:26:34 GMT

GET
H2 200 lazysizes.min.js Show response
cdn.scaleflex.it/filerobot/js-cloudimage-responsive/ 7 KB
4 KB 926ms
164ms Script
text/javascript 13.224.250.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scaleflex.it/filerobot/js-cloudimage-responsive/lazysizes.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.250.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-250-96.sin52.r.cloudfront.net
Software: Scaleflex HTTP Loadbalancer /
Resource Hash: 260beff2f010ff66019561a62dcaa2fc03ce83ded463bf06f588f7b432d04688

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:11:09 GMT
content-encoding: gzip
via: 1.1 0cd88f29d8c6e29a267867c45efda9a8.cloudfront.net (CloudFront)
x-elastic-th: 0.420
x-amz-cf-pop: SIN52-C2
age: 728555
x-cache: Hit from cloudfront
content-length: 3181
x-airstore-traceid: AsIyyFMUUSVafeO
x-filerobot-visibility: VISIBILITY_PUBLIC
server: Scaleflex HTTP Loadbalancer
etag: "842d27d3c93ed60a904d1a9b7d3ac279e1fac10a"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH
content-type: text/javascript
x-global-time: 418ms
access-control-allow-origin: *
cache-control: max-age=2597000, public
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: X-Airstore-Secret-Key, X-Airstore-Key, X-Filerobot-Key, X-Auth-Token, X-Token, X-Company-Token, X-Project-Token, X-Locale, X-Lang, X-Version, X-Session-Token, X-CSRF-Token, Cache-Control, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Origin
x-geo: sg068
x-amz-cf-id: jdEOQyWNILXGTAHyxvUx6felCACHc-STRMdTKeZTgwxrgnT5V9nHtg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
90 KB 828ms
168ms Script
application/javascript 142.251.10.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

30f01cb0378900d0903570f13a4501850d824ac60df11ee48bace5d71b02ffb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91950
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Nov 2023 06:33:47 GMT

GET
H2 200 ai.2.min.js Show response
js.monitor.azure.com/scripts/b/ 120 KB
56 KB 837ms
142ms Script
text/javascript 13.107.246.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.246.59 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707

Request headers

Referer: https://www.aucklandmuseum.com/
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:47 GMT
content-encoding: br
last-modified: Wed, 20 Sep 2023 16:12:29 GMT
x-ms-meta-aijssdkver: 2.8.16
vary: Accept-Encoding
x-azure-ref: 20231116T063347Z-30bmcfe3452mve5dyhb013dn8c00000002m000000001wkgz
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 3e8720f6-701e-0069-0dbf-12a9ba000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-cache: TCP_HIT
x-ms-version: 2009-09-19
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.8.16.min.js

GET
H2 200 js-cloudimage-responsive.min.js Show response
cdn.scaleflex.it/plugins/js-cloudimage-responsive/4.7.0/plain/ 35 KB
11 KB 840ms
130ms Script
text/plain 13.224.250.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scaleflex.it/plugins/js-cloudimage-responsive/4.7.0/plain/js-cloudimage-responsive.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.250.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-250-96.sin52.r.cloudfront.net
Software: Scaleflex HTTP Loadbalancer /
Resource Hash: 04204ad9942a135111c63df119539fba6da4eb388566806a6643bf98f3605265

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 18:33:32 GMT
content-encoding: gzip
via: 1.1 0cd88f29d8c6e29a267867c45efda9a8.cloudfront.net (CloudFront)
x-elastic-th: 1.190
x-amz-cf-pop: SIN52-C2
age: 734412
x-cache: Hit from cloudfront
content-length: 10866
x-airstore-traceid: AsIy4xMClv0d6eO
x-filerobot-visibility: VISIBILITY_PUBLIC
server: Scaleflex HTTP Loadbalancer
etag: "714d802cd8efc916c346e35408eff31c083b2615"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH
content-type: text/plain
x-global-time: 1032ms
access-control-allow-origin: *
cache-control: max-age=2597000, public
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: X-Airstore-Secret-Key, X-Airstore-Key, X-Filerobot-Key, X-Auth-Token, X-Token, X-Company-Token, X-Project-Token, X-Locale, X-Lang, X-Version, X-Session-Token, X-CSRF-Token, Cache-Control, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Origin
x-geo: sg072
x-amz-cf-id: Gwre12esYMNfWvyKkJ0CiDJAYeXEx40NiaO1MJ-OKsQvcGjgF7GSkw==

GET
H/1.1 200
OK ScriptResource.axd Show response
www.aucklandmuseum.com/ 87 KB
37 KB 404ms
118ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/ScriptResource.axd?d=qph9tUZ6hGPLbkznkRkqTZoeKP4zvyrv7Hnt-DQTh-UaGLj3myTWwI16KdpIqeGCu3jveyJJpWZKFUZT_UL_3gt001M3HL1KlXwXG2D85xpk_atG0&t=7c776dc1

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9f9425c961900c8d8b3b30085c3969eef0c845a11c5be9fad704d160c64a12f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 35037
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 16 Nov 2023 06:26:12 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:26:12 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
www.aucklandmuseum.com/ 36 KB
15 KB 420ms
120ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/ScriptResource.axd?d=TvpD2YGOOsCm1yWcLkKnBRGobAjOaeoRoQuRJa6umjyuPM-QH94hi5sMzHDo_ie6T8BmHKtg88PZ2SrTlKqJ9Wx_KEBYptgaubTcXZ5ueKFWfTk20&t=7c776dc1

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e44c3b782978c44af9885b97302632e45ff19d01ecb745e91d21cf597c22cb29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 12643
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 16 Nov 2023 06:17:05 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:17:05 GMT

GET
H/1.1 200
OK am-logo.svg
www.aucklandmuseum.com/Client/IMG/Modular/ 755 B
3 KB 163ms
162ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/am-logo.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

19b388e733f0af2b17dd1bd41d2c776079e40aaf5efad3a2c0b62efd78d4a1e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 755
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK search-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 473 B
3 KB 114ms
114ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/search-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6e6da0ef0d5cb4c7b0a9e7ba7bb244bb4ba806f5ed07f5477fb1ce34a4c0bbbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 473
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK close-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 226 B
3 KB 155ms
155ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/close-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

41b156770ac5e9b69e41b6e2f23f9ad6e4399daa59e48dea29cbbb5338a7ae00

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 226
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK menu-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 149 B
3 KB 946ms
945ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/menu-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d512b06ff52a3f7939d980239249dfdcab98d40fae2ec0068798a3701aac1b4e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 149
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK close-black.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 214 B
3 KB 110ms
109ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/close-black.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4acf565b75f5edc8987503d6714415019db979f7090966c4ebdb5be1ae68bfa4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 214
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
www.aucklandmuseum.com/aucklandmuseum/files/b9/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

152 KB
154 KB

122ms
121ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

da7163e13346ce0db20878e03e63dbd212251bc7e0fc9c571185c2b0eb91e415

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 155617
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:48 GMT
Server: Microsoft-IIS/10.0
ETag: "276aca32718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
www.aucklandmuseum.com/aucklandmuseum/files/28/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

157 KB
160 KB

119ms
119ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9fafeecba5d4b636f608e91e703f087e959d4cdeca5683c39ccf4efaadc20252

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 161097
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:48 GMT
Server: Microsoft-IIS/10.0
ETag: "7e68aea32718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
www.aucklandmuseum.com/aucklandmuseum/files/02/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

135 KB
137 KB

144ms
144ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3509434a5a7975c5aecc80abd698652653d10c3339651168b6956ca5b5c6419d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 138255
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "598355a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
www.aucklandmuseum.com/aucklandmuseum/files/2a/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

147 KB
149 KB

159ms
159ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6f8da90b266ca94343756cd15b53adf0f0e949cdfe6783fb1d557036fdf78c65

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 150208
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "2c475aa42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

4c6c978d-5468-4491-945f-465af0f50b05.jpg
www.aucklandmuseum.com/aucklandmuseum/files/4c/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

147 KB
150 KB

158ms
157ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

419764b8d4d4db2bbf7486b81935cd73efc7577f8d493d05231eb6be3bd6eeab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 150870
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "fab5fa42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
www.aucklandmuseum.com/aucklandmuseum/files/5c/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

105 KB
107 KB

149ms
148ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e7b42b40c560e8375c4b06de3b13dc90ddc242e473dc3bee4547f53a2496b2a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 107435
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "5d6e61a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
www.aucklandmuseum.com/aucklandmuseum/files/68/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

118 KB
120 KB

132ms
132ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ded489f53d970c69d9477248e535cff56391b58605fe6ae26744b17e04dcdc62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 120791
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:50:40 GMT
Server: Microsoft-IIS/10.0
ETag: "dd4d9ceb2618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
www.aucklandmuseum.com/aucklandmuseum/files/67/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

139 KB
141 KB

246ms
241ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:48 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 142070
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "a89568a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1 200
OK Membership-800-x-533.png
www.aucklandmuseum.com/getmedia/bd324e06-ed40-4d93-9c2b-48db6fc21b32/ 758 KB
760 KB 176ms
175ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/bd324e06-ed40-4d93-9c2b-48db6fc21b32/Membership-800-x-533.png?width=800&height=533&ext=.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e5446321873e63ecf7c6605dcc5a587801058373aced45cd36072e6c7e4b399b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="Membership-800-x-533.png"
Content-Length: 775804
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Fri, 15 Sep 2023 01:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "9/15/2023 1:21:30 AM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:47 GMT

GET
H/1.1 200
OK Vasiti-and-Kahu-800-x-533.png
www.aucklandmuseum.com/getmedia/ca70a35a-6666-4d18-91e5-5cf7a5ec6ee9/ 622 KB
625 KB 141ms
140ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/ca70a35a-6666-4d18-91e5-5cf7a5ec6ee9/Vasiti-and-Kahu-800-x-533.png?width=800&height=533&ext=.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

84afea5bd5b3e044801e45b3eb70924ac533be34ead261965ae26dfd0ae61940

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="Vasiti-and-Kahu-800-x-533.png"
Content-Length: 637088
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 14 Sep 2023 03:36:57 GMT
Server: Microsoft-IIS/10.0
ETag: "9/14/2023 3:36:57 AM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:47 GMT

GET
H2 200 GetCSS.aspx
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 29 KB
4 KB 527ms
120ms Stylesheet
text/css 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetCSS.aspx?stylesheetname=DynamicFooter&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2f42bd54149cbd50a46b415f833bdd0ba690b829feb531b5d00db99685508d5e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 01:13:04 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 537641
x-cache: Hit from cloudfront
content-disposition: attachment; filename="DynamicFooter.css"
content-length: 3138
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Mon, 29 Aug 2022 23:22:41 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231110011302_aeb47_ddqf#350y
etag: "cssstylesheet|5e4e0c03-8c10-4630-b49c-1f589156dca8-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: uLel4pHcxvzDWwAxGoY8OU6VrEFFKBLpjJseaTPwNKV8FVjKrr6DAg==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 1 KB
2 KB 499ms
201ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/reactscripts.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

e40b38fb762963adbe977f0fb3108492307547862dca4b41b5149c4c9ddfc8b5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 01:34:12 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 1141173
x-cache: Hit from cloudfront
content-disposition: attachment; filename="reactscripts.js"
content-length: 717
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Thu, 12 Oct 2023 00:07:08 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231103013411_ddd0e_CVhU#380z
etag: "file|10/12/2023 1:07:08 PM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: 7TPYLFHnRc0LQBLYoyYxScaqoakWeyu8C0F49ucIQCSeVYVMFkPFGQ==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 165 KB
54 KB 455ms
157ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/2.chunk.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2b4eaf7c5c3c62a91b28bd5d4aa8475a44a18ffd185dec3698579dbb95579a5e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 17:00:51 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 2467974
x-cache: Hit from cloudfront
content-disposition: attachment; filename="2.chunk.js"
content-length: 53885
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Thu, 12 Oct 2023 00:07:08 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231018170050_c0222_4kGF#600z
etag: "file|10/12/2023 1:07:08 PM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: pma95WpsNI2E9J7nyM25zmki7F6zf-3VbBvaHV6ablpsx6u2uAcD6g==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 31 KB
7 KB 498ms
201ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/main.chunk.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

40f75e5016869b213eeef1ab4af4086f24a5a74de067e0e365a6d4eb73165cc3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 18:49:28 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 1597457
x-cache: Hit from cloudfront
content-disposition: attachment; filename="main.chunk.js"
content-length: 6489
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Thu, 12 Oct 2023 00:07:08 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231028184927_a4888_2B3O#330y
etag: "file|10/12/2023 1:07:08 PM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: Fi1QV60jf13lqn01DwdhP17wpJTopIBCSoaOq1blOMt8eQQzQaSXTQ==

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 754ms
107ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://www.aucklandmuseum.com/
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:45 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5212626
x-cache: HIT, HIT
content-length: 29811
x-served-by: cache-lga21935-LGA, cache-qpg1270-QPG
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1700116425.414396,VS0,VE0
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 32, 40139

GET
H/1.1 200
OK sticky-nav.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 4 KB
4 KB 159ms
159ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/sticky-nav.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

45a0a4733a6c67fa0fdbc501af9ed1342649e41f6182a3eef26886be807cf732

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 1232
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK header.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 10 KB
5 KB 711ms
711ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/header.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

019da770517e467f311b2f602721f2ae52a4efa62843b75939551feea5bd42fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 2253
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
612 B 1071ms
149ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=fetch%2CPromise

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 06:33:46 GMT
age: 717485
detected-user-agent: Chrome/119.0.0
server-timing: HIT, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 120
referrer-policy: origin-when-cross-origin
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/119.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK stickyfill.min.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 6 KB
5 KB 119ms
119ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/stickyfill.min.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5b608be012b96fc0c17371624bc3c86185350749086e18894a4c61f3b38429c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 2075
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK frame.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 697 B
3 KB 635ms
634ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/frame.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

36bcd89cf32426d8e3961a73376cc2e999ea28e344596bece26c1b202b20ff80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 435
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK jquery.fancybox.pack.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/fancybox/ 23 KB
13 KB 116ms
115ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/fancybox/jquery.fancybox.pack.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2be721560b8cae178785531dc523d2f7b9b173bb6571536fed94a85c0d31c525

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 10653
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.carousel.min.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 43 KB
17 KB 507ms
507ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/owl.carousel.min.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 15056
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK gallery.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 265 KB
61 KB 135ms
134ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/gallery.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

020c4edb4314dcafeee622bcdb864ba2a645279696c26432ec357e1109f79661

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 60106
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 3 KB
3 KB 137ms
136ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/owl.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

19c48a194bc9895cd80e49c54dd83e321999061a4497565da97852921f621d2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 539
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK WebBanner-Web480.mp4
akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/ 2 MB
2 MB 780ms
311ms Media
video/mp4 52.239.197.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/WebBanner-Web480.mp4
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.197.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer: https://www.aucklandmuseum.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 16 Nov 2023 06:33:47 GMT
Last-Modified: Thu, 24 Aug 2023 22:33:25 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: LE7/Mj1PZkaAXtskU1Vdjg==
ETag: 0x8DBA4F2217CEFD4
Content-Type: video/mp4
x-ms-request-id: 57c1546d-701e-000e-6a56-18a380000000
x-ms-version: 2009-09-19
Content-Length: 2053119

GET
H2 200 poster.jpg
ajrctguoxo.cloudimg.io/v7/https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/ 68 KB
69 KB 416ms
209ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/poster.jpg?force_format=webp,jpeg&h=800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

a491c1eb98f8f723f5ebb6015e6680a189ce1f770762d63db234b43e030054e9

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:45 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 21358
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 69588
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 2967516s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231112060016_81d0e_03PT
etag: "312cf22ac6ba98fca7231e1fcda6a905"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: EcrvJMR72dB1wZ2s4PeSPCq9tG4re5v1dmgD_gCmshz8msNMMZb9ZQ==

GET
H/1.1 200
OK GothamNarrow-Medium.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 131ms
130ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Medium.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

df3331100c6661cff1cba81adc01543738d09db795dcdd8a4f0753bbaefbb0a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:44 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20336
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GothamNarrow-Book.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 682ms
681ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Book.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d1016cbc5360789ddca52cf5c4787af3bf5c65768620b262420da1d7a550c169

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20296
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GothamNarrow-Light.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 680ms
679ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Light.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

097c776b11d2117540f28adeaff8fbc593f905cac61064943d6ab7e3ebc99f39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20440
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET

museums-of-auckland-logo_1.png
www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/Museums-of-Auckland-Logo_1.png?lang=en-NZ&width=300&height=143&ext=.png
https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/museums-of-auckland-logo_1.png?lang=en-NZ&width=300&height=143&ext=.png

0
0

GET
H/1.1 200
OK auckland-council.png
www.aucklandmuseum.com/Client/IMG/Modular/partners/ 8 KB
10 KB 618ms
618ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/partners/auckland-council.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

61a26f094028474c48bd972cbdf05e51a69e808148d4163d58579a1dd8f1a5f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 8044
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

aucklandmuseum.footerlinks Show response
www.aucklandmuseum.com/rest/
Redirect Chain

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterLinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf
https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

21 KB
6 KB

630ms
629ms

XHR
application/json

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

01950f1e3e97d2fc7ccaba131db3d214f77b6a28af682d8072cf13e089df189f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 3643
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 271
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

aucklandmuseum.footericons Show response
www.aucklandmuseum.com/rest/
Redirect Chain

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterIcons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a
https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

2 KB
3 KB

1216ms
1214ms

XHR
application/json

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

dc3f4edee092a86f7b859cb9bcc35c0c27cadbee1f4562f2a79f492f0ffd6dde

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 925
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 271
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1 200
OK aucklandmuseum.termscondition Show response
www.aucklandmuseum.com/rest/ 606 B
3 KB 369ms
161ms XHR
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.termscondition?format=json&hash=8f8dd3a1c9a3115398ce8adacb93225ba62b25bb3fc42ff3842e83eadbe04ee2

Requested by

Host: ajrctguoxo.cloudimg.io
URL: https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/2.chunk.js&func=proxy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

78a47e59337e20684dbaf742ebf965a53334ed92432ce625b8bebe031b94debe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 460
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2Feefc9716-d1cc-454e-929d-6014c65cb381%2FTe-Ra-600-x-400.png
ajrctguoxo.cloudimg.io/v7/ 39 KB
40 KB 460ms
459ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2Feefc9716-d1cc-454e-929d-6014c65cb381%2FTe-Ra-600-x-400.png?w=1300&org_if_sml=1&ci_url_encoded=1&force_format=webp%2Cjpeg&func=cropfit&gravity=face

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

30846515e4492acc552fbd0a556ecea516cdcc53b5ed057f3e81076c6fc82572

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:45 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
x-origin-visibility: OV_NORMAL_FILE
x-cache: RefreshHit from cloudfront
content-length: 40422
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 2206641s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113025328_414dc_RIeB#370z
etag: "d169ea483ac4c805dfc184f529fdfbe7"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: FNB_JcXqxn6b62DXEoIeivRIgeQ-9pgNb9nEtubFcSUpoE41gDpYbg==

GET
H/1.1 200
OK MOA_Logo_refresh_-_Website-01
www.aucklandmuseum.com/getmedia/020cd904-09d4-4c95-9204-edde3c6ead7a/ 9 KB
12 KB 213ms
212ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/020cd904-09d4-4c95-9204-edde3c6ead7a/MOA_Logo_refresh_-_Website-01

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

92930fdad6d0ecd445ab34ed135c1868d10179a2ca34dfba7045c91c2d5fcefe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="MOA_Logo_refresh_-_Website-01.png"
Content-Length: 9187
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 19 Oct 2020 21:47:55 GMT
Server: Microsoft-IIS/10.0
ETag: "10/19/2020 9:47:55 PM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:48 GMT

GET
H2 200 / Show response
myaccount.aucklandmuseum.com/api/session/sessionkey/ 218 B
2 KB 1701ms
857ms Fetch
application/json 45.60.125.73
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.aucklandmuseum.com/api/session/sessionkey/

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.125.73 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f30a8307ad288ec36f9a65a182897897d7c097ff0122b4b58112765b73636f98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:48 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
content-encoding: gzip
x-debug-request-id: 84415ff6-1957-4e8a-b09d-04f750fcf5a8
x-cdn: Imperva
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-iinfo: 15-34296647-34279319 pNYy RT(1700116426906 454) q(0 0 0 3) r(7 7) U2
pragma: no-cache
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.aucklandmuseum.com
cache-control: no-cache
access-control-allow-credentials: true
x-incap-sess-cookie-hdr: cbNTZiZPj123SX5ntf+3Fcy3VWUAAAAALAAn3NBp5Em5jaYnxfpKEw==
access-control-allow-headers: Content-Type
expires: -1

GET
H/1.1 200
OK chevron-right-black.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 168 B
3 KB 271ms
270ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/chevron-right-black.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

80497450e65ff6079c1a6ba72fc4fa4afc4d70bfa3e0885387320e81c7bec71c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:47 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 168
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F63022983-760a-4d3e-964f-21430ae7b6d6%2FWPOTY-Tile-600-x-400.png
ajrctguoxo.cloudimg.io/v7/ 15 KB
15 KB 454ms
453ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F63022983-760a-4d3e-964f-21430ae7b6d6%2FWPOTY-Tile-600-x-400.png?w=1300&org_if_sml=1&ci_url_encoded=1&force_format=webp%2Cjpeg&func=cropfit&gravity=face

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

df39ae109307d48dc6abf0b996210672df0c23df629a49c08f45523d5c10bff6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
x-origin-visibility: OV_NORMAL_FILE
x-cache: RefreshHit from cloudfront
content-length: 14998
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 4687040s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231112043800_2013b_wMga#600z
etag: "ea75491b1635278898c742f48ec6dd09"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: FRCZOGR-ShaaKc2bSXCgOsRaxuyRsk55VNBsyOuTOym6c_zoEFJsZw==

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F78aaa2b4-34a3-4c12-87f9-ba81bf5da9c8%2FRobin-Morrison-Autumn-Race-Meeting.png
ajrctguoxo.cloudimg.io/v7/ 62 KB
63 KB 140ms
140ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F78aaa2b4-34a3-4c12-87f9-ba81bf5da9c8%2FRobin-Morrison-Autumn-Race-Meeting.png?w=1300&org_if_sml=1&ci_url_encoded=1&force_format=webp%2Cjpeg&func=cropfit&gravity=face

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

e794e22b958be22aa7d990bf48836539d74064c4879d36265d3fb75235fc6132

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
x-origin-visibility: OV_NORMAL_FILE
x-cache: RefreshHit from cloudfront
content-length: 63474
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 1707206s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113025328_041ef_WXen#600z
etag: "b773975fdc64b1ecc35e35f36ddbb833"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: gjsjKPgrhWC3b8UIW2mafXI_aAbFjGABhZbqsiqC2-bs3dtDPHtgGA==

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F348cc2d5-960d-4cb9-b39b-cbab7c4e47ea%2FAM_WEB_TREX2_600x400px.jpg
ajrctguoxo.cloudimg.io/v7/ 25 KB
25 KB 484ms
483ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F348cc2d5-960d-4cb9-b39b-cbab7c4e47ea%2FAM_WEB_TREX2_600x400px.jpg?w=1300&org_if_sml=1&ci_url_encoded=1&force_format=webp%2Cjpeg&func=cropfit&gravity=face

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

be4c84eb489868b84f401b51f8d46af7d6dda90bf19490ca996f861c7b5a697f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
x-origin-visibility: OV_NORMAL_FILE
x-cache: RefreshHit from cloudfront
content-length: 25364
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 4793182s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113101008_e3d8e_DKaj#350y
etag: "2af501a814e21111218a31699821c77d"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: PUfxqX30EUzj-Jk8bYcJvmclWgRQAqW1x-3_hAoyx4kXuiG8wx3-nw==

GET
H2 200 js
www.googletagmanager.com/gtag/ 289 KB
94 KB 215ms
214ms Script
application/javascript 142.251.10.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q1608KR6QQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96138
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 06:33:48 GMT

GET
H2 200 fbevents.js
connect.facebook.net/en_US/ 202 KB
54 KB 925ms
176ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 06:33:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: s/7/iF7xczv3aLXO2JGVEdUqBgMJ1vhMcO87BDJeJf4XOjfx3HvS+x2YLr5KN/HdXNo7Iir6w6HkK4kOi8PhhQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-2376861.js
static.hotjar.com/c/ 14 KB
5 KB 923ms
403ms Script
application/javascript 13.224.250.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2376861.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.250.18 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-250-18.sin52.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 06:33:49 GMT
via: 1.1 2e4ea5ed710a1104b183ead6b210a514.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C2
etag: W/12a446d68dad66c824937060b0c6e720
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: bxs60MsGYl-gaAXd9eDXjCo5paqf7hgbm7QeB0BHI6KZjdi1NW-Y1Q==

GET
H2 200 /
googleads.g.doubleclick.net/pagead/viewthroughconversion/302428441/ 3 KB
2 KB 932ms
184ms Script
text/javascript 74.125.24.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/302428441/?random=1700116427615&cv=11&fst=1700116427615&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&auid=66094215.1700116428&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1299
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.googleadservices.com/pagead/conversion/961485226/ 3 KB
2 KB 685ms
171ms Script
text/javascript 64.233.170.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/961485226/?random=1700116427621&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&bttype=purchase&auid=66094215.1700116428&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1625
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js
secure.quantserve.com/ 21 KB
9 KB 1144ms
146ms Script
application/javascript 103.229.10.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.10.171 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:50 GMT
content-encoding: gzip
etag: "e23JaXq4HVtlOmThpFhluQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 23 Nov 2023 06:33:50 GMT

GET
H2 200 events.js
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 982ms
418ms Script
application/javascript 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD2E4IJC77U2F908R8V0&lib=ttq
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-akamai-request-id: 6f00914.c7c06d64
date: Thu, 16 Nov 2023 06:33:50 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
x-parent-response-time: 235,23.75.21.24
server-timing: cdn-cache; desc=MISS, edge; dur=231, origin; dur=5, inner; dur=3
content-length: 1572
pragma: no-cache
server: nginx
x-tt-logid: 20231116063350B7F24F45A455C3DA6A91
x-cache-remote: TCP_MISS from a23-218-223-74.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.218.223.74
x-tt-trace-host: 013600485498ae636e2ab5cad7f4aca8e9b0f44d33a47dbc6570aeda6951df0cd0623876bfb02db6e375f80b47ad39c9144b340a94ca76eb90380f9ffbe9ca6916a495850c99590c37c7ded3f15a2cd5cbaee0d0483dc5a3e97c95c1c1eec2404b839c95d96a1732b560c6314a351d5724
expires: Thu, 16 Nov 2023 06:33:50 GMT

GET
H/1.1 200
OK CheckCart Show response
www.aucklandmuseum.com/webservice.asmx/ 309 B
3 KB 642ms
600ms Fetch
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/webservice.asmx/CheckCart?tnew=kDdVgFK2M9y5iTdAc%2Fm9QnuDnmmsmBPyo9rv216DABeZu8CZgXzv8wYt3aY94Z6fvk0tuVfD2xwHeC9AB68nqF9ObynsMv2p5hI8D8UKfeZECr3GgzVpV7jcumDCqc9ETRrK8tKm%2BD7rRbEzcaWmC1B1Wx%2BuVrCTgTDez9ExWaAj6dF1CL4sMUoHBc5dUdwG

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f7e77a7980e0c1db259e90e5709ab64c2bd6124cf9edc9c3cbc1aaa4554b287f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/
traceparent: 00-ace9b650bb4e4f16b175a54b7486a96c-45513646e10d4ac2-01
request-id: |ace9b650bb4e4f16b175a54b7486a96c.45513646e10d4ac2
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 333
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, max-age=0
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

POST
H/1.1 200
OK LoadCart
www.aucklandmuseum.com/WebService.asmx/ 96 B
3 KB 759ms
617ms XHR
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/WebService.asmx/LoadCart

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-ace9b650bb4e4f16b175a54b7486a96c-b264fc08307e4b46-01
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.aucklandmuseum.com/
X-Requested-With: XMLHttpRequest
Request-Id: |ace9b650bb4e4f16b175a54b7486a96c.b264fc08307e4b46

Response headers

Date: Thu, 16 Nov 2023 06:33:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 192
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, max-age=0
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

OPTIONS
H2 200 track
southeastasia-1.in.applicationinsights.azure.com//v2/ 0
0 982ms
119ms Preflight 20.24.4.131
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://southeastasia-1.in.applicationinsights.azure.com//v2/track

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.24.4.131 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.aucklandmuseum.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Thu, 16 Nov 2023 06:33:49 GMT
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-request-id: 70694f2d-11f9-4c01-8a1a-c2b5a9b08b85

GET
H/1.1 200
OK Primary Request / Show response
www.aucklandmuseum.com/ 88 KB
19 KB 1288ms
1288ms Document
text/html 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5992b09ef1cf4e55c558b770a634a278608582eab22298da3c905938b1991212

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, no-store, must-revalidate
Content-Encoding: deflate
Content-Length: 16879
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Nov 2023 06:33:50 GMT
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge IE=Edge
X-XSS-Protection: 1; mode=block

POST
H2 200 track
southeastasia-1.in.applicationinsights.azure.com//v2/ 49 B
160 B 142ms
139ms Fetch
application/json 20.24.4.131
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://southeastasia-1.in.applicationinsights.azure.com//v2/track

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.24.4.131 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 06:33:50 GMT
x-content-type-options: nosniff
server: Microsoft-HTTPAPI/2.0
x-request-id: e7add315-b684-412a-98af-f9c78f1f23cb
content-type: application/json; charset=utf-8

POST collect
analytics.google.com/g/ 0
0

POST collect
stats.g.doubleclick.net/g/ 0
0

GET ga-audiences
www.google.com.sg/ads/ 0
0

GET

/
www.google.com/pagead/1p-conversion/961485226/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961485226/?random=1057506416&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
https://www.google.com/pagead/1p-conversion/961485226/?random=1057506416&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...

0
0

GET modules.f9859f007fa31a6b8e2b.js
script.hotjar.com/ 0
0

GET /
www.google.com/pagead/1p-user-list/302428441/ 0
0

GET /
www.google.com.sg/pagead/1p-user-list/302428441/ 0
0

GET
H2 200 main.MTdjYzNiZDU2MA.js
analytics.tiktok.com/i18n/pixel/static/ 118 KB
0 114ms
114ms Script
application/javascript 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD2E4IJC77U2F908R8V0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-akamai-request-id: c7c07b3b
date: Thu, 16 Nov 2023 06:33:50 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231109073134DCBD02C6B6AB3BE16732
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01f38e92228c3172865119b89b7ee816f5b190dc0556b95e8e55fe4413048713b2123fb68555051ad16b7a15ac478a69bb7e8956dfec18a6f5e2c9067760979470cca2d693d52c1671d465b19f607fbfee966e5ddc4407fe2324d958bda1e0bbfa
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 108265

GET 927997600911227
connect.facebook.net/signals/config/ 0
0

GET rules-p-hBBM68Exb36my.js
rules.quantcount.com/ 0
0

POST collect
analytics.google.com/g/ 0
0

GET
H/1.1 200
OK main.css
www.aucklandmuseum.com/client/css/modular/ 155 KB
39 KB 145ms
141ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/modular/main.css

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3eb85bd8ec9e2a7bb4dcb724db025f2f43ba2df3028fb458e1ad6d5d6c9da0fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 36997
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.carousel.min.css
www.aucklandmuseum.com/client/css/modular/ 3 KB
4 KB 166ms
161ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/modular/owl.carousel.min.css

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

86f7986267e1c6750cf52c26b40c104df3f01087e80d1390380fd25ea03e7e8e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 1168
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GetCSS.aspx
www.aucklandmuseum.com/CMSPages/ 491 B
3 KB 142ms
138ms Stylesheet
text/css 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/CMSPages/GetCSS.aspx?_webparts=1334

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c4157ee31d70c084decc800eef3363e9d28f494e470d9c486d39d34430a394f6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: attachment; filename="Footer.css"
Content-Length: 363
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 24 Jan 2018 02:30:29 GMT
Server: Microsoft-IIS/10.0
ETag: "webpart|Footer"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:50 GMT

GET
H/1.1 200
OK WebResource.axd Show response
www.aucklandmuseum.com/ 23 KB
8 KB 125ms
121ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZMgPr6v3kY2AZ4Hp3HObKqvUyLSMp-5yJgD4rQov37ub8Rw0mQ2&t=637815128020000000

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 6007
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Sat, 26 Feb 2022 09:53:22 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:26:34 GMT

GET
H2 200 lazysizes.min.js Show response
cdn.scaleflex.it/filerobot/js-cloudimage-responsive/ 7 KB
4 KB 109ms
104ms Script
text/javascript 13.224.250.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scaleflex.it/filerobot/js-cloudimage-responsive/lazysizes.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.250.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-250-96.sin52.r.cloudfront.net
Software: Scaleflex HTTP Loadbalancer /
Resource Hash: 260beff2f010ff66019561a62dcaa2fc03ce83ded463bf06f588f7b432d04688

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 20:11:09 GMT
content-encoding: gzip
via: 1.1 0cd88f29d8c6e29a267867c45efda9a8.cloudfront.net (CloudFront)
x-elastic-th: 0.420
x-amz-cf-pop: SIN52-C2
age: 728561
x-cache: Hit from cloudfront
content-length: 3181
x-airstore-traceid: AsIyyFMUUSVafeO
x-filerobot-visibility: VISIBILITY_PUBLIC
server: Scaleflex HTTP Loadbalancer
etag: "842d27d3c93ed60a904d1a9b7d3ac279e1fac10a"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH
content-type: text/javascript
x-global-time: 418ms
access-control-allow-origin: *
cache-control: max-age=2597000, public
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: X-Airstore-Secret-Key, X-Airstore-Key, X-Filerobot-Key, X-Auth-Token, X-Token, X-Company-Token, X-Project-Token, X-Locale, X-Lang, X-Version, X-Session-Token, X-CSRF-Token, Cache-Control, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Origin
x-geo: sg068
x-amz-cf-id: L1-mx6OdcdSsrBXFGzvQSfM0UiZoYcu1xquVNAJGfhCvlC3qSa4e3w==

GET
H2 200 js-cloudimage-responsive.min.js Show response
cdn.scaleflex.it/plugins/js-cloudimage-responsive/4.7.0/plain/ 35 KB
11 KB 120ms
116ms Script
text/plain 13.224.250.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scaleflex.it/plugins/js-cloudimage-responsive/4.7.0/plain/js-cloudimage-responsive.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.250.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-250-96.sin52.r.cloudfront.net
Software: Scaleflex HTTP Loadbalancer /
Resource Hash: 04204ad9942a135111c63df119539fba6da4eb388566806a6643bf98f3605265

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 18:33:32 GMT
content-encoding: gzip
via: 1.1 0cd88f29d8c6e29a267867c45efda9a8.cloudfront.net (CloudFront)
x-elastic-th: 1.190
x-amz-cf-pop: SIN52-C2
age: 734418
x-cache: Hit from cloudfront
content-length: 10866
x-airstore-traceid: AsIy4xMClv0d6eO
x-filerobot-visibility: VISIBILITY_PUBLIC
server: Scaleflex HTTP Loadbalancer
etag: "714d802cd8efc916c346e35408eff31c083b2615"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH
content-type: text/plain
x-global-time: 1032ms
access-control-allow-origin: *
cache-control: max-age=2597000, public
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: X-Airstore-Secret-Key, X-Airstore-Key, X-Filerobot-Key, X-Auth-Token, X-Token, X-Company-Token, X-Project-Token, X-Locale, X-Lang, X-Version, X-Session-Token, X-CSRF-Token, Cache-Control, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Origin
x-geo: sg072
x-amz-cf-id: nUXmRMlkZuKw0JgMTsrkzQiEqmLzWNe-40iC2H0Rz_7NjhqwJrZquQ==

GET
H/1.1 200
OK ScriptResource.axd Show response
www.aucklandmuseum.com/ 87 KB
37 KB 128ms
125ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/ScriptResource.axd?d=qph9tUZ6hGPLbkznkRkqTZoeKP4zvyrv7Hnt-DQTh-UaGLj3myTWwI16KdpIqeGCu3jveyJJpWZKFUZT_UL_3gt001M3HL1KlXwXG2D85xpk_atG0&t=7c776dc1

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9f9425c961900c8d8b3b30085c3969eef0c845a11c5be9fad704d160c64a12f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 35037
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 16 Nov 2023 06:26:12 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:26:12 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
www.aucklandmuseum.com/ 36 KB
15 KB 1014ms
868ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/ScriptResource.axd?d=TvpD2YGOOsCm1yWcLkKnBRGobAjOaeoRoQuRJa6umjyuPM-QH94hi5sMzHDo_ie6T8BmHKtg88PZ2SrTlKqJ9Wx_KEBYptgaubTcXZ5ueKFWfTk20&t=7c776dc1

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e44c3b782978c44af9885b97302632e45ff19d01ecb745e91d21cf597c22cb29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 12643
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 16 Nov 2023 06:17:05 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *
Expires: Fri, 15 Nov 2024 06:17:05 GMT

GET
H/1.1 200
OK am-logo.svg
www.aucklandmuseum.com/Client/IMG/Modular/ 755 B
3 KB 876ms
875ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/am-logo.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

19b388e733f0af2b17dd1bd41d2c776079e40aaf5efad3a2c0b62efd78d4a1e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 755
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK search-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 473 B
3 KB 901ms
900ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/search-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6e6da0ef0d5cb4c7b0a9e7ba7bb244bb4ba806f5ed07f5477fb1ce34a4c0bbbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 473
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK close-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 226 B
3 KB 881ms
848ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/close-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

41b156770ac5e9b69e41b6e2f23f9ad6e4399daa59e48dea29cbbb5338a7ae00

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 226
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK menu-white.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 149 B
3 KB 870ms
837ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/menu-white.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d512b06ff52a3f7939d980239249dfdcab98d40fae2ec0068798a3701aac1b4e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 149
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK close-black.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 214 B
3 KB 776ms
775ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/close-black.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4acf565b75f5edc8987503d6714415019db979f7090966c4ebdb5be1ae68bfa4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:52 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 214
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
www.aucklandmuseum.com/aucklandmuseum/files/b9/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_15.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

152 KB
154 KB

205ms
171ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

da7163e13346ce0db20878e03e63dbd212251bc7e0fc9c571185c2b0eb91e415

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 155617
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:48 GMT
Server: Microsoft-IIS/10.0
ETag: "276aca32718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/b9/b9712ef4-a415-4755-8dc5-1dad5ca97609.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
www.aucklandmuseum.com/aucklandmuseum/files/28/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_01.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

157 KB
160 KB

237ms
144ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9fafeecba5d4b636f608e91e703f087e959d4cdeca5683c39ccf4efaadc20252

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 161097
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:48 GMT
Server: Microsoft-IIS/10.0
ETag: "7e68aea32718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/28/28edf7d6-e145-47cf-9bf9-44c3b57d66df.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
www.aucklandmuseum.com/aucklandmuseum/files/02/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_08.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

135 KB
137 KB

201ms
147ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3509434a5a7975c5aecc80abd698652653d10c3339651168b6956ca5b5c6419d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 138255
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "598355a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/02/02686da5-4d53-4932-b2b6-1b530fb20ec6.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
www.aucklandmuseum.com/aucklandmuseum/files/2a/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_07.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

147 KB
149 KB

215ms
203ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6f8da90b266ca94343756cd15b53adf0f0e949cdfe6783fb1d557036fdf78c65

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 150208
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "2c475aa42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:53 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/2a/2a955fca-d413-4b1c-b5d1-a9111456bc8a.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

4c6c978d-5468-4491-945f-465af0f50b05.jpg
www.aucklandmuseum.com/aucklandmuseum/files/4c/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_05.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

147 KB
150 KB

875ms
875ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

419764b8d4d4db2bbf7486b81935cd73efc7577f8d493d05231eb6be3bd6eeab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 150870
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "fab5fa42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/4c/4c6c978d-5468-4491-945f-465af0f50b05.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
www.aucklandmuseum.com/aucklandmuseum/files/5c/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_03.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

105 KB
107 KB

480ms
129ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e7b42b40c560e8375c4b06de3b13dc90ddc242e473dc3bee4547f53a2496b2a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 107435
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "5d6e61a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:52 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/5c/5c398278-cc11-4692-ae29-cd7dc6a663db.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
www.aucklandmuseum.com/aucklandmuseum/files/68/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_04.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

118 KB
120 KB

114ms
113ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ded489f53d970c69d9477248e535cff56391b58605fe6ae26744b17e04dcdc62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:56 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 120791
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:50:40 GMT
Server: Microsoft-IIS/10.0
ETag: "dd4d9ceb2618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:56 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/68/68724b2d-be3d-4c45-818e-60d7368fb9af.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
www.aucklandmuseum.com/aucklandmuseum/files/67/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/home/Home-2023/AM_Homepage_Explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/getattachment/home/home-2023/am_homepage_explore_400x420px_02.jpg?lang=en-NZ&width=400&height=420&ext=.jpg
https://www.aucklandmuseum.com/AucklandMuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

139 KB
141 KB

298ms
297ms

Image
image/jpeg

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3ffe52762d7e397d435df9f1151bd8f8a5045fb05469afaa0a4e4522b459214d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 142070
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Thu, 16 Nov 2023 00:55:50 GMT
Server: Microsoft-IIS/10.0
ETag: "a89568a42718da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/aucklandmuseum/files/67/67b6a17c-e867-4b9b-92f7-8341ef1d2acf.jpg
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1 200
OK Membership-800-x-533.png
www.aucklandmuseum.com/getmedia/bd324e06-ed40-4d93-9c2b-48db6fc21b32/ 758 KB
760 KB 774ms
773ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/bd324e06-ed40-4d93-9c2b-48db6fc21b32/Membership-800-x-533.png?width=800&height=533&ext=.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e5446321873e63ecf7c6605dcc5a587801058373aced45cd36072e6c7e4b399b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="Membership-800-x-533.png"
Content-Length: 775804
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Fri, 15 Sep 2023 01:21:30 GMT
Server: Microsoft-IIS/10.0
ETag: "9/15/2023 1:21:30 AM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:55 GMT

GET
H/1.1 200
OK Vasiti-and-Kahu-800-x-533.png
www.aucklandmuseum.com/getmedia/ca70a35a-6666-4d18-91e5-5cf7a5ec6ee9/ 622 KB
625 KB 156ms
156ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/ca70a35a-6666-4d18-91e5-5cf7a5ec6ee9/Vasiti-and-Kahu-800-x-533.png?width=800&height=533&ext=.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

84afea5bd5b3e044801e45b3eb70924ac533be34ead261965ae26dfd0ae61940

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="Vasiti-and-Kahu-800-x-533.png"
Content-Length: 637088
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 14 Sep 2023 03:36:57 GMT
Server: Microsoft-IIS/10.0
ETag: "9/14/2023 3:36:57 AM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:54 GMT

GET
H2 200 GetCSS.aspx
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 29 KB
4 KB 180ms
145ms Stylesheet
text/css 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetCSS.aspx?stylesheetname=DynamicFooter&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2f42bd54149cbd50a46b415f833bdd0ba690b829feb531b5d00db99685508d5e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=15552001; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
date: Mon, 06 Nov 2023 23:45:38 GMT
x-amz-cf-pop: SIN52-C3
age: 802092
x-origin-code: 200
x-cache: Hit from cloudfront
content-disposition: attachment; filename="DynamicFooter.css"
content-length: 3138
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Mon, 29 Aug 2022 23:22:41 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231007234420_aeb47_8W9V#350y
etag: "cssstylesheet|5e4e0c03-8c10-4630-b49c-1f589156dca8-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: 8JD0i936rZ1qKmib4vd5PTGwtRQpNxLnbNobwk42nwUNP89_TvpKmA==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 1 KB
2 KB 109ms
108ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/reactscripts.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

e40b38fb762963adbe977f0fb3108492307547862dca4b41b5149c4c9ddfc8b5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 20:12:56 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 642055
x-cache: Hit from cloudfront
content-disposition: attachment; filename="reactscripts.js"
content-length: 717
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Wed, 08 Nov 2023 02:15:22 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231108201255_ddd0e_UQZx#380z
etag: "file|11/8/2023 3:15:22 PM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: VGEDdpPaESI2FO7B30YYHXDIkuqwkuieIgHfp4Y2UiKAxrcmTDHmjg==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 165 KB
54 KB 119ms
118ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/2.chunk.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2b4eaf7c5c3c62a91b28bd5d4aa8475a44a18ffd185dec3698579dbb95579a5e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 23:30:22 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 630209
x-cache: Hit from cloudfront
content-disposition: attachment; filename="2.chunk.js"
content-length: 53885
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Wed, 08 Nov 2023 22:51:16 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231108233021_c0222_M9uM#600z
etag: "file|11/9/2023 11:51:16 AM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: PD_CTVXvkGNNLiYqJdyg4Zt1gOser6eEfv8auvCqNxXAGkTm3GUXlQ==

GET
H2 200 GetResource.ashx Show response
ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/ 31 KB
7 KB 115ms
115ms Script
application/x-javascript 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/main.chunk.js&func=proxy

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

40f75e5016869b213eeef1ab4af4086f24a5a74de067e0e365a6d4eb73165cc3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 19:11:21 GMT
strict-transport-security: max-age=15552001; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-encoding: gzip
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C3
x-origin-code: 200
age: 732150
x-cache: Hit from cloudfront
content-disposition: attachment; filename="main.chunk.js"
content-length: 6489
x-xss-protection: 1; mode=block, 1
x-ua-compatible: IE=Edge
last-modified: Thu, 12 Oct 2023 00:07:08 GMT
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231107191120_a4888_tvks#330y
etag: "file|10/12/2023 1:07:08 PM-gzip"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: max-age=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Accept
timing-allow-origin: *
access-control-allow-headers: *
x-ultrafast-origin-code: 200
x-amz-cf-id: v1F1UcjFHTBx0FhVbmqE8FPiI2dkilCK4zQBW90qduuzi04blfOpQw==

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 99ms
98ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://www.aucklandmuseum.com/
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:51 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5212632
x-cache: HIT, HIT
content-length: 29811
x-served-by: cache-lga21935-LGA, cache-qpg1270-QPG
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1700116431.393874,VS0,VE0
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 32, 40141

GET
H/1.1 200
OK sticky-nav.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 4 KB
4 KB 228ms
227ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/sticky-nav.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

45a0a4733a6c67fa0fdbc501af9ed1342649e41f6182a3eef26886be807cf732

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 1232
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK header.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 10 KB
5 KB 115ms
114ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/header.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

019da770517e467f311b2f602721f2ae52a4efa62843b75939551feea5bd42fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 2964
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
192 B 114ms
113ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=fetch%2CPromise

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 06:33:51 GMT
age: 717491
detected-user-agent: Chrome/119.0.0
server-timing: HIT, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 120
referrer-policy: origin-when-cross-origin
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/119.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK stickyfill.min.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 6 KB
5 KB 180ms
180ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/stickyfill.min.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5b608be012b96fc0c17371624bc3c86185350749086e18894a4c61f3b38429c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 2075
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK frame.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 697 B
3 KB 922ms
921ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/frame.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

36bcd89cf32426d8e3961a73376cc2e999ea28e344596bece26c1b202b20ff80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 435
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK jquery.fancybox.pack.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/fancybox/ 23 KB
11 KB 832ms
831ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/fancybox/jquery.fancybox.pack.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2be721560b8cae178785531dc523d2f7b9b173bb6571536fed94a85c0d31c525

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 8680
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.carousel.min.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 43 KB
14 KB 114ms
113ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/owl.carousel.min.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 11412
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK gallery.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 265 KB
61 KB 769ms
768ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/gallery.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

020c4edb4314dcafeee622bcdb864ba2a645279696c26432ec357e1109f79661

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 60106
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK owl.js Show response
www.aucklandmuseum.com/Client/Javascript/Modular/ 3 KB
3 KB 136ms
135ms Script
application/x-javascript 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/Client/Javascript/Modular/owl.js?4800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

19c48a194bc9895cd80e49c54dd83e321999061a4497565da97852921f621d2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 383
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
90 KB 145ms
144ms Script
application/javascript 142.251.10.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

30f01cb0378900d0903570f13a4501850d824ac60df11ee48bace5d71b02ffb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91950
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Nov 2023 06:33:51 GMT

GET
H2 200 ai.2.min.js Show response
js.monitor.azure.com/scripts/b/ 120 KB
56 KB 130ms
129ms Script
text/javascript 13.107.246.59
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.246.59 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707

Request headers

Referer: https://www.aucklandmuseum.com/
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:52 GMT
content-encoding: br
last-modified: Wed, 20 Sep 2023 16:12:29 GMT
x-ms-meta-aijssdkver: 2.8.16
vary: Accept-Encoding
x-azure-ref: 20231116T063352Z-30bmcfe3452mve5dyhb013dn8c00000002m000000001wmq8
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 3e8720f6-701e-0069-0dbf-12a9ba000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-cache: TCP_HIT
x-ms-version: 2009-09-19
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.8.16.min.js

GET

af12f9ff-59e7-4953-96df-42d9344fdad3.png
www.aucklandmuseum.com/AucklandMuseum/files/af/
Redirect Chain

https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/Museums-of-Auckland-Logo_1.png?lang=en-NZ&width=300&height=143&ext=.png
https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/museums-of-auckland-logo_1.png?lang=en-NZ&width=300&height=143&ext=.png
https://www.aucklandmuseum.com/AucklandMuseum/files/af/af12f9ff-59e7-4953-96df-42d9344fdad3.png

0
0

GET
H/1.1 200
OK auckland-council.png
www.aucklandmuseum.com/Client/IMG/Modular/partners/ 8 KB
10 KB 313ms
309ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/partners/auckland-council.png

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

61a26f094028474c48bd972cbdf05e51a69e808148d4163d58579a1dd8f1a5f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 8044
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

aucklandmuseum.footerlinks Show response
www.aucklandmuseum.com/rest/
Redirect Chain

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterLinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf
https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

21 KB
6 KB

200ms
162ms

XHR
application/json

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

01950f1e3e97d2fc7ccaba131db3d214f77b6a28af682d8072cf13e089df189f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 3643
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/rest/aucklandmuseum.footerlinks?format=json&hash=8bcec8521b4b6d8399ffed57d11c38775b637cd3e28f6472e92ee22e59e735cf
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 271
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1

200
OK

aucklandmuseum.footericons Show response
www.aucklandmuseum.com/rest/
Redirect Chain

https://www.aucklandmuseum.com/rest/AucklandMuseum.FooterIcons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a
https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

2 KB
3 KB

122ms
121ms

XHR
application/json

20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

dc3f4edee092a86f7b859cb9bcc35c0c27cadbee1f4562f2a79f492f0ffd6dde

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 925
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://www.aucklandmuseum.com/rest/aucklandmuseum.footericons?format=json&hash=ada7f6f181d683ab77a37e737f756fd552e63a43c17ffa98b1fb40f274045d0a
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Content-Length: 271
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge

GET
H/1.1 200
OK aucklandmuseum.termscondition Show response
www.aucklandmuseum.com/rest/ 606 B
3 KB 306ms
177ms XHR
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/rest/aucklandmuseum.termscondition?format=json&hash=8f8dd3a1c9a3115398ce8adacb93225ba62b25bb3fc42ff3842e83eadbe04ee2

Requested by

Host: ajrctguoxo.cloudimg.io
URL: https://ajrctguoxo.cloudimg.io/v7/https://www.aucklandmuseum.com/CMSPages/GetResource.ashx?scriptfile=~/CMSScripts/Custom/DynamicFooter/2.chunk.js&func=proxy

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

78a47e59337e20684dbaf742ebf965a53334ed92432ce625b8bebe031b94debe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 460
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

GET
H2 200 poster.jpg
ajrctguoxo.cloudimg.io/v7/https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/ 68 KB
69 KB 150ms
150ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ajrctguoxo.cloudimg.io/v7/https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/poster.jpg?force_format=webp,jpeg&h=800

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

a491c1eb98f8f723f5ebb6015e6680a189ce1f770762d63db234b43e030054e9

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 00:37:47 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 21364
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 69588
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 3294406s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231116003746_81d0e_4DX2#777z
etag: "312cf22ac6ba98fca7231e1fcda6a905"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: mUoj0vGjcxf-AZsE2Wu5J7r6fJ3wBUtpxjIqC2Xn2X4DPUyMotZ48A==

GET
H/1.1 200
OK GothamNarrow-Light.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 153ms
150ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Light.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

097c776b11d2117540f28adeaff8fbc593f905cac61064943d6ab7e3ebc99f39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20440
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GothamNarrow-Book.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 164ms
157ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Book.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d1016cbc5360789ddca52cf5c4787af3bf5c65768620b262420da1d7a550c169

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20296
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK GothamNarrow-Medium.woff2
www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/ 20 KB
22 KB 154ms
146ms Font
application/font-woff 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/client/css/AucklandMuseum/fonts/GothamNarrow-Medium.woff2

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

df3331100c6661cff1cba81adc01543738d09db795dcdd8a4f0753bbaefbb0a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
Origin: https://www.aucklandmuseum.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:51 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 20336
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK WebBanner-Web480.mp4
akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/ 2 MB
2 MB 146ms
145ms Media
video/mp4 52.239.197.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://akmprod.blob.core.windows.net/cmsstorage/aucklandmuseum/video/WebBanner-Web480.mp4
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.197.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: e3b0678a7a64cb89f2b56f341a7cb01b19aa7228455c405b7048a2a24cf4d988

Request headers

Referer: https://www.aucklandmuseum.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 16 Nov 2023 06:33:51 GMT
Last-Modified: Thu, 24 Aug 2023 22:33:25 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: LE7/Mj1PZkaAXtskU1Vdjg==
ETag: 0x8DBA4F2217CEFD4
Content-Type: video/mp4
x-ms-request-id: 57c15edf-701e-000e-4d56-18a380000000
x-ms-version: 2009-09-19
Content-Length: 2053119

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2Feefc9716-d1cc-454e-929d-6014c65cb381%2FTe-Ra-600-x-400.png
ajrctguoxo.cloudimg.io/v7/ 39 KB
40 KB 161ms
161ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

30846515e4492acc552fbd0a556ecea516cdcc53b5ed057f3e81076c6fc82572

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:45 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 6
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 40422
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 2206641s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113025328_414dc_RIeB#370z
etag: "d169ea483ac4c805dfc184f529fdfbe7"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 8Efiyn7fBdHlvzdQnK_oSMcloBuBwevQ9y-NYF9FReQj_l731WtqsQ==

GET
H2 200 polyfill.min.js
polyfill.io/v3/ 101 B
192 B 131ms
130ms Other
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=fetch%2CPromise

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 06:33:56 GMT
age: 717495
detected-user-agent: Chrome/119.0.0
server-timing: HIT, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 120
referrer-policy: origin-when-cross-origin
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/119.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
94 KB 150ms
149ms Script
application/javascript 142.251.10.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q1608KR6QQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

64ea340624722b039e7694c20c005033a65efc13c961b4eab9acec7e78d53e78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96138
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 06:33:53 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
53 KB 219ms
215ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 06:33:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: s/7/iF7xczv3aLXO2JGVEdUqBgMJ1vhMcO87BDJeJf4XOjfx3HvS+x2YLr5KN/HdXNo7Iir6w6HkK4kOi8PhhQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-2376861.js Show response
static.hotjar.com/c/ 14 KB
5 KB 466ms
464ms Script
application/javascript 13.224.250.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2376861.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.250.18 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-250-18.sin52.r.cloudfront.net

Software

Resource Hash

155fcfa57d7ecf257e5f23b7cc11c5a151867e20d4e43f8c4efdbd62d19cec66

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 06:33:49 GMT
via: 1.1 2e4ea5ed710a1104b183ead6b210a514.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN52-C2
age: 6
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/12a446d68dad66c824937060b0c6e720
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: cf-Fvq-xSnAuDLTa7w4Ei-SG4xWMz8jAuOIEe-9tOnXf7D7aljcyhA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/302428441/ 3 KB
1 KB 167ms
167ms Script
text/javascript 74.125.24.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/302428441/?random=1700116431878&cv=11&fst=1700116431878&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&auid=66094215.1700116428&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f154.1e100.net

Software

cafe /

Resource Hash

c18ffa81c3bf136d48484d7949001c345c90df059350d00bb27998ac79155301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/961485226/ 3 KB
2 KB 144ms
143ms Script
text/javascript 64.233.170.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/961485226/?random=1700116431880&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&bttype=purchase&auid=66094215.1700116428&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9LBT2N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f155.1e100.net

Software

cafe /

Resource Hash

fefcb73069e5edd01829eafb175ba6b080fc40853292aa0aa136c3bc6580a8ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1628
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 21 KB
9 KB 284ms
283ms Script
application/javascript 103.229.10.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.10.171 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:55 GMT
content-encoding: gzip
etag: "e23JaXq4HVtlOmThpFhluQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 23 Nov 2023 06:33:55 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 483ms
482ms Script
application/javascript 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD2E4IJC77U2F908R8V0&lib=ttq
Requested by: Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: fdcc09f245ba4a7fd19b563aed2ca0d0c1fd96daaa714d8c8682c75bb9100721

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-akamai-request-id: c7c1042f
date: Thu, 16 Nov 2023 06:33:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=299
content-length: 1572
pragma: no-cache
server: nginx
x-tt-logid: 20231116063355F636B26E85516E442CC4
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 299,23.75.21.24
x-tt-trace-host: 013600485498ae636e2ab5cad7f4aca8e9c74a922a106ae41b5d5bc4cc39396ff95d106d7e0bf73f6367bf86720a7c9494475dea4722edabbdbb273be28a99be551cc3f30d2f3afea6fef22cdc4a4eee4103a44e14112b4bf297179c893b4caf8a
expires: Thu, 16 Nov 2023 06:33:56 GMT

GET
H/1.1 200
OK MOA_Logo_refresh_-_Website-01
www.aucklandmuseum.com/getmedia/020cd904-09d4-4c95-9204-edde3c6ead7a/ 9 KB
12 KB 224ms
223ms Image
image/png 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/getmedia/020cd904-09d4-4c95-9204-edde3c6ead7a/MOA_Logo_refresh_-_Website-01

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

92930fdad6d0ecd445ab34ed135c1868d10179a2ca34dfba7045c91c2d5fcefe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Disposition: inline; filename="MOA_Logo_refresh_-_Website-01.png"
Content-Length: 9187
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
X-UA-Compatible: IE=Edge
Last-Modified: Mon, 19 Oct 2020 21:47:55 GMT
Server: Microsoft-IIS/10.0
ETag: "10/19/2020 9:47:55 PM"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: public, must-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 23 Nov 2023 06:33:55 GMT

GET
H2 200 / Show response
myaccount.aucklandmuseum.com/api/session/sessionkey/ 218 B
618 B 697ms
697ms Fetch
application/json 45.60.125.73
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.aucklandmuseum.com/api/session/sessionkey/

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.125.73 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e491532fcae4d637cac70bbdfa4bff4ee92953c15c579c236b9964a8b46073fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:53 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
content-encoding: gzip
x-debug-request-id: 8631c5a7-6e8f-44d9-944d-170b9e935279
x-cdn: Imperva
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-iinfo: 15-34296647-34279319 pNYy RT(1700116426906 5726) q(0 0 0 -1) r(4 4) U2
pragma: no-cache
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.aucklandmuseum.com
cache-control: no-cache
access-control-allow-credentials: true
x-incap-sess-cookie-hdr: 1r7EWaHjfQm3SX5ntf+3FdG3VWUAAAAABTdmmDUzAQK9m/fNPzxFAA==
access-control-allow-headers: Content-Type
expires: -1

GET
H/1.1 200
OK chevron-right-black.svg
www.aucklandmuseum.com/Client/IMG/Modular/icons/ 168 B
3 KB 567ms
567ms Image
image/svg+xml 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aucklandmuseum.com/Client/IMG/Modular/icons/chevron-right-black.svg

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/client/css/modular/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

80497450e65ff6079c1a6ba72fc4fa4afc4d70bfa3e0885387320e81c7bec71c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/client/css/modular/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:56 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 168
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Last-Modified: Wed, 15 Nov 2023 22:55:16 GMT
Server: Microsoft-IIS/10.0
ETag: "0e27dcc1618da1:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: *
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F63022983-760a-4d3e-964f-21430ae7b6d6%2FWPOTY-Tile-600-x-400.png
ajrctguoxo.cloudimg.io/v7/ 15 KB
15 KB 338ms
338ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

df39ae109307d48dc6abf0b996210672df0c23df629a49c08f45523d5c10bff6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 6
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 14998
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 4926061s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231114230140_2013b_Q3nJ#600z
etag: "ea75491b1635278898c742f48ec6dd09"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: _GoalYZdQ-flFZm2JOE9t2kAqfAE_2fTf0vRBQDyQfcYyjX-PNzc8A==

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F78aaa2b4-34a3-4c12-87f9-ba81bf5da9c8%2FRobin-Morrison-Autumn-Race-Meeting.png
ajrctguoxo.cloudimg.io/v7/ 62 KB
63 KB 342ms
342ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

e794e22b958be22aa7d990bf48836539d74064c4879d36265d3fb75235fc6132

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 6
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 63474
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 1707206s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113025328_041ef_WXen#600z
etag: "b773975fdc64b1ecc35e35f36ddbb833"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: -fE8SLvv-C9Ju7IBI0urmnrStc_DiQ3PqrumcvpsRc0OqD6dPZkqmg==

GET
H2 200 https%3A%2F%2Fwww.aucklandmuseum.com%2Fgetmedia%2F348cc2d5-960d-4cb9-b39b-cbab7c4e47ea%2FAM_WEB_TREX2_600x400px.jpg
ajrctguoxo.cloudimg.io/v7/ 25 KB
25 KB 331ms
330ms Image
image/webp 13.227.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.254.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-254-59.sin52.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

be4c84eb489868b84f401b51f8d46af7d6dda90bf19490ca996f861c7b5a697f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date: Thu, 16 Nov 2023 06:33:47 GMT
via: 1.1 bf37a08a8e52d3968f35ae1bb4eaae78.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: SIN52-C3
age: 6
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 25364
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 4793182s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_023_20231113101008_e3d8e_DKaj#350y
etag: "2af501a814e21111218a31699821c77d"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=21600, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 8-XKedM08_nbbdgpH4xFflKq2s7YmqnpcWyGhEr8n9h4O6m9EXLqBA==

GET
H/1.1 200
OK CheckCart Show response
www.aucklandmuseum.com/webservice.asmx/ 309 B
3 KB 1676ms
1582ms Fetch
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/webservice.asmx/CheckCart?tnew=BFVhpsG6GMkhzexZxoOuPmN9jsIIa3UsoyiGuzy3JyHMY4F5iO4p583njnMkiMKLLzs%2FcbjWPsRaDy3YwsO9hOlajo9hr1VhX8JWD17KolysUyzWUYrmMakNbX2CFv34iEXtQ9oBYgMfaOZku6Azcn8h1y2U9n17qoncKLhoDzB0A%2FGBn018WWPbR5COtFkv

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f7e77a7980e0c1db259e90e5709ab64c2bd6124cf9edc9c3cbc1aaa4554b287f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.aucklandmuseum.com/
traceparent: 00-885863426f74406f9c15a3acc7c49c2f-fc6a5f2edcf44820-01
request-id: |885863426f74406f9c15a3acc7c49c2f.fc6a5f2edcf44820
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 06:33:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 333
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, max-age=0
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

POST
H/1.1 200
OK LoadCart Show response
www.aucklandmuseum.com/WebService.asmx/ 16 B
3 KB 976ms
547ms XHR
application/json 20.43.132.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aucklandmuseum.com/WebService.asmx/LoadCart

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.43.132.132 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7a5769b1cd152fea61172d1241630a94447968495ce29a47a038b1f11e3a21f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-885863426f74406f9c15a3acc7c49c2f-4b03d362f7c54b97-01
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.aucklandmuseum.com/
X-Requested-With: XMLHttpRequest
Request-Id: |885863426f74406f9c15a3acc7c49c2f.4b03d362f7c54b97

Response headers

Date: Thu, 16 Nov 2023 06:33:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Content-Length: 136
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
Request-Context: appId=cid-v1:4c11c3a7-5700-49d2-97c7-0c0a9e98c4f7
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context
Cache-Control: private, max-age=0
Access-Control-Allow-Credentials: true
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Headers: *

GET
H2 200 modules.f9859f007fa31a6b8e2b.js Show response
script.hotjar.com/ 225 KB
56 KB 315ms
314ms Script
application/javascript 54.192.150.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f9859f007fa31a6b8e2b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2376861.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.150.84 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-192-150-84.sin2.r.cloudfront.net

Software

Resource Hash

34d58ee8dc6831f1cee0503cd43e30f6edad8ecb1317ffd9b9a9cf3f938846a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 11:32:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 160bb0630905c94d984edd48c570887e.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN2-C1
age: 68509
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56977
last-modified: Wed, 15 Nov 2023 11:31:43 GMT
etag: "f565829958ae806575cfc59590c1eb6e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: owlc_vSHfkNXhmIyjGBCKPEntFY9X3aXegWXW7D3sSmswvPS4D36QA==

GET
H2 200 /
www.google.com/pagead/1p-user-list/302428441/ 42 B
456 B 179ms
178ms Image
image/gif 142.251.10.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/302428441/?random=1700116431878&cv=11&fst=1700114400000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&fmt=3&is_vtc=1&cid=CAQSKQDICaaNvu7_FQDTzYz7w18m42UmPG96fOhQxyQvJ9wAfTPkznMLOH_I&random=1780288512&rmt_tld=0&ipr=y

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f99.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.sg/pagead/1p-user-list/302428441/ 42 B
456 B 144ms
144ms Image
image/gif 142.251.175.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/pagead/1p-user-list/302428441/?random=1700116431878&cv=11&fst=1700114400000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&fmt=3&is_vtc=1&cid=CAQSKQDICaaNvu7_FQDTzYz7w18m42UmPG96fOhQxyQvJ9wAfTPkznMLOH_I&random=1780288512&rmt_tld=1&ipr=y

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com.sg/pagead/1p-conversion/961485226/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_...
https://www.google.com/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2...
https://www.google.com.sg/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3...

42 B
109 B

126ms
123ms

Image
image/gif

142.251.175.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRmRfektYc0hTanRVbVl0bEhUci1hUFk4emFPT0tGZF9DUE1wWkJGeWZoUEowb29yOTRhSmtnIhMI1dnnofPHggMV-qRmAh26_Qjm&is_vtc=1&ocp_id=07dVZZWkKvrJmsMPuvujsA4&cid=CAQSKQDICaaN4zWp5hjL-0E6U9g6gZ__doaLmpxEDYp8EQCRJTL6q-q6ZI3i&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF03D8CqWBbz7R-C3fjtPUo6K7D_ewSgY6g&random=2441989361&ipr=y

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Server

142.251.175.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.com.sg/pagead/1p-conversion/961485226/?random=326189166&cv=11&fst=1700116431880&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRmRfektYc0hTanRVbVl0bEhUci1hUFk4emFPT0tGZF9DUE1wWkJGeWZoUEowb29yOTRhSmtnIhMI1dnnofPHggMV-qRmAh26_Qjm&is_vtc=1&ocp_id=07dVZZWkKvrJmsMPuvujsA4&cid=CAQSKQDICaaN4zWp5hjL-0E6U9g6gZ__doaLmpxEDYp8EQCRJTL6q-q6ZI3i&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF03D8CqWBbz7R-C3fjtPUo6K7D_ewSgY6g&random=2441989361&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-hBBM68Exb36my.js Show response
rules.quantcount.com/ 4 KB
2 KB 802ms
151ms Script
application/javascript 54.192.150.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-hBBM68Exb36my.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.150.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-150-50.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9e6e74e0a9257959f9c5527791ccba78cda7ad06977b0612bbb52697f20fbfdc

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 06:33:56 GMT
content-encoding: gzip
via: 1.1 41fd6d5d31b98dbe4a4504a337ab4b96.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN2-C1
age: 2750
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 01 Jul 2021 03:04:20 GMT
server: AmazonS3
etag: W/"4a3782058e973fd3f861c8bb175e9343"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: a5leu96MUaQfpdghM2Jy8Cm7nXwNMTuxfH-F863XJ2zMVpWsUx2Bjg==

GET
H2 200 main.MTdjYzNiZDU2MA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 397 KB
106 KB 134ms
134ms Script
application/javascript 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD2E4IJC77U2F908R8V0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 62723060de0c92d89ec49f9b3bc1fd54b786111e8ad3451a6cf7ebc8553e7b74

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-akamai-request-id: c7c11479
date: Thu, 16 Nov 2023 06:33:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231109073134DCBD02C6B6AB3BE16732
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01f38e92228c3172865119b89b7ee816f5b190dc0556b95e8e55fe4413048713b2123fb68555051ad16b7a15ac478a69bb7e8956dfec18a6f5e2c9067760979470cca2d693d52c1671d465b19f607fbfee966e5ddc4407fe2324d958bda1e0bbfa
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=3
content-length: 108265

GET
H2 200 927997600911227 Show response
connect.facebook.net/signals/config/ 143 KB
37 KB 346ms
344ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/927997600911227?v=2.9.138&r=stable&domain=www.aucklandmuseum.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

96a5ef445f4ac011f9feac379c47d600bb0c8e6f62463c088b91d01265a30b92

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 06:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: vXCHiOqKnp9oqhPwh3mXrxV2Xc4Akd+7RkgvGSwT/urQN03sXVpKskkE9DURl1g5As6PuGyiFKuDH2D2amFJMw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_bb163.js Show response
analytics.tiktok.com/i18n/pixel/static/ 135 KB
36 KB 131ms
130ms Script
application/javascript 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_bb163.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-akamai-request-id: c7c11cb8
date: Thu, 16 Nov 2023 06:33:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20231109073128B859A9E000EEFFD65C2C
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0113daa06a18e808a2b8c4b93288b72fd49492cf20b5147ceb33dfe1a609ee72455013eb85199be82e5e884fea6d8da6dde542b93486bd4e0951e3db394cbc081301df8eb8a8ed3bf8c4677163ac88e98acb2145b0dd0dd624227ebd201d4af50f
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=12
content-length: 36203

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
649 B 395ms
394ms Ping
text/plain 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: c7c11df1
date: Thu, 16 Nov 2023 06:33:57 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
server-timing: inner; dur=36, cdn-cache; desc=MISS, edge; dur=5, origin; dur=269
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202311160633560F83B2EF39EAD425CEAA
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 270,23.75.21.24
x-tt-trace-host: 013600485498ae636e2ab5cad7f4aca8e9c74a922a106ae41b5d5bc4cc39396ff90fcea7830ef0dd96023bd6db0f776142b793027bc5408b4745169a71c84096e86119a4b95521a97317540ffa84bd6947b68b7152d9a1a96369ee63a83bd3e51b
access-control-allow-headers: Authorization,*
expires: Thu, 16 Nov 2023 06:33:57 GMT

POST
H2 200 / Show response
content.hotjar.io/ 56 B
162 B 1424ms
469ms XHR
application/json 54.72.40.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.72.40.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-40-201.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ccfee025a163ae21368344978c6ae8135b4114caaa5d41d2abf19e08518f607f

Request headers

Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Nov 2023 06:33:58 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 /
www.facebook.com/tr/ 0
186 B 722ms
109ms Image
text/plain 157.240.13.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=927997600911227&ev=PageView&dl=https%3A%2F%2Fwww.aucklandmuseum.com%2F&rl=https%3A%2F%2Fwww.aucklandmuseum.com%2F&if=false&ts=1700116436889&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4125&fbp=fb.1.1700116436885.515324915&cs_est=true&it=1700116436332&coo=false&tm=1&rqm=GET

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.13.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-sin6.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 16 Nov 2023 06:33:57 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
789 B 389ms
388ms Ping
text/plain 96.17.96.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.17.96.24 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a96-17-96-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: f6beb67.c7c123dc
date: Thu, 16 Nov 2023 06:33:57 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-75-21-24.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
x-parent-response-time: 265,23.75.21.24
server-timing: cdn-cache; desc=MISS, edge; dur=226, origin; dur=47, inner; dur=41
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023111606335787271D090587762EC5A0
x-cache-remote: TCP_MISS from a23-48-100-105.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52182464) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 47,23.48.100.105
x-tt-trace-host: 013600485498ae636e2ab5cad7f4aca8e9febec83c891868617fa886dcfa582ac536b2dd32cc85e5c25d7324620d1a3f25ad59664f38514527bbcf9cd2abd0d22c23aba5763aeaca7bcf1d9750b1cf1f644863756206a521fa1a6d0b5a7b65fa374a7189d84f494bab7309b0dfb07e4406
access-control-allow-headers: Authorization,*
expires: Thu, 16 Nov 2023 06:33:57 GMT

GET
H2 200 pixel;r=1627933169;labels=_fp.event.Homepage;rf=0;a=p-hBBM68Exb36my;url=https%3A%2F%2Fwww.aucklandmuseum.com%2F;ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F;uht=2;fpan=1;fpa=P0-1306444218-1700116436...
pixel.quantserve.com/ 35 B
373 B 141ms
136ms Image
image/gif 103.229.10.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1627933169;labels=_fp.event.Homepage;rf=0;a=p-hBBM68Exb36my;url=https%3A%2F%2Fwww.aucklandmuseum.com%2F;ref=https%3A%2F%2Fwww.aucklandmuseum.com%2F;uht=2;fpan=1;fpa=P0-1306444218-1700116436008;pbc=;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;d=aucklandmuseum.com;dst=0;et=1700116437051;tzo=-480;ogl=image.https%3A%2F%2Fwww%252Eaucklandmuseum%252Ecom%2Fclient%2Fimg%2Faucklandmuseum%2Fam_logo_fb%252Epng%2Ctitle.Home%2Cdescription.Auckland%20War%20Memorial%20Museum%20tells%20the%20story%20of%20New%20Zealand%252C%20its%20place%20in%20the%20Pa%2Curl.https%3A%2F%2Fwww%252Eaucklandmuseum%252Ecom%2F%2Csite_name.Auckland%20War%20Memorial%20Museum%2Ctype.website;ses=16fe435f-94bf-4bbd-8b93-89de307b783c;mdl=

Requested by

Host: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.229.10.171 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

OPTIONS
H2 200 track
southeastasia-1.in.applicationinsights.azure.com//v2/ 0
0 109ms
109ms Preflight 20.24.4.131
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://southeastasia-1.in.applicationinsights.azure.com//v2/track

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.24.4.131 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.aucklandmuseum.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Thu, 16 Nov 2023 06:33:57 GMT
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-request-id: 6bc9f879-291b-426e-b57e-f2e2e2ebab49

POST
H2 200 track Show response
southeastasia-1.in.applicationinsights.azure.com//v2/ 49 B
137 B 125ms
124ms XHR
application/json 20.24.4.131
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://southeastasia-1.in.applicationinsights.azure.com//v2/track

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.24.4.131 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

a0371d4fc59a21c844b13e45055c533e2410c7238808a8378e5f57d13f1db958

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.aucklandmuseum.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 06:33:57 GMT
x-content-type-options: nosniff
server: Microsoft-HTTPAPI/2.0
x-request-id: 18015434-d06c-4060-a7c0-7fdeebf315eb
content-type: application/json; charset=utf-8

POST
H2 204 collect
analytics.google.com/g/ 0
55 B 108ms
107ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-Q1608KR6QQ&gtm=45je3b81v898597397z876826785&_p=1700116430656&gcd=11l1l1l1l1&dma=0&cid=470302416.1700116430&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700116429&sct=1&seg=1&dl=https%3A%2F%2Fwww.aucklandmuseum.com%2F&dr=https%3A%2F%2Fwww.aucklandmuseum.com%2F&dt=Home%20-%20Auckland%20War%20Memorial%20Museum&en=page_view&tfd=9584
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q1608KR6QQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.aucklandmuseum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 06:33:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.aucklandmuseum.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/getattachment/modular/menus/footer/partners/auckland-stardome-(1)/museums-of-auckland-logo_1.png?lang=en-NZ&width=300&height=143&ext=.png

Domain: analytics.google.com
URL: https://analytics.google.com/g/collect?v=2&tid=G-Q1608KR6QQ&gtm=45je3b81v898597397z876826785&_p=1700116423807&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=470302416.1700116430&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700116429&sct=1&seg=0&dl=https%3A%2F%2Fwww.aucklandmuseum.com%2F&dt=Home%20-%20Auckland%20War%20Memorial%20Museum&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7206

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Q1608KR6QQ&cid=470302416.1700116430&gtm=45je3b81v898597397z876826785&aip=1&dma=0&gcd=11l1l1l1l1

Domain: www.google.com.sg
URL: https://www.google.com.sg/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q1608KR6QQ&cid=470302416.1700116430&gtm=45je3b81v898597397z876826785&aip=1&dma=0&gcd=11l1l1l1l1&z=1998096528

Domain: www.google.com
URL: https://www.google.com/pagead/1p-conversion/961485226/?random=1057506416&cv=11&fst=1700116427621&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=aX_GCMah27ADEKqzvMoD&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&value=0&auid=66094215.1700116428&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EktDaEFJZ1BYUnFnWVEyTlRlMDcyMzZ2Z3RFaVFBbGtOUDRnWDJlWTBvMUs1VlljamhENkY0WG9nTlcteGpELUtNWFZsS2xacmNFQ0EaVkNoQUlnUFhScWdZUW5OaWN1TWpQeW9raUVpd0FoTFpFRlE3Zk1aWUdwdUVucldZQXRzZk1LQl8yQkczX3paWUJSSjdKczJ2dFRZUU1DNEZ6aFJCU1lBIhMI95uGn_PHggMVWIhmAh3u9A-9&is_vtc=1&ocp_id=zbdVZbeBN9iQmsMP7um_6As&cid=CAQSKQDICaaNApPKTCH8Q4DlwpB8AmhPSsklVrlQr6A07pMCwovpB1afkKji&eitems=ChAIgPXRqgYQmbfSz9jul8MIEh0A-5dRF_vbNsbzzATZ1ryJNA6Zhgt6tQNC25Flbw&random=3716443371

Domain: script.hotjar.com
URL: https://script.hotjar.com/modules.f9859f007fa31a6b8e2b.js

Domain: www.google.com
URL: https://www.google.com/pagead/1p-user-list/302428441/?random=1700116427615&cv=11&fst=1700114400000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&fmt=3&is_vtc=1&cid=CAQSGwDICaaNfObvrv6BMlj47VS8uMua-9QVX63Fwg&random=541086334&rmt_tld=0&ipr=y

Domain: www.google.com.sg
URL: https://www.google.com.sg/pagead/1p-user-list/302428441/?random=1700116427615&cv=11&fst=1700114400000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76826785&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.aucklandmuseum.com%2F&label=GoogleAds%20RMK%20NFP&frm=0&tiba=Home%20-%20Auckland%20War%20Memorial%20Museum&fmt=3&is_vtc=1&cid=CAQSGwDICaaNfObvrv6BMlj47VS8uMua-9QVX63Fwg&random=541086334&rmt_tld=1&ipr=y

Domain: connect.facebook.net
URL: https://connect.facebook.net/signals/config/927997600911227?v=2.9.138&r=stable&domain=www.aucklandmuseum.com

Domain: rules.quantcount.com
URL: https://rules.quantcount.com/rules-p-hBBM68Exb36my.js

Domain: analytics.google.com
URL: https://analytics.google.com/g/collect?v=2&tid=G-Q1608KR6QQ&gtm=45je3b81v898597397&_p=1700116423807&gcd=11l1l1l1l1&dma=0&cid=470302416.1700116430&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1700116429&sct=1&seg=0&dl=https%3A%2F%2Fwww.aucklandmuseum.com%2F&dt=Home%20-%20Auckland%20War%20Memorial%20Museum&en=user_engagement&_et=1069&tfd=8281

Domain: www.aucklandmuseum.com
URL: https://www.aucklandmuseum.com/AucklandMuseum/files/af/af12f9ff-59e7-4953-96df-42d9344fdad3.png

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.aucklandmuseum.com/	1970-01-21 01:02:18	Name: CMSPreferredCulture Value: en-NZ
www.aucklandmuseum.com/	1969-12-31 23:59:59	Name: CMSCsrfCookie Value: X670IINki83SY7Gf7cO+6a0B31gNC+tvSQAO1WF5
www.aucklandmuseum.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: gnx13oee3pe233ebmziv4jlm
www.aucklandmuseum.com/	1970-01-21 01:00:52	Name: ai_user Value: AI9iF+1dJalWzZTTcihNjA\|2023-11-16T06:33:47.568Z
.aucklandmuseum.com/	1970-01-20 18:24:52	Name: _gcl_au Value: 1.1.66094215.1700116428
myaccount.aucklandmuseum.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: plvkmulxmras4nswxgu3ctrv
myaccount.aucklandmuseum.com/	1969-12-31 23:59:59	Name: .ASPXFORMSAUTH Value: C7CA751E4796C0EC17623C0156116D2502DAB14A31FDF53493654787799C6B37E8E9AB409A4D4BCB1DF6710AB33A75D219BF87D75CB45353AF5F9FB8C6539A4B1D63FB9FF4AAF18783A0097BB5C36E9C648D4DACF28E4E4CE5B0B0383D517F578B02B70A11C2DA3B0649D6F71F83E1DCF2236CBA60F491EB72AB62A9D40B2264F78FCA77858E87DD27711325CE24F5893F6AEE94BC20ECF26A528AA09B3134423C108B58CA70AF10E23E28827B713338CEA6089D224B3DEC13F25D7EF93018E060F9A09A
.aucklandmuseum.com/	1969-12-31 23:59:59	Name: nlbi_2313081 Value: MNWyUflp1Xvis7C5O+8QHQAAAAAaGHzEtNN4Iq6L0+uRXt3a
.aucklandmuseum.com/	1970-01-21 01:00:04	Name: visid_incap_2313081 Value: +gCZ7ErpS5WiPrSGRDARzcu3VWUAAAAAQUIPAAAAAAAxjni8ZwmGGhYuyMW4gR9N
.aucklandmuseum.com/	1969-12-31 23:59:59	Name: incap_ses_1565_2313081 Value: ieR6HWXVlSK3SX5ntf+3Fcy3VWUAAAAAmFGzn8CURGrk/IBQ9n73vA==
www.aucklandmuseum.com/	1969-12-31 23:59:59	Name: AKMMembership Value:
.aucklandmuseum.com/	1970-01-21 01:51:16	Name: _ga Value: GA1.1.470302416.1700116430
.tiktok.com/	1970-01-21 01:36:52	Name: _ttp Value: 2YFLYkaarn8yqc33Ihorw83D9Dh
.doubleclick.net/	1970-01-21 01:51:16	Name: IDE Value: AHWqTUnKqemqiaBIrVvAp-owvWR_nnUOfdMdR0Y6oDjxXpbBBi1GjOirvTwtkAfT
.aucklandmuseum.com/	1969-12-31 23:59:59	Name: TNEW Value: BFVhpsG6GMkhzexZxoOuPmN9jsIIa3UsoyiGuzy3JyHMY4F5iO4p583njnMkiMKLLzs/cbjWPsRaDy3YwsO9hOlajo9hr1VhX8JWD17KolysUyzWUYrmMakNbX2CFv34iEXtQ9oBYgMfaOZku6Azcn8h1y2U9n17qoncKLhoDzB0A/GBn018WWPbR5COtFkv
.aucklandmuseum.com/	1970-01-21 01:51:16	Name: _ga_Q1608KR6QQ Value: GS1.1.1700116429.1.1.1700116433.56.0.0
www.aucklandmuseum.com/	1970-01-20 16:15:18	Name: ai_session Value: qdIntaZx2IPx6qDYHpQLl2\|1700116429201\|1700116434551
.aucklandmuseum.com/	1970-01-21 01:36:52	Name: _tt_enable_cookie Value: 1
.aucklandmuseum.com/	1970-01-21 01:36:52	Name: _ttp Value: q8OWQZfD5cPxI4nvJZu33smRLaf
.aucklandmuseum.com/	1970-01-20 16:15:18	Name: _hjFirstSeen Value: 1
.aucklandmuseum.com/	1970-01-20 16:15:18	Name: _hjIncludedInSessionSample_2376861 Value: 1
.aucklandmuseum.com/	1970-01-20 16:15:18	Name: _hjSession_2376861 Value: eyJpZCI6IjkxYzk2ZjUxLWZhNzctNGExNi04ZGFkLWFmMTdiYjY4NzNmMCIsImNyZWF0ZWQiOjE3MDAxMTY0MzY3MzYsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjp0cnVlfQ==
.aucklandmuseum.com/	1970-01-21 01:00:52	Name: _hjSessionUser_2376861 Value: eyJpZCI6IjJjYjQ3NDUzLTQ1ZTQtNTIzOS1iZDQwLWNkYTRiOWY5YzQ2NiIsImNyZWF0ZWQiOjE3MDAxMTY0MzY3MzUsImV4aXN0aW5nIjp0cnVlfQ==
.aucklandmuseum.com/	1970-01-20 16:15:18	Name: _hjAbsoluteSessionInProgress Value: 0
.aucklandmuseum.com/	1970-01-20 18:24:52	Name: _fbp Value: fb.1.1700116436885.515324915
.quantserve.com/	1970-01-21 01:45:30	Name: mc Value: 6555b7d5-1b2e7-2114c-adbdb
.aucklandmuseum.com/	1970-01-21 01:39:45	Name: __qca Value: P0-1306444218-1700116436008

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://.google.com; style-src 'self' data: 'unsafe-inline' .aucklandmuseum.com ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io .google.com .googleapis.com .jotform.co .jotfor.ms .twitter.com .twimg.com .riddle.com; img-src * 'self' data: .aucklandmuseum.com ajrctguoxo.cloudimg.io https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com; font-src 'self' data: .gstatic.com .jotform.co .hotjar.com; connect-src * 'self' https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.googleapis.com https://.google.com https://.gstatic.com https://.logrocket.io https://.lr-ingest.io https://.logrocket.com https://.lr-in.com https://.lr-in-prod.com https://.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://.google.com; worker-src https://.google.com blob:; frame-ancestors 'self' https://.google.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajrctguoxo.cloudimg.io
akmprod.blob.core.windows.net
analytics.google.com
analytics.tiktok.com
cdn.scaleflex.it
code.jquery.com
connect.facebook.net
content.hotjar.io
googleads.g.doubleclick.net
js.monitor.azure.com
myaccount.aucklandmuseum.com
pixel.quantserve.com
polyfill.io
rules.quantcount.com
script.hotjar.com
secure.quantserve.com
southeastasia-1.in.applicationinsights.azure.com
static.hotjar.com
stats.g.doubleclick.net
www.aucklandmuseum.com
www.facebook.com
www.google.com
www.google.com.sg
www.googleadservices.com
www.googletagmanager.com
analytics.google.com
connect.facebook.net
rules.quantcount.com
script.hotjar.com
stats.g.doubleclick.net
www.aucklandmuseum.com
www.google.com
www.google.com.sg
103.229.10.171
13.107.246.59
13.224.250.18
13.224.250.96
13.227.254.59
142.251.10.97
142.251.10.99
142.251.175.94
151.101.1.26
151.101.66.137
157.240.13.35
157.240.7.26
20.24.4.131
20.43.132.132
216.239.32.181
45.60.125.73
52.239.197.68
54.192.150.50
54.192.150.84
54.72.40.201
64.233.170.155
74.125.24.154
96.17.96.24
0123bd7958bfdb03bd1837709a8c48bcf4c96606a6653acdd92c99f06d9ffbdc
01950f1e3e97d2fc7ccaba131db3d214f77b6a28af682d8072cf13e089df189f
019da770517e467f311b2f602721f2ae52a4efa62843b75939551feea5bd42fa
020c4edb4314dcafeee622bcdb864ba2a645279696c26432ec357e1109f79661
04204ad9942a135111c63df119539fba6da4eb388566806a6643bf98f3605265
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
097c776b11d2117540f28adeaff8fbc593f905cac61064943d6ab7e3ebc99f39
155fcfa57d7ecf257e5f23b7cc11c5a151867e20d4e43f8c4efdbd62d19cec66
19b388e733f0af2b17dd1bd41d2c776079e40aaf5efad3a2c0b62efd78d4a1e7
19c48a194bc9895cd80e49c54dd83e321999061a4497565da97852921f621d2f
260beff2f010ff66019561a62dcaa2fc03ce83ded463bf06f588f7b432d04688
2b4eaf7c5c3c62a91b28bd5d4aa8475a44a18ffd185dec3698579dbb95579a5e
2be721560b8cae178785531dc523d2f7b9b173bb6571536fed94a85c0d31c525
2f42bd54149cbd50a46b415f833bdd0ba690b829feb531b5d00db99685508d5e
30846515e4492acc552fbd0a556ecea516cdcc53b5ed057f3e81076c6fc82572
30f01cb0378900d0903570f13a4501850d824ac60df11ee48bace5d71b02ffb6
34d58ee8dc6831f1cee0503cd43e30f6edad8ecb1317ffd9b9a9cf3f938846a8
3509434a5a7975c5aecc80abd698652653d10c3339651168b6956ca5b5c6419d
36bcd89cf32426d8e3961a73376cc2e999ea28e344596bece26c1b202b20ff80
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3eb85bd8ec9e2a7bb4dcb724db025f2f43ba2df3028fb458e1ad6d5d6c9da0fc
3ffe52762d7e397d435df9f1151bd8f8a5045fb05469afaa0a4e4522b459214d
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
40f75e5016869b213eeef1ab4af4086f24a5a74de067e0e365a6d4eb73165cc3
419764b8d4d4db2bbf7486b81935cd73efc7577f8d493d05231eb6be3bd6eeab
41b156770ac5e9b69e41b6e2f23f9ad6e4399daa59e48dea29cbbb5338a7ae00
45a0a4733a6c67fa0fdbc501af9ed1342649e41f6182a3eef26886be807cf732
4acf565b75f5edc8987503d6714415019db979f7090966c4ebdb5be1ae68bfa4
4e0781bdd2cbb5db04da3b5e059eeca34e325fabb893bee7457b5babf5b7c029
5992b09ef1cf4e55c558b770a634a278608582eab22298da3c905938b1991212
5b608be012b96fc0c17371624bc3c86185350749086e18894a4c61f3b38429c4
61a26f094028474c48bd972cbdf05e51a69e808148d4163d58579a1dd8f1a5f4
62723060de0c92d89ec49f9b3bc1fd54b786111e8ad3451a6cf7ebc8553e7b74
64ea340624722b039e7694c20c005033a65efc13c961b4eab9acec7e78d53e78
6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707
6e6da0ef0d5cb4c7b0a9e7ba7bb244bb4ba806f5ed07f5477fb1ce34a4c0bbbc
6f8da90b266ca94343756cd15b53adf0f0e949cdfe6783fb1d557036fdf78c65
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561
78a47e59337e20684dbaf742ebf965a53334ed92432ce625b8bebe031b94debe
7a5769b1cd152fea61172d1241630a94447968495ce29a47a038b1f11e3a21f9
80497450e65ff6079c1a6ba72fc4fa4afc4d70bfa3e0885387320e81c7bec71c
84afea5bd5b3e044801e45b3eb70924ac533be34ead261965ae26dfd0ae61940
86f7986267e1c6750cf52c26b40c104df3f01087e80d1390380fd25ea03e7e8e
92930fdad6d0ecd445ab34ed135c1868d10179a2ca34dfba7045c91c2d5fcefe
96a5ef445f4ac011f9feac379c47d600bb0c8e6f62463c088b91d01265a30b92
9e6e74e0a9257959f9c5527791ccba78cda7ad06977b0612bbb52697f20fbfdc
9f9425c961900c8d8b3b30085c3969eef0c845a11c5be9fad704d160c64a12f5
9fafeecba5d4b636f608e91e703f087e959d4cdeca5683c39ccf4efaadc20252
a0371d4fc59a21c844b13e45055c533e2410c7238808a8378e5f57d13f1db958
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a
a491c1eb98f8f723f5ebb6015e6680a189ce1f770762d63db234b43e030054e9
be4c84eb489868b84f401b51f8d46af7d6dda90bf19490ca996f861c7b5a697f
c18ffa81c3bf136d48484d7949001c345c90df059350d00bb27998ac79155301
c4157ee31d70c084decc800eef3363e9d28f494e470d9c486d39d34430a394f6
ccfee025a163ae21368344978c6ae8135b4114caaa5d41d2abf19e08518f607f
d1016cbc5360789ddca52cf5c4787af3bf5c65768620b262420da1d7a550c169
d512b06ff52a3f7939d980239249dfdcab98d40fae2ec0068798a3701aac1b4e
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
da7163e13346ce0db20878e03e63dbd212251bc7e0fc9c571185c2b0eb91e415
dc3f4edee092a86f7b859cb9bcc35c0c27cadbee1f4562f2a79f492f0ffd6dde
ded489f53d970c69d9477248e535cff56391b58605fe6ae26744b17e04dcdc62
df3331100c6661cff1cba81adc01543738d09db795dcdd8a4f0753bbaefbb0a8
df39ae109307d48dc6abf0b996210672df0c23df629a49c08f45523d5c10bff6
e3b0678a7a64cb89f2b56f341a7cb01b19aa7228455c405b7048a2a24cf4d988
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b38fb762963adbe977f0fb3108492307547862dca4b41b5149c4c9ddfc8b5
e44c3b782978c44af9885b97302632e45ff19d01ecb745e91d21cf597c22cb29
e491532fcae4d637cac70bbdfa4bff4ee92953c15c579c236b9964a8b46073fb
e5446321873e63ecf7c6605dcc5a587801058373aced45cd36072e6c7e4b399b
e794e22b958be22aa7d990bf48836539d74064c4879d36265d3fb75235fc6132
e7b42b40c560e8375c4b06de3b13dc90ddc242e473dc3bee4547f53a2496b2a3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30a8307ad288ec36f9a65a182897897d7c097ff0122b4b58112765b73636f98
f7e77a7980e0c1db259e90e5709ab64c2bd6124cf9edc9c3cbc1aaa4554b287f
fdcc09f245ba4a7fd19b563aed2ca0d0c1fd96daaa714d8c8682c75bb9100721
fefcb73069e5edd01829eafb175ba6b080fc40853292aa0aa136c3bc6580a8ff

www.aucklandmuseum.com Open in urlscan Pro 20.43.132.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

162 Requests

80 %HTTPS

0 %IPv6

19 Domains

25 Subdomains

24 IPs

3 Countries

11249 kBTransfer

14689 kBSize

27 Cookies

19 Outgoing links

Page URL History

Redirected requests

162 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

www.aucklandmuseum.com Open in urlscan Pro
20.43.132.132 Public Scan

Screenshot
Live screenshot

Full Image

162
Requests

80 %
HTTPS

0 %
IPv6

19
Domains

25
Subdomains

24
IPs

3
Countries

11249 kB
Transfer

14689 kB
Size

27
Cookies

162 HTTP transactions
0 data transactions