www.stg.nytimes.com Open in urlscan Pro
151.101.129.164  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://account-fe.account.nyti.stg.nyt.net/ Page URL
2. https://www.stg.nytimes.com/account/account Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

• https://sb.scorecardresearch.com/cs/3005403/beacon.js HTTP 302
• https://sb.scorecardresearch.com/internal-cs/default/beacon.js

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response account-fe.account.nyti.stg.nyt.net/	1 KB 1 KB	502ms 200ms	Document text/html	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash 78e593cd28a6a111f241ed20b89dde4cd4da42dce188fce9920890e61864ca9a Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes cache-control no-cache, max-age=300, must-revalidate,no-transform content-encoding gzip content-length 610 content-type text/html date Sun, 07 Jul 2024 16:23:18 GMT etag "bcdb9ff8cd9dc59bdca0ded555c373cd" expires Sun, 07 Jul 2024 16:28:18 GMT last-modified Wed, 28 Feb 2024 12:33:24 GMT server envoy strict-transport-security max-age=63072000; preload; includeSubdomains x-envoy-decorator-operation account-fe.account.nyti.stg.nyt.net:443/* x-envoy-upstream-service-time 82 x-goog-generation 1709123604145433 x-goog-hash crc32c=sZoqcQ== md5=vNuf+M2dxZvcoN7VVcNzzQ== x-goog-metageneration 1 x-goog-storage-class STANDARD x-goog-stored-content-encoding gzip x-goog-stored-content-length 610 x-guploader-uploadid ACJd0NomsBYMmBBSC89UbrIab2CzraPCTqSb1MHBX_NpIYF5bMbaeEXnnYISNaj90233BjOwvxkTMxmT3w
GET H2	200	datalayer.js Show response account-fe.account.nyti.stg.nyt.net/account-assets/	3 KB 1 KB	252ms 251ms	Script application/javascript	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://account-fe.account.nyti.stg.nyt.net/account-assets/datalayer.js Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash 69c1f3ec9d4f74f06690da46d58f225844e9504619c7064fbd13b9da38b9e97c Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:18 GMT content-encoding gzip x-envoy-decorator-operation account-fe.account.nyti.stg.nyt.net:443/* strict-transport-security max-age=63072000; preload; includeSubdomains x-guploader-uploadid ACJd0NoVRLEzgmCorOhnZsIpLxxutKeMxrGNcr_XPncBmKd2acHirK7_CsdQly42l9ehbyjnN5M x-goog-storage-class STANDARD x-goog-metageneration 1 x-envoy-upstream-service-time 133 x-goog-stored-content-encoding gzip content-length 1316 last-modified Wed, 28 Feb 2024 12:33:23 GMT server envoy etag "35abf01c487e0df0550fca148810162e" x-goog-generation 1709123603651992 content-type application/javascript x-goog-hash crc32c=YivTAw==, md5=NavwHEh+DfBVD8oUiBAWLg== cache-control no-cache, max-age=300, must-revalidate,no-transform x-goog-stored-content-length 1316 accept-ranges bytes expires Sun, 07 Jul 2024 16:28:18 GMT
GET H2	200	iterateHQ.js Show response account-fe.account.nyti.stg.nyt.net/account-assets/	783 B 785 B	218ms 217ms	Script application/javascript	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://account-fe.account.nyti.stg.nyt.net/account-assets/iterateHQ.js Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash 9efc6414462040b8e4ce38c6176444bd8396426638a1ae8d4b67575bc1eff193 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:18 GMT content-encoding gzip x-envoy-decorator-operation account-fe.account.nyti.stg.nyt.net:443/* strict-transport-security max-age=63072000; preload; includeSubdomains x-guploader-uploadid ACJd0Noowug_hQ30-U3F--xf78i6IFPhrhEvo_NeUcVdcMz6rkUqTGNhGNTugodDbPDbAqdsmPXNedv9BQ x-goog-storage-class STANDARD x-goog-metageneration 1 x-envoy-upstream-service-time 98 x-goog-stored-content-encoding gzip content-length 561 last-modified Wed, 28 Feb 2024 12:33:24 GMT server envoy etag "53e1211229a2b0e26d0a22557b39ed88" x-goog-generation 1709123604169195 content-type application/javascript x-goog-hash crc32c=IFJa3g==, md5=U+EhEimisOJtCiJVezntiA== cache-control no-cache, max-age=300, must-revalidate,no-transform x-goog-stored-content-length 561 accept-ranges bytes expires Sun, 07 Jul 2024 16:28:18 GMT
GET H2	200	0.2.0.browser-sdk.min.js Show response customerchat.nytimes.com/chat-js-sdk/versions/	3 KB 2 KB	570ms 446ms	Script text/javascript	151.101.65.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://customerchat.nytimes.com/chat-js-sdk/versions/0.2.0.browser-sdk.min.js Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.65.164 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software envoy / Resource Hash 0839c4668ffc0a8a4f17d4aba481e58b5c0fc3db223936ae24e930f189e4686c Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=63072000; preload; includeSubdomains x-envoy-decorator-operation chat.care.nyti.nyt.net:443/* content-encoding gzip date Sun, 07 Jul 2024 16:23:19 GMT via 1.1 varnish age 0 x-cache MISS x-envoy-upstream-service-time 2 content-length 1364 x-request-id 1c080e7e-b575-9bc7-88ac-aaad3cf1f67b x-served-by cache-fra-etou8220064-FRA last-modified Wed, 12 Jun 2024 19:14:26 GMT server envoy x-nyt-backend care_chat_nyti x-timer S1720369399.623189,VS0,VE407 vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control max-age=0 x-nyt-route customer-chat-nyti accept-ranges bytes x-cache-hits 0
GET H2	200	fonts.css account-fe.account.nyti.stg.nyt.net/account-assets/	11 KB 2 KB	236ms 235ms	Stylesheet text/css	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://account-fe.account.nyti.stg.nyt.net/account-assets/fonts.css Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash 58c39b27db4298d2ca0c61f3d3ba7a5f26e4a9d4d7ee8454f914644655330129 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:18 GMT content-encoding gzip x-envoy-decorator-operation account-fe.account.nyti.stg.nyt.net:443/* strict-transport-security max-age=63072000; preload; includeSubdomains x-guploader-uploadid ACJd0NpW6pqi0k7Y8YS7wCJUO_-P-96hXO6KD4-ndn6FLnRLgu4YRKm0AZFLBOgWaHGQHAKUT44IxZVAFQ x-goog-storage-class STANDARD x-goog-metageneration 1 x-envoy-upstream-service-time 117 x-goog-stored-content-encoding gzip content-length 1478 last-modified Wed, 28 Feb 2024 12:33:23 GMT server envoy etag "2064a5f77486aaebdb06e1837b67c4d7" x-goog-generation 1709123603653756 content-type text/css x-goog-hash crc32c=2oUoBw==, md5=IGSl93SGquvbBuGDe2fE1w== cache-control no-cache, max-age=300, must-revalidate,no-transform x-goog-stored-content-length 1478 accept-ranges bytes expires Sun, 07 Jul 2024 16:28:18 GMT
GET H2	200	main.870ac445.js Show response account-fe.account.nyti.stg.nyt.net/account-assets/static/js/	558 KB 176 KB	342ms 342ms	Script application/javascript	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://account-fe.account.nyti.stg.nyt.net/account-assets/static/js/main.870ac445.js Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash 58cfa6e901525b556019ad12116d4d20aeabe589c3c88a49d39b49172ebdd445 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:18 GMT content-encoding gzip x-envoy-decorator-operation account-fe.account.nyti.stg.nyt.net:443/* strict-transport-security max-age=63072000; preload; includeSubdomains age 0 x-guploader-uploadid ACJd0NrZUQ5gDClxX59hE9Vy_vKdVznKhIUuQ2CoDIeH8BDn1adepnHsVp9eJBTF1egp9dLj39w x-goog-storage-class STANDARD x-goog-metageneration 2 x-envoy-upstream-service-time 106 x-goog-stored-content-encoding gzip content-length 179985 last-modified Wed, 28 Feb 2024 12:33:24 GMT server envoy etag "019331eab2627a7b6da2afe2a6222e3a" vary Accept-Encoding x-goog-generation 1709123604187593 x-goog-hash crc32c=DjsKVw==, md5=AZMx6rJienttoq/ipiIuOg== content-type application/javascript cache-control public, max-age=604800 x-goog-stored-content-length 179985 accept-ranges bytes expires Sun, 14 Jul 2024 16:23:18 GMT
GET H2	200	gtm.js www.googletagmanager.com/	483 KB 134 KB	186ms 99ms	Script application/javascript	2a00:1450:4001:830::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=WiJyA7zv1sohHCWSZ3mF1Q&gtm_preview=env-8&gtm_cookies_win=x Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/account-assets/datalayer.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:19 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 136539 x-xss-protection 0 pragma no-cache server Google Tag Manager vary * content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	data-layer a.dev.nytimes.com/svc/nyt/	993 B 1 KB	639ms 305ms	XHR application/json	50.19.239.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://a.dev.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-account-fe&referrer=&assetUrl=https%3A%2F%2Fmyaccount.nytimes.com%2Fseg%2F Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/account-assets/datalayer.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.19.239.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-50-19-239-224.compute-1.amazonaws.com Software envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-nyti-upstream gke date Sun, 07 Jul 2024 16:23:19 GMT x-envoy-decorator-operation a.dev.nytimes.com:443/* via 1.1 google strict-transport-security max-age=63072000; preload; includeSubdomains content-encoding gzip server envoy vary Accept-Encoding access-control-allow-methods GET, PUT, POST, DELETE, OPTIONS content-type application/json; charset=UTF-8 access-control-allow-origin https://account-fe.account.nyti.stg.nyt.net access-control-allow-credentials true x-envoy-upstream-service-time 163 access-control-allow-headers Content-Type, x-requested-by
GET H2	403	Primary Request account Show response www.stg.nytimes.com/account/	425 B 1 KB	180ms 42ms	Document text/html	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.stg.nytimes.com/account/account Requested by Host: account-fe.account.nyti.stg.nyt.net URL: https://account-fe.account.nyti.stg.nyt.net/account-assets/static/js/main.870ac445.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash 0af389b7128f21d794fe42c9e5e5008b4c84f48be172e079a64b63e1155e5200 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.stg.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://account-fe.account.nyti.stg.nyt.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-expose-headers X-Nyt-Mktg-Group content-length 425 content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.stg.nytimes.com/report; content-type text/html; charset=utf-8 date Sun, 07 Jul 2024 16:23:19 GMT onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/account/account permissions-policy browsing-topics=() retry-after 0 server Varnish strict-transport-security max-age=63072000; preload; includeSubdomains x-api-version F-X x-cache MISS x-cache-hits 0 x-nyt-app-map webview=false,preloaded=false x-nyt-app-webview 0 x-nyt-edge-cache MISS x-nyt-mktg-group group0 x-served-by cache-fra-etou8220114-FRA
GET		directives purr.dev.nytimes.com/v1/	0 0
POST		track a.et.stg.nytimes.com/	0 0
GET H2	200	gtm.js www.googletagmanager.com/	208 KB 71 KB	64ms 64ms	Script application/javascript	2a00:1450:4001:830::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N5P6T9S&l=dataLayer Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=WiJyA7zv1sohHCWSZ3mF1Q&gtm_preview=env-8&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:19 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 72638 x-xss-protection 0 last-modified Sun, 07 Jul 2024 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 07 Jul 2024 16:23:19 GMT
GET		tags.js dd.nytimes.com/	0 0
GET		beacon.js sb.scorecardresearch.com/internal-cs/default/ Redirect Chain https://sb.scorecardresearch.com/cs/3005403/beacon.js https://sb.scorecardresearch.com/internal-cs/default/beacon.js	0 0
GET H2	200	destination www.googletagmanager.com/gtag/	220 KB 0	80ms 80ms	Script application/javascript	2a00:1450:4001:830::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=DC-5290727&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=WiJyA7zv1sohHCWSZ3mF1Q&gtm_preview=env-8&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://account-fe.account.nyti.stg.nyt.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 07 Jul 2024 16:23:19 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80276 x-xss-protection 0 last-modified Sun, 07 Jul 2024 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 07 Jul 2024 16:23:19 GMT
GET		chartbeat_video.js static.chartbeat.com/js/	0 0
GET		show-ads.js a1.nyt.com/analytics/	0 0
GET		comscore-streaming.js a1.nyt.com/analytics/	0 0
GET		nyt.js cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/	0 0
GET		loader.js platform.iteratehq.com/	0 0
GET H2	403	favicon.ico www.stg.nytimes.com/	425 B 540 B	41ms 39ms	Other text/html	151.101.129.164 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.stg.nytimes.com/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.129.164 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash 254c03eaacfef2637e039f6b6670fa8566d55121f5a50666f80cefe5c2f59e7c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.stg.nytimes.com/report; Strict-Transport-Security max-age=63072000; preload; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://www.stg.nytimes.com/account/account Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-nyt-app-map webview=false,preloaded=false date Sun, 07 Jul 2024 16:23:19 GMT content-security-policy upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.stg.nytimes.com/report; strict-transport-security max-age=63072000; preload; includeSubdomains x-api-version F-X x-cache MISS x-nyt-mktg-group group0 content-length 425 x-served-by cache-fra-etou8220114-FRA server Varnish onion-location https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/favicon.ico content-type text/html; charset=utf-8 access-control-expose-headers X-Nyt-Mktg-Group x-nyt-app-webview 0 permissions-policy browsing-topics=() x-nyt-edge-cache MISS accept-ranges bytes retry-after 0 x-cache-hits 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

purr.dev.nytimes.com

URL

https://purr.dev.nytimes.com/v1/directives?exclude_cookies=purr-pref-regi%2Cpurr-elig

Domain

a.et.stg.nytimes.com

URL

https://a.et.stg.nytimes.com/track

Domain

dd.nytimes.com

URL

https://dd.nytimes.com/tags.js

Domain

sb.scorecardresearch.com

URL

https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Domain

static.chartbeat.com

URL

https://static.chartbeat.com/js/chartbeat_video.js

Domain

a1.nyt.com

URL

https://a1.nyt.com/analytics/show-ads.js

Domain

a1.nyt.com

URL

https://a1.nyt.com/analytics/comscore-streaming.js

Domain

cdn.brandmetrics.com

URL

https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js

Domain

platform.iteratehq.com

URL

https://platform.iteratehq.com/loader.js

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nytimes.com/	1970-01-21 06:38:25	Name: nyt-purr Value: (null)
			.nytimes.com/	1970-01-21 06:38:25	Name: nyt-a Value: TmKROz4Ns5i2FdZoRCYkIcxf
			.et.stg.nytimes.com/	1970-01-20 21:52:51	Name: sessionActive Value: true
			.et.stg.nytimes.com/	1970-01-21 06:38:25	Name: sessionIndex Value: 1|1720369399790|TmKROz4Ns5i2FdZoRCYkIcxf|1720369399790
			.et.stg.nytimes.com/	1970-01-20 21:54:15	Name: et-ppvid Value: https://account-fe.account.nyti.stg.nyt.net/=xTkeaDA7rpA7i4ymlIJJ36Lp

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.stg.nytimes.com/account/account Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.stg.nytimes.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.dev.nytimes.com
a.et.stg.nytimes.com
a1.nyt.com
account-fe.account.nyti.stg.nyt.net
cdn.brandmetrics.com
customerchat.nytimes.com
dd.nytimes.com
platform.iteratehq.com
purr.dev.nytimes.com
sb.scorecardresearch.com
static.chartbeat.com
www.googletagmanager.com
www.stg.nytimes.com
a.et.stg.nytimes.com
a1.nyt.com
cdn.brandmetrics.com
dd.nytimes.com
platform.iteratehq.com
purr.dev.nytimes.com
sb.scorecardresearch.com
static.chartbeat.com
151.101.129.164
151.101.65.164
2a00:1450:4001:830::2008
50.19.239.224
0839c4668ffc0a8a4f17d4aba481e58b5c0fc3db223936ae24e930f189e4686c
0af389b7128f21d794fe42c9e5e5008b4c84f48be172e079a64b63e1155e5200
254c03eaacfef2637e039f6b6670fa8566d55121f5a50666f80cefe5c2f59e7c
58c39b27db4298d2ca0c61f3d3ba7a5f26e4a9d4d7ee8454f914644655330129
58cfa6e901525b556019ad12116d4d20aeabe589c3c88a49d39b49172ebdd445
69c1f3ec9d4f74f06690da46d58f225844e9504619c7064fbd13b9da38b9e97c
78e593cd28a6a111f241ed20b89dde4cd4da42dce188fce9920890e61864ca9a
9efc6414462040b8e4ce38c6176444bd8396426638a1ae8d4b67575bc1eff193