www.firstgroup-sa.co.za Open in urlscan Pro
2606:4700::6811:ba3a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Effective URL:
https://www.firstgroup-sa.co.za/
Submission: On August 12 via api (August 12th 2023, 5:58:52 pm UTC) from US — Scanned from DE

Summary HTTP 160 Redirects Links 48 Behaviour Indicators

Summary

This website contacted 32 IPs in 4 countries across 25 domains to perform 160 HTTP transactions. The main IP is 2606:4700::6811:ba3a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.firstgroup-sa.co.za.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 9th 2023. Valid for: a year.

This is the only time www.firstgroup-sa.co.za was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	52.169.10.20 52.169.10.20	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
1 49	2606:4700::68... 2606:4700::6811:ba3a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1 4	2606:4700:303... 2606:4700:3034::6815:1478	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	195.244.31.25 195.244.31.25	63140 (IGUANA-WO...) (IGUANA-WORLDWIDE)
18	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:25e... 2600:9000:25eb:9e00:16:41f8:18c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2 6	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	52.222.149.81 52.222.149.81	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:480... 2a02:26f0:480:b82::14a9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:81c::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	13.32.110.74 13.32.110.74	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	18.195.182.116 18.195.182.116	16509 (AMAZON-02) (AMAZON-02)
1	18.184.21.194 18.184.21.194	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a00:1450:400... 2a00:1450:4001:6a::a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
10	3.5.228.141 3.5.228.141	() ()
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
160	32

2 52.169.10.20 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

mktdplp102cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2606:4700::6811:ba3a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.firstgroup-sa.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.galaxy.tf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image-tc.galaxy.tf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:1478 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

onboard.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.244.31.25 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)
PTR: xo7-viplb-01-new.ny.ig-1.net

dynamic.travelclick-websolutions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:25eb:9e00:16:41f8:18c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.tsa-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.149.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-81.cdg52.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:b82::14a9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn-4.convertexperiments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.110.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-74.vie50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.182.116 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-182-116.eu-central-1.compute.amazonaws.com

logs.convertexperiments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.21.194 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-21-194.eu-central-1.compute.amazonaws.com

10041242.metrics.convertexperiments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:6a::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

rr5---sn-4g5ednsl.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.5.228.141 (None, )

ASN- ()

crpimagebucket.s3.af-south-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	firstgroup-sa.co.za 1 redirects www.firstgroup-sa.co.za	909 KB
18	youtube.com www.youtube.com — Cisco Umbrella Rank: 91 Failed	1 MB
16	googlevideo.com rr5---sn-4g5ednsl.googlevideo.com — Cisco Umbrella Rank: 81001	3 MB
13	galaxy.tf cdn.galaxy.tf — Cisco Umbrella Rank: 111845 image-tc.galaxy.tf — Cisco Umbrella Rank: 85796	2 MB
10	amazonaws.com crpimagebucket.s3.af-south-1.amazonaws.com	111 KB
8	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 static.doubleclick.net — Cisco Umbrella Rank: 313 stats.g.doubleclick.net — Cisco Umbrella Rank: 114	5 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 54 region1.google-analytics.com — Cisco Umbrella Rank: 2069	22 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	145 KB
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	280 B
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 jnn-pa.googleapis.com — Cisco Umbrella Rank: 271	33 KB
4	google.com www.google.com — Cisco Umbrella Rank: 3	15 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	341 KB
4	triptease.io 1 redirects onboard.triptease.io — Cisco Umbrella Rank: 29404	74 KB
3	convertexperiments.com cdn-4.convertexperiments.com — Cisco Umbrella Rank: 17627 logs.convertexperiments.com — Cisco Umbrella Rank: 40722 10041242.metrics.convertexperiments.com	80 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	244 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5933	563 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 245	23 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 781 script.hotjar.com — Cisco Umbrella Rank: 1126	59 KB
2	tsa-db.com api.tsa-db.com — Cisco Umbrella Rank: 78756	1 KB
2	dynamics.com dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com	1 KB
1	google.ru www.google.ru — Cisco Umbrella Rank: 10211	408 B
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 246	4 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1295	50 KB
1	travelclick-websolutions.com dynamic.travelclick-websolutions.com — Cisco Umbrella Rank: 117028	2 KB
1	azureedge.net mktdplp102cdn.azureedge.net — Cisco Umbrella Rank: 34474	11 KB
160	25

	Domain	Requested by
36	www.firstgroup-sa.co.za	1 redirects mktdplp102cdn.azureedge.net www.firstgroup-sa.co.za cdn-4.convertexperiments.com
18	www.youtube.com	www.firstgroup-sa.co.za www.youtube.com
16	rr5---sn-4g5ednsl.googlevideo.com	www.youtube.com
12	image-tc.galaxy.tf	www.firstgroup-sa.co.za
10	crpimagebucket.s3.af-south-1.amazonaws.com	www.firstgroup-sa.co.za
6	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com www.youtube.com www.firstgroup-sa.co.za
5	www.facebook.com	www.firstgroup-sa.co.za
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.firstgroup-sa.co.za
4	www.google.com	www.youtube.com www.firstgroup-sa.co.za
4	jnn-pa.googleapis.com	www.youtube.com
4	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	www.googletagmanager.com	www.firstgroup-sa.co.za www.googletagmanager.com
4	onboard.triptease.io	1 redirects www.firstgroup-sa.co.za onboard.triptease.io
3	connect.facebook.net	www.firstgroup-sa.co.za connect.facebook.net
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	region1.google-analytics.com	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
2	www.google.de	www.firstgroup-sa.co.za
2	cdnjs.cloudflare.com	cdn-4.convertexperiments.com www.firstgroup-sa.co.za
2	api.tsa-db.com	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
2	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com	mktdplp102cdn.azureedge.net
1	www.google.ru	www.firstgroup-sa.co.za
1	stats.g.doubleclick.net	www.google-analytics.com
1	10041242.metrics.convertexperiments.com	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
1	logs.convertexperiments.com	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
1	yt3.ggpht.com	www.youtube.com
1	script.hotjar.com	static.hotjar.com
1	static.doubleclick.net	www.youtube.com
1	cdn-4.convertexperiments.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	dynamic.travelclick-websolutions.com	www.firstgroup-sa.co.za
1	fonts.googleapis.com	www.firstgroup-sa.co.za
1	cdn.galaxy.tf	www.firstgroup-sa.co.za
1	mktdplp102cdn.azureedge.net	dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
160	34

This site contains links to these domains. Also see Links.

Domain
www.holeinthewall.co.za
www.costasmeraldaresort.co.za
www.clubhacienda.co.za
www.lamontagne.co.za
www.brockwoodhall.com
reservations.travelclick.com
search.firstgroup-sa.co.za
reservations.lacotedazurresort.co.za
reservations.margatesandsresort.co.za
reservations.thepalace.co.za
www.nightsbridge.co.za
booking.hoseasons.co.uk
book.nightsbridge.com
www.google.com
document-tc.galaxy.tf
www.facebook.com
twitter.com
www.instagram.com
firstgroupweletyoube.wordpress.com

Subject Issuer	Validity	Valid
*.svc.dynamics.com Microsoft Azure TLS Issuing CA 05	`2023-07-10` - `2024-06-27`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2023-05-05` - `2024-04-28`	a year	crt.sh
www.firstgroup-sa.co.za Cloudflare Inc ECC CA-3	`2023-04-09` - `2024-04-08`	a year	crt.sh
cdn.galaxy.tf Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-22` - `2023-08-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.travelclick-websolutions.com Gandi Standard SSL CA 2	`2023-07-05` - `2024-07-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
image-tc.galaxy.tf Cloudflare Inc ECC CA-3	`2023-05-08` - `2024-05-07`	a year	crt.sh
onboard.triptease.io GTS CA 1P5	`2023-07-08` - `2023-10-06`	3 months	crt.sh
*.tsa-db.com Amazon RSA 2048 M02	`2023-02-28` - `2024-03-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.convertexperiments.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-06` - `2024-01-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.metrics.convertexperiments.com Amazon RSA 2048 M02	`2023-02-14` - `2024-01-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-07-25` - `2023-10-03`	2 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.s3.af-south-1.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2023-12-16`	8 months	crt.sh
*.google.com.ru GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.firstgroup-sa.co.za/
Frame ID: 82E10B5107BEDF7119B4E66CC2E4F382
Requests: 105 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
Frame ID: 98681C2E379B52ADE2794516499C6660
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
Frame ID: 61BAE34FA7507659B762F695BB452D62
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
Frame ID: 348D51E6C9408ACE40459D3622EC23CD
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
Frame ID: 6021B0FC544030B518B13E153B0FA897
Requests: 48 HTTP requests in this frame

Frame: https://onboard.triptease.io/kernel/v6805.82300/kernel-host.html?originHost=www.firstgroup-sa.co.za
Frame ID: 2893020FC5BEC6EA7E2FF2DA1AEFE1C9
Requests: 2 HTTP requests in this frame

Frame: https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js
Frame ID: 94EE5304458E241EFA06764880AEA062
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7A687315E4B127AE49B041A677BA939A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3BF60A037BE8E87A914B19A5D22A5C4B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Luxury Holiday Accommodation in South Africa | First Group Resorts

Page URL History Show full URLs

https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtH... Page URL
https://www.firstgroup-sa.co.za/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

160
Requests

93 %
HTTPS

77 %
IPv6

25
Domains

34
Subdomains

32
IPs

4
Countries

7755 kB
Transfer

15747 kB
Size

23
Cookies

48 Outgoing links

These are links going to different origins than the main page.

URL: https://www.holeinthewall.co.za/
Title: Hole in the Wall

Search URL Search Domain Scan URL

URL: https://www.costasmeraldaresort.co.za/
Title: Costa Smeralda

Search URL Search Domain Scan URL

URL: https://www.clubhacienda.co.za/
Title: Club Hacienda

Search URL Search Domain Scan URL

URL: https://www.lamontagne.co.za/accommodation/3-bedroom-superior-penthouse
Title: The Penthouse at La Montagne

Search URL Search Domain Scan URL

URL: https://www.brockwoodhall.com/
Title: Brockwood Hall

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107135?ProdID=717531&LanguageID=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107121?ProdID=724395&LanguageID=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://search.firstgroup-sa.co.za/FST/PRO90D?leaddays=90&nights=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107115?ProdID=710790&LanguageID=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107135?ProdID=717402&LanguageID=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107113?ProdID=722334&LanguageID=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.lacotedazurresort.co.za/107111?ProdID=717414&LanguageID=1&_ga=2.176885925.1853465270.1623055927-1446515571.1611749387#/guestsandrooms
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.margatesandsresort.co.za/107109?ProdID=717410&LanguageID=1&_ga=2.74416658.1442388449.1623311268-1446515571.1611749387#/guestsandrooms
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.thepalace.co.za/107099?LanguageID=1&ProdID=717535
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107093?HotelId=107093&languageid=1&rooms=1&adults=1&night=3
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107115?HotelId=107115&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107109?HotelId=107109&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107135?HotelId=107135&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18196
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107137?HotelId=107137&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107097?HotelId=107097&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18098
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=19917
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18738
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=19916
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107127?HotelId=107127&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=19915
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107107?HotelId=107107&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107099?HotelId=107099&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107105?HotelId=107105&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107111?HotelId=107111&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107113?HotelId=107113&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: https://reservations.travelclick.com/107121?HotelId=107121&languageid=1&rooms=1&adults=1
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18371
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18902
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=18900
Title: Book Now

Search URL Search Domain Scan URL

URL: https://booking.hoseasons.co.uk/brockwoodhall/lodges/brwo
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=16334
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=31946
Title: Book Now

Search URL Search Domain Scan URL

URL: https://book.nightsbridge.com/21311
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=33177
Title: Book Now

Search URL Search Domain Scan URL

URL: http://www.nightsbridge.co.za/bridge/book?bbid=33176
Title: Book Now

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/place/1+Crompton+St,+New+Germany,+Pinetown,+3610,+Afrique+du+Sud/@-29.8188371,30.8578645,17z/data=!3m1!4b1!4m5!3m4!1s0x1ef6fe5d5ddc7b85:0x8a87e32861227370!8m2!3d-29.8188371!4d30.8600532

Search URL Search Domain Scan URL

URL: https://document-tc.galaxy.tf/wdpdf-baromcilz8dz43yhxg342b983/home_cms-document.pdf
Title: Covid-19 Update

Search URL Search Domain Scan URL

URL: https://www.facebook.com/First-Group-Management-172187339479597

Search URL Search Domain Scan URL

URL: https://twitter.com/First_Group_ZA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/first_group_mgmt

Search URL Search Domain Scan URL

URL: https://firstgroupweletyoube.wordpress.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx Page URL
https://www.firstgroup-sa.co.za/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://onboard.triptease.io/bootstrap.js?integrationId=01FZGACC90HYFT4DTPHMABCEX6 HTTP 307
https://onboard.triptease.io/bootstrap/v6805.82300/bootstrap.js

Request Chain 39

https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

Request Chain 56

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 151

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

160 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx Show response
dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/ 586 B
1 KB 1041ms
363ms Document
text/html 52.169.10.20
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.169.10.20 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

87d0c7f3c30cf74913468135b848dfa09f4851fad0bacbfe4e433c4da52f3a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

api-deprecated: False
content-length: 586
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 17:58:45 GMT
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000; includeSubDomains
x-activity-id: fcf46c4a-35c5-40a4-ac79-7cec1341a508
x-content-type-options: nosniff
x-ms-activity-id: fcf46c4a-35c5-40a4-ac79-7cec1341a508
x-servicefabricrequestid: 391c308a-1599-4ce2-a8e3-75060790c6ce 7ece5d11-9988-44e3-b576-735fee69f0bc

GET
H2 200 bot-detection.js Show response
mktdplp102cdn.azureedge.net/public/latest/js/ 29 KB
11 KB 334ms
15ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://mktdplp102cdn.azureedge.net/public/latest/js/bot-detection.js?v=1.84.2007
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CDA) /
Resource Hash: 84eacf3f43bf7b9177fb78c533f34c3930cd517da0295bfd57bd5e01b2400ed8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 12 Aug 2023 17:58:46 GMT
content-encoding: gzip
content-md5: Yp+2mkXk4MNv10H73jLLCQ==
age: 453878
x-cache: HIT
content-length: 10471
x-ms-lease-status: unlocked
last-modified: Tue, 14 Feb 2023 10:25:54 GMT
server: ECAcc (frc/4CDA)
etag: 0x8DB0E75DA644AE9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2a6c0a14-601e-0074-0d25-c96753000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 cp
dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/ 0
0 82ms
81ms Fetch 52.169.10.20
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/cp

Requested by

Host: mktdplp102cdn.azureedge.net
URL: https://mktdplp102cdn.azureedge.net/public/latest/js/bot-detection.js?v=1.84.2007

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.169.10.20 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 17:58:46 GMT
x-content-type-options: nosniff
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
x-servicefabricrequestid: 4296f200-8291-45bc-ac82-e59f62dfc049, b416982c-23a0-4382-b858-5151d9c1bccf
x-activity-id: 34554b67-4a15-4105-ab6e-a341a2fd266e
x-ms-activity-id: 34554b67-4a15-4105-ab6e-a341a2fd266e
content-length: 0
api-deprecated: False

GET
H2 200 Primary Request / Show response
www.firstgroup-sa.co.za/ 178 KB
25 KB 2097ms
264ms Document
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/

Requested by

Host: mktdplp102cdn.azureedge.net
URL: https://mktdplp102cdn.azureedge.net/public/latest/js/bot-detection.js?v=1.84.2007

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5547d8f26f4675dd63aa5f6b080b0dec9af0a22ff9232e297f03feeeb143cc3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7f5a9bcc4ee103b0-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 17:58:49 GMT
last-modified: Fri, 11 Aug 2023 12:20:44 GMT
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 712d13f439dbc19e06adfdbf33812a64.cloudfront.net (CloudFront)
x-amz-cf-id: ZYJgI5apyTE1Qs9MeRlHtApWP6bt1NVDwEmq8F-XYNW8TEnnQfUf3A==
x-amz-cf-pop: CDG3-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 main.css
www.firstgroup-sa.co.za/css/custom/721/47/main/2075e48fadcfffc43106ba000870852b/ 306 KB
51 KB 288ms
286ms Stylesheet
text/css 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/css/custom/721/47/main/2075e48fadcfffc43106ba000870852b/main.css

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d18d8c02267735d514d1b55662dd81b79a74863066d4c6145d108a8099b7818

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 8513b0b4c77c9a98d13a007d589042fe.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:11 GMT
server: cloudflare
etag: W/"3b16fef5ecdb194db58ab7c13ff72415"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
cf-ray: 7f5a9bcdf95203b0-FRA
x-amz-cf-id: ZnMRW4SaUwMJFC94Bn70_8x389ymnq_t29J8q62aFEdBxYgovyKL8Q==

GET
H2 200 gms-latest.min.js Show response
cdn.galaxy.tf/asset-galaxy/js/ 148 KB
46 KB 424ms
369ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.galaxy.tf/asset-galaxy/js/gms-latest.min.js?v93be0159edb1b68f42ec36ab9db3b90a

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4f1b48eedafeaa3d9b02d15dc642b4cc9a995b6e517d6d9bd91d007a420a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=15768000
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 23 Aug 2022 10:13:41 GMT
server: cloudflare
etag: W/"250c8-5e6e5d19a30a6-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 7f5a9bce58805bf5-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 19 Aug 2023 17:58:49 GMT

GET
H2 200 css2
fonts.googleapis.com/ 33 KB
2 KB 69ms
31ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Great+Vibes&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

26b462068bdb82b16889165aae09e185499c92d7f70e02805f922e9291169a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 17:58:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 17:58:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 12 Aug 2023 17:58:49 GMT

GET
H2 200 CopperplateGothicBold.woff2
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 24 KB
24 KB 238ms
236ms Font
font/woff2 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/CopperplateGothicBold.woff2

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d11f751bbfcb3f74bcf60fcd587652038107e810669cd061441a399110e6e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d6bff47a79bb5fa9800d9ee4b2b92146.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 24304
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:39 GMT
server: cloudflare
etag: "05f290a1d57a905eaf542dbf89ebc236"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95503b0-FRA
x-amz-cf-id: 6Cs7OD4WtgwTZdh7HsIcukqVww-Vh5ltqfKcFnAntAaNGhySKrV-YQ==

GET
H2 200 CopperplateGothicBold.woff
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 31 KB
31 KB 220ms
218ms Font
application/x-font-woff 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/CopperplateGothicBold.woff

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fa9553b8e1c2e83d93cb6409d0c04fbd7f4df5fa073dc09526380b79c74aa6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 3222648a6d70343df21c8c5701c2e520.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 31880
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:34 GMT
server: cloudflare
etag: "269829e347820b7febfb4e7aaa78cc54"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95603b0-FRA
x-amz-cf-id: 18XL2cIrVwSWRRjWLhmprsZ2pXM8zOEoetVIBTt0b77PSuwi3q0MyQ==

GET
H2 200 itc_avant_lt_bold.woff2
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 20 KB
21 KB 112ms
110ms Font
font/woff2 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_lt_bold.woff2

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be7b85136bd51909802cf9df3eb5a9c4422d6149bb469b07233a0ea591a73b46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 20920
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:38 GMT
server: cloudflare
etag: "e8b0598527bbd215963e47b3e233e901"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95703b0-FRA
x-amz-cf-id: aK6b5GFjMlW-AFXrYCwcy3jf2budSAuAVFdrzFaeGULzk3SI_kLkwg==

GET
H2 200 itc_avant_lt_bold.woff
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 26 KB
26 KB 123ms
121ms Font
application/x-font-woff 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_lt_bold.woff

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfda8e97c19d1b57e5c77e515defcd80d7613d7b985bf58fe9abd989ccd5714a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 26424
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:32 GMT
server: cloudflare
etag: "8ab88185bca4bee0496fde06832470ac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95903b0-FRA
x-amz-cf-id: CXECxKMFQaws5ckiatfX5EW8TiGdykzGnjvsiApQSNyCFEg7mJRrzA==

GET
H2 200 itc_avant_medium.woff2
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 19 KB
19 KB 168ms
166ms Font
font/woff2 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_medium.woff2

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4e8fdcb8768b79bd2c243c78d8c348e03fbf4627f9ef5efcc6e018c617aa61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 19408
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:34 GMT
server: cloudflare
etag: "a8f042db7e5c85da64352b0bf42417fb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95b03b0-FRA
x-amz-cf-id: AKbgMgF5_8Dki06rGZkz_nMTxb0JAdn43k2CiJHDgkFlQ306G3x_0w==

GET
H2 200 itc_avant_medium.woff
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 24 KB
25 KB 192ms
191ms Font
application/x-font-woff 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_medium.woff

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cc32f757c93e1f0ead3f3c7a82abd4a1f3627ae69095466d755e0b7b24c1a64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 3222648a6d70343df21c8c5701c2e520.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 24868
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:11 GMT
server: cloudflare
etag: "dd3aa7f79a8b9f1180b5050369924b1d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95c03b0-FRA
x-amz-cf-id: NnVdP3qg_WsF24S5_0OcXBlze95tOiXhWUNJLDb6HFz1EWQnuW-bMQ==

GET
H2 200 itc_avant_garde_gothic_lt_extra_light-webfont.woff2
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 19 KB
19 KB 241ms
240ms Font
font/woff2 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_garde_gothic_lt_extra_light-webfont.woff2

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d3fc55488572a9b3887994dd1df3fb180c34fb6960f2383b064ee7b304a397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 4448f6f0cf46259e83792c753f97a4de.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 19716
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:36 GMT
server: cloudflare
etag: "a45078faf891a62a8200df321611aca3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95d03b0-FRA
x-amz-cf-id: xYs3Li2I2LxM27B_T4iwkR5oyjjVE8HQMpP16Am6uE8V40MEnmuOgA==

GET
H2 200 itc_avant_garde_gothic_lt_extra_light-webfont.woff
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 24 KB
25 KB 212ms
211ms Font
application/x-font-woff 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/itc_avant_garde_gothic_lt_extra_light-webfont.woff

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e2fd837706dddcf705eb8f148f17035ef45ab7c7572c561b8490c72a78fb6f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 32ceb5729c4d415c2eb5bbab5ff21b8e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 24960
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:32 GMT
server: cloudflare
etag: "01c6ac5bd7d66dc6f87830ee6e1e6518"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95e03b0-FRA
x-amz-cf-id: Vaz1s_qSubKOcN7ynKh7HZhrcUoI7Ahf9GuD_LFQTDBGhNUG3RhkyQ==

GET
H2 200 poetr-webfont.woff2
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 18 KB
19 KB 198ms
197ms Font
font/woff2 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/poetr-webfont.woff2

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bee18ec8d387da52c83bb979a5ebfd0a81f01e4578a9217246454d7248e8e44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 8411105b12842016b4473f6d89a20f3e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 18916
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:22 GMT
server: cloudflare
etag: "68c8e0697ce2d5f4478efe4145025318"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bcdf95f03b0-FRA
x-amz-cf-id: mJTK5ZftEmrVvngMVnwz3tboJaQ76cnL3pBsWZ5cXDRO8uHI-4j4Tg==

GET
H2 200 poetr-webfont.woff
www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/ 24 KB
24 KB 136ms
135ms Font
application/x-font-woff 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/fonts/poetr-webfont.woff

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d561b3b5b59d01ba7eb7228cc3f9e7eb550941335bb93f9696b1ebda16debb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstgroup-sa.co.za/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 24292
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:27 GMT
server: cloudflare
etag: "e071b6ae8c4d4321bd7dfdd1218ebed2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bce197903b0-FRA
x-amz-cf-id: N1EXJu7NMjvI31lTDFqQnFx-mBnnwnLRmpzRXGr8rGloGdEXzCTYhg==

GET
H3 200 galaxy-helpers.js Show response
www.firstgroup-sa.co.za/frontend/galaxy-helpers/public/ 56 KB
21 KB 115ms
115ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/frontend/galaxy-helpers/public/galaxy-helpers.js?v=l-b2ac919f-8e6c-47bb-815b-8275a0079bd6

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1af5c26a6ca0cf6e1efcd25d203b5d1b890d8d2756d58ca0cfdfafa2f488576

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 06:54:59 GMT
server: cloudflare
etag: W/"ef1febd8b777272d6178f74661f8347e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 7f5a9bce286137fe-FRA
x-amz-cf-id: fLNrdiO4z9GHiShyATUj0WYyI40dV87z6PCZxjzVKCuvgIr5_z8ckQ==

GET
H3 200 jquery-3.1.1.min.js Show response
www.firstgroup-sa.co.za/integration/first-hotels/public/vendor/ 85 KB
31 KB 177ms
176ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/vendor/jquery-3.1.1.min.js

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:32 GMT
server: cloudflare
etag: W/"5b5a269bd363e0886c17d855c2aab241"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 7f5a9bce286337fe-FRA
x-amz-cf-id: U1Fkk42YNWK6ep8_ej05tt5Rj8MMHRz0mCFn-v8JDppztRyHy30u9g==

GET
H3 200 lazysizes.min.js Show response
www.firstgroup-sa.co.za/integration/first-hotels/public/vendor/ 7 KB
4 KB 134ms
134ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/vendor/lazysizes.min.js

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06821251a29e71f8fd4f60349667c54d163b16d7bc8b1d47144c7f5042683eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:14 GMT
server: cloudflare
etag: W/"149ff45fc6c2f13e892e438a58abb77f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 7f5a9bce286537fe-FRA
x-amz-cf-id: aNgobMdpuO8vpwANiVYoeBOUypetG-harb853G8Hkm7WZsn-lDamVA==

GET
H3 200 bundle-evt.min.js Show response
www.firstgroup-sa.co.za/integration-shared/shared-evt/public/ 14 KB
5 KB 191ms
190ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration-shared/shared-evt/public/bundle-evt.min.js?v93be0159edb1b68f42ec36ab9db3b90a

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21e3b91dff6fbc82e8f064bdff51a687158d9362c8b0c85d1b84cb9d8bea62e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 12 Jun 2022 05:30:15 GMT
server: cloudflare
etag: W/"06be9dcc973ab297fdff7ed212970025"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 7f5a9bce286737fe-FRA
x-amz-cf-id: jB6xt_3NsVHgDuR9J-0CMKXhC5sOLY-Ilp3KNRBHZcn9r0iUJtCkbA==

GET
H3 200 bundle.js Show response
www.firstgroup-sa.co.za/integration/first-hotels/public/js/ 1 MB
324 KB 210ms
210ms Script
application/javascript 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/js/bundle.js?v93be0159edb1b68f42ec36ab9db3b90a

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d350c18850ccb96442fd9e501dfb290827f44090e10449f25ad95cd782d2d4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 13 Apr 2023 10:04:37 GMT
server: cloudflare
etag: W/"eefd778c350b63df23546d87b71e8df7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 7f5a9bce286837fe-FRA
x-amz-cf-id: Tmpid-VApmKc2qQdHOt27GKQus0baKik9fkn2TKkAUN4hoOb1S415w==

GET
H2

200

bootstrap.js Show response
onboard.triptease.io/bootstrap/v6805.82300/
Redirect Chain

https://onboard.triptease.io/bootstrap.js?integrationId=01FZGACC90HYFT4DTPHMABCEX6
https://onboard.triptease.io/bootstrap/v6805.82300/bootstrap.js

110 KB
34 KB

31ms
30ms

Script
application/javascript

2606:4700:3034::6815:1478
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/bootstrap/v6805.82300/bootstrap.js

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Server

2606:4700:3034::6815:1478 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae61c203f46423b463b144bdce07a3403780e1276228e39a31958ff0602e1551

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=15552000
content-encoding: br
cf-cache-status: HIT
x-goog-meta-git-hash: de7c1b979d3ecf488de0fbd2b19bcb77dd43a0ce
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15589
x-guploader-uploadid: ADPycdtJGgApfFITEQMxXF7c3wkQROnvPXrNgphfI4MpNaJs6iJlDHCMbDJRmrevGKkHtgxsR71l6DueVPxB6W8_ld5Z-SvvJ8yu
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-build-version: 6805.82300
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 11 Aug 2023 20:51:25 GMT
server: cloudflare
etag: W/"5dad3c86775938bdbb254a435b25f5db"
vary: Accept-Encoding
x-goog-generation: 1691787085700255
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=6RVfgw==, md5=Xa08hndZOL27JUpDWyX12w==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SGvpEXHSZEoZ6vK%2BxfXfFrY6CY881KjOc5QMos9gRGjLweIyPMwc0NLOhfvLCSYcUCl7iGe0Ftf34LjenJJvnG0xLM%2BD%2FB7QH1vu45jO6YuFlODYinR0LY7flkPacYGGq2lQ2PnsUA8%2FXnqnpxpyFlTloA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 112880
cf-ray: 7f5a9bd0cba81976-FRA
expires: Sun, 11 Aug 2024 13:08:48 GMT

Redirect headers

date: Sat, 12 Aug 2023 17:58:49 GMT
strict-transport-security: max-age=15552000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAN%2FDXRwmtdW%2BmgWpQpVAIYCKeOkGmGZpaCo0bRE0Zi6mJp2cxl6PD6r6UEq3EXEDsGTwr19CBBhNq0ZI4jbmChG5juMkokqwLMzfHQojBBIYazB9XVEeyVYuNjktauo05eKelIAngowmgV9Hxdk2A3p6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
location: https://onboard.triptease.io/bootstrap/v6805.82300/bootstrap.js
access-control-allow-origin: *
cache-control: public, max-age=600
cf-ray: 7f5a9bd09b641976-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 63
alt-svc: h3=":443"; ma=86400

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 53ms
17ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

07b896a6d0efd4c2b706477a0f2c2ada2dff59d654a3cd4bf2ed84333a90d7c7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 12 Aug 2023 17:58:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47245
x-xss-protection: 0
pragma: public
x-fb-debug: yqwocVs9OEO3a9EbGkaw5Z/HChaLNe1E0tLAXErHmZvAO/mpeAWEvWka7IGBNnWEj3fNFVMrC8TSC47Z/dx/Fw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 263 KB
81 KB 64ms
23ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TL2MM4B

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ceca7f93027ae6ce822af44faf9da291281b4edb529a5786d6eeb559bdd1855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83017
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 12 Aug 2023 17:58:49 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 322 KB
99 KB 101ms
61ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

387802abcdae28d34fc9820f6a349eb718e46e07b0016cdcdd457f62bd1e3891

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 101561
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 12 Aug 2023 17:58:49 GMT

GET ivIUsLAx7_s
www.youtube.com/embed/ Frame 9868 0
0

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 63ms
20ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Great+Vibes&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 00:05:03 GMT
x-content-type-options: nosniff
age: 64426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 00:05:03 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v35/ 49 KB
49 KB 33ms
33ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Great+Vibes&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3642c7e774562f7483d7b0de93dd1759fc6928e85eebd7e62ddae72e9d46c9cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.firstgroup-sa.co.za
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 21:19:25 GMT
x-content-type-options: nosniff
age: 592764
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50440
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:13:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Aug 2024 21:19:25 GMT

POST
H/1.1 200
OK 721 Show response
dynamic.travelclick-websolutions.com/view/ 2 KB
2 KB 799ms
322ms XHR
application/json 195.244.31.25
IGUANA-WORLDWIDE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.travelclick-websolutions.com/view/721

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/integration/first-hotels/public/js/bundle.js?v93be0159edb1b68f42ec36ab9db3b90a

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

195.244.31.25 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),

Reverse DNS

xo7-viplb-01-new.ny.ig-1.net

Software

Apache /

Resource Hash

83916a5459c05de171ef747a875a65d223db6c1dd22c77d57ec9360ab176f0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 17:58:50 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=15768000
Server: Apache
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
X-Real-Hostname: xo7-web-05
Content-Length: 906
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET ivIUsLAx7_s
www.youtube.com/embed/ Frame 61BA 0
0

GET ivIUsLAx7_s
www.youtube.com/embed/ Frame 348D 0
0

GET
H2 200 ivIUsLAx7_s Show response
www.youtube.com/embed/ Frame 6021 80 KB
33 KB 168ms
167ms Document
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/integration/first-hotels/public/js/bundle.js?v93be0159edb1b68f42ec36ab9db3b90a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

45b3d549261a118768c314e4431476d8d33820dc90e8be45d3b042f4472b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstgroup-sa.co.za/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 17:58:50 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dropdown-arrow2.svg
www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/ 396 B
677 B 149ms
148ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/dropdown-arrow2.svg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/css/custom/721/47/main/2075e48fadcfffc43106ba000870852b/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67048f24f9e15b8d779c632b86d09c4d9c9bb887a3142132bbb5f103e5163e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/css/custom/721/47/main/2075e48fadcfffc43106ba000870852b/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 6266dd3ac90488da9055f1b5c43dd138.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:33 GMT
server: cloudflare
etag: W/"51cd4cc2e178cdd8a0860500f595e434"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7f5a9bd27d2137fe-FRA
x-amz-cf-id: D8gFattAuxsPHZllqIywdMyWOCbUf1jg-Mzvwqku3kk8Bc_Ri2Jk6Q==

GET
H2 200 1547472146-5c3c8d1283504-thumb.png
image-tc.galaxy.tf/wipng-eru188k0utdnkajd713ojlvek/ 5 KB
6 KB 607ms
541ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-eru188k0utdnkajd713ojlvek/1547472146-5c3c8d1283504-thumb.png?width=166

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ff63be0f3ff1d88d1a3de3f0115d9593a43ac04b6e0dcb5f4b1846d9767e105

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
x-amz-version-id: ncbrqonI0SHC9I2p4rJ2ZhgOPt215c08
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 5202
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 21 Jun 2023 15:27:46 GMT
server: cloudflare
etag: "dcbe9cc734262c7cc70455499277c037"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd32e530472-FRA
x-amz-cf-id: HDtmeyttx--sFByI6qHqP-DHabw9iSSBtHLTmLQYIBxFzT0akzY6qg==

GET
H2 200 2351337388229475 Show response
connect.facebook.net/signals/config/ 383 KB
109 KB 82ms
81ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2351337388229475?v=2.9.123&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a4d21af82fff03e13660f93dccaa1fe66efec82343bb0096f0bdf2606a71ba2b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 12 Aug 2023 17:58:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: rd9t9oAkiNSvVG06eDUWLwuzkGtfwELQu9UgBM0D3ppI93Kiv0+qVveSKiybhlUwvClm1oL1zjTAZ0h6eJ3uIg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 kernel-host.html Show response
onboard.triptease.io/kernel/v6805.82300/ Frame 2893 57 KB
19 KB 65ms
35ms Document
text/html 2606:4700:3034::6815:1478
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/kernel/v6805.82300/kernel-host.html?originHost=www.firstgroup-sa.co.za

Requested by

Host: onboard.triptease.io
URL: https://onboard.triptease.io/bootstrap.js?integrationId=01FZGACC90HYFT4DTPHMABCEX6

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::6815:1478 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

223b53fe6d76f02cacfa858abf2929c33a427bd98928b49f6144f61de7442512

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.firstgroup-sa.co.za/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-expose-headers: Content-Type
age: 20356
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 7f5a9bd358bb371c-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 17:58:50 GMT
expires: Sun, 11 Aug 2024 11:55:44 GMT
last-modified: Fri, 11 Aug 2023 20:51:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shdYOXlsg8oY3LdULa1JS2xPSyGHPqGo%2BbsCchE80S1Y0L2d%2BU4QxXngd73Qm9X9Z%2FXsaJrrE8NgjPY%2FpRoSDkM%2BrCAzwY9R%2FgvT0M5S2g6syb9yHlXtC5AG1v8Imd7k%2FN14lSitEl36FEzxo%2Bvpv6mgXg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-goog-generation: 1691787108530944
x-goog-hash: crc32c=mOoafg== md5=K2AMcfijvE4StJRHjjnsrw==
x-goog-meta-build-version: 6805.82300
x-goog-meta-git-hash: de7c1b979d3ecf488de0fbd2b19bcb77dd43a0ce
x-goog-metageneration: 2
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 58557
x-guploader-uploadid: ADPycdvVV2_Os222o-jEy40yfgt6knSvjUJ2xjL4NVgtu9EyV46WvB16fe1pvF8E2GTfAS2ww-CSLZyFLri_NaoQnrif3w

OPTIONS
H2 200 892284
api.tsa-db.com/v1/data/BID/ Frame 0
0 204ms
124ms Preflight
application/json 2600:9000:25eb:9e00:16:41f8:18c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.tsa-db.com/v1/data/BID/892284
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25eb:9e00:16:41f8:18c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.firstgroup-sa.co.za
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=86400, s-maxage=86400, proxy-revalidate
content-length: 0
content-type: application/json
date: Sat, 12 Aug 2023 17:58:50 GMT
via: 1.1 f0503dd1ece22a88692fda1dd995e2e0.cloudfront.net (CloudFront)
x-amz-apigw-id: Jjw-JGs_DoEFslw=
x-amz-cf-id: DDriHaiM48m5D-Mm7aJiRueJJ_gqs6ugrzKIeeq-7lHnU8FPkMT9pw==
x-amz-cf-pop: MXP53-P3
x-amzn-requestid: 9fab41e5-ea65-4dc5-9012-43cb2e1e3ea6
x-cache: Miss from cloudfront

GET
H2 200 892284 Show response
api.tsa-db.com/v1/data/BID/ 681 B
1 KB 87ms
87ms XHR
application/json 2600:9000:25eb:9e00:16:41f8:18c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.tsa-db.com/v1/data/BID/892284
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25eb:9e00:16:41f8:18c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb30fb7d044c56ae5f6cf016c6cd539b023be7444bd51992d154862731a81258

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
via: 1.1 f0503dd1ece22a88692fda1dd995e2e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P3
x-amzn-trace-id: Root=1-64d7c85a-7ed97003726e13882f7881b8;Sampled=0;lineage=688c80a0:0
x-amzn-requestid: d285853f-ca12-4050-b7e7-b8fcb971bc2a
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
access-control-allow-credentials: true
x-amz-apigw-id: Jjw-KHSsjoEF_dQ=
content-length: 681
x-amz-cf-id: lqFVxdV-0wuhBM6tcITemNvXE4s_8kKkv4Rs3iElPrbadqOXhzivjg==

GET
H3

200

invisible.js Show response
www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/ Frame 94EE
Redirect Chain

https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/scripts/invisible.js
https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

7 KB
3 KB

21ms
20ms

Script
application/javascript

2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e469a2c69ee48268522d69aa6fa85aef8a1c05f2874676711d38c1fd66b84a02

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7f5a9bd38e4137fe-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 12 Aug 2023 17:58:50 GMT
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js
cache-control: max-age=300, public
cf-ray: 7f5a9bd33dee37fe-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 130 KB
50 KB 123ms
45ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-KZT9Z7N

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97cda42374d2f162af0faeb04e3113a0f497ff0077b03450ba61b88bdc3f7b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 50775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 12 Aug 2023 17:58:50 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 61ms
15ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 12 Aug 2023 17:44:23 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 867
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 12 Aug 2023 19:44:23 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/684551382/ 3 KB
2 KB 342ms
56ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684551382/?random=1691863130134&cv=11&fst=1691863130134&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&hn=www.googleadservices.com&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&auid=1973812446.1691863130&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ab03989e598adb11b0685eddc89c28335e8e37a982fc9e53f2ef35227bb2527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1392
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/684551679/ 3 KB
2 KB 364ms
78ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684551679/?random=1691863130137&cv=11&fst=1691863130137&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&hn=www.googleadservices.com&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&auid=1973812446.1691863130&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa80ff98e460b47ef13c3f8d436f3d323a303444be42dadac03f8655f8c07248

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1391
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-3449617.js Show response
static.hotjar.com/c/ 10 KB
4 KB 126ms
74ms Script
application/javascript 52.222.149.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3449617.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-81.cdg52.r.cloudfront.net

Software

Resource Hash

fe9f5235c18e578dc12c1bd5956e6f96088c13b588d8d3cdfdcbcc97c5dddaa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 ba7789e51500bb7b69a0c33a90aec410.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
etag: W/715c67ae4ce970c0f75788e51bb6fec2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 7GQiclaQ0t01d0Pby5LqxgI-bAsh_f3Ku7weTYKV9FSQ_Rg5CmK1wA==

GET
H2 200 1004973-10041242.js Show response
cdn-4.convertexperiments.com/js/ 304 KB
79 KB 131ms
35ms Script
application/javascript 2a02:26f0:480:b82::14a9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:b82::14a9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 805d6b8ee89a52f3e39dcc7a8aa466ea5795ddd3933f7bf2f848219cb26d7437

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: application/javascript
date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: gzip
cache-control: public, max-age=300
vary: Accept-Encoding
expires: Sat, 12 Aug 2023 18:03:50 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/3cd2d050/ Frame 6021 381 KB
48 KB 15ms
13ms Stylesheet
text/css 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94eb0a52735a4fda922b79ef6779dce909df3cc8be2df88a068329e653ec7614

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 15:49:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7738
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49039
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 11 Aug 2024 15:49:52 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/3cd2d050/www-embed-player.vflset/ Frame 6021 316 KB
95 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

728e2bdd2f7e678175dccbc728d33db34fb33f9c3eacdb092cb8925cd91f1184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:12:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2772
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97047
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 11 Aug 2024 17:12:38 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/ Frame 6021 2 MB
756 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48bad552d6886e2445947eb63f508631089b16cd348e9a115458a6f09d790e69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 260968
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 773173
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 08 Aug 2024 17:29:22 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6021 15 KB
15 KB 20ms
16ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:58:03 GMT
x-content-type-options: nosniff
age: 54047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 02:58:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6021 15 KB
15 KB 21ms
18ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 05:51:22 GMT
x-content-type-options: nosniff
age: 43648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 05:51:22 GMT

GET
H3 200 831287870643310 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 79ms
78ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/831287870643310?v=2.9.123&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e94826ed9cfd12ab25a587e4bcdb4c237167fcd85b38b8350782de861c0bb0ec

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 12 Aug 2023 17:58:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: dEjL/SKmjPS5/wdYtoWdIGdETJJ03NtCoFCGW0aDJjvcdMkzUuS7DCmlddsJCushU8jGWHL0diu9q1ZkkLdgTg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 52ms
21ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2351337388229475&ev=PageView&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&rl=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&if=false&ts=1691863130212&sw=1600&sh=1200&v=2.9.123&r=stable&ec=0&o=30&fbp=fb.2.1691863130210.1337316876&cs_est=true&it=1691863130066&coo=false&rqm=GET

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 17:58:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 52ms
21ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2351337388229475&ev=PageView&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&rl=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&if=false&ts=1691863130215&sw=1600&sh=1200&v=2.9.123&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=30&fbp=fb.2.1691863130210.1337316876&cs_est=true&it=1691863130066&coo=false&tm=1&rqm=GET

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 17:58:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 kernel.js
onboard.triptease.io/kernel/v6805.82300/ Frame 2893 63 KB
21 KB 29ms
29ms Other
application/javascript 2606:4700:3034::6815:1478
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/kernel/v6805.82300/kernel.js?

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::6815:1478 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7709a3a753368dd902babe99c18fe83e46687d7a96f243d0106e61636dd0b757

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onboard.triptease.io/kernel/v6805.82300/kernel-host.html?originHost=www.firstgroup-sa.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=15552000
content-encoding: br
cf-cache-status: HIT
x-goog-meta-git-hash: de7c1b979d3ecf488de0fbd2b19bcb77dd43a0ce
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 75739
x-guploader-uploadid: ADPycdvnI7bbuKMDfuj2_s2rAfmDo_PI-0GRd78a4pyIZVLilfAYEWSVVxfpJpgH8V5ueB2M4kJgHNvNc-k29SRfqa6Ou7IfisL1
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-build-version: 6805.82300
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 11 Aug 2023 20:51:48 GMT
server: cloudflare
etag: W/"6cd4c807ea049a864151829f60ca17b2"
vary: Accept-Encoding
x-goog-generation: 1691787108508150
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=OPvndg==, md5=bNTIB+oEmoZBUYKfYMoXsg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmLhLHeOxKZjOQWC4JqOQRQrxUfharZJWCZvf8T7X%2FLNd0kI6IYdf1hsFLs4Ib%2Fg2PnYXHQmwVChnEAFm9QMokjyCRQf4%2FjNTg2aWJgk8yNdDBjWyyWkQSaLOMQYXocmG%2FoSfbN4gRydnc7FA%2ByAYdP0ZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 64617
cf-ray: 7f5a9bd3e95a371c-FRA
expires: Sat, 10 Aug 2024 20:56:30 GMT

POST
H3 200 7f5a9bcc4ee103b0 Show response
www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 94EE 0
278 B 32ms
31ms XHR
text/plain 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/h/b/cv/result/7f5a9bcc4ee103b0
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
server: cloudflare
cf-ray: 7f5a9bd4efd837fe-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 6021
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
220 B

21ms
20ms

XHR
application/json

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06974c9091b3e70446eb2ab5ec7bb699b26d663dfdff6bea5cdd6a14e1dd8398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 6021 29 B
495 B 155ms
36ms Script
text/javascript 2a00:1450:4001:81c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:49:44 GMT
x-content-type-options: nosniff
age: 546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 12 Aug 2023 18:04:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
79 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3R5SJEDWK4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TL2MM4B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30d352e26a4125dbb420c490d16b9ba03015a89a14b4ee4c38a7dfaade9d6672

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81043
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 12 Aug 2023 17:58:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 235 KB
81 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LP9ZQF3SMX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9Q4XPK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c9626c5402c15ca7c1548128fa80f832a527167e1929c0d7761ad2c5c9c4606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82927
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 12 Aug 2023 17:58:50 GMT

GET
H2 200 1547536711-5c3d89471192b-thumb.png
image-tc.galaxy.tf/wipng-2o56s8th6a834tehxg7zey9li/ 17 KB
17 KB 510ms
509ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-2o56s8th6a834tehxg7zey9li/1547536711-5c3d89471192b-thumb.png?width=220

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82459c87ed7d203946353ab51cd4ad241e28cdbd58a183ac3f89e4a5abe10b56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
x-amz-version-id: DFwGeY9E9DA69.06wL_NNXBnAtjsaTQZ
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
content-length: 17391
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 14 Sep 2021 14:50:11 GMT
server: cloudflare
etag: "6ae3384a75a7c8eccb6d6c174a0a0f86"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd579340472-FRA
x-amz-cf-id: fCkvPfxV95HX7FHQ94ltpWLtS-2sAhtoJjjesIQXE2XEmeYcL1drtg==

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 74ms
21ms Preflight
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sat, 12 Aug 2023 17:58:50 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6021 68 KB
31 KB 30ms
29ms XHR
application/json+protobuf 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

45323faee617fa4d1d0a407bd583004804bceeeaa544b5c64620875f794faa73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31770
x-xss-protection: 0

POST
H3 200 player Show response
www.youtube.com/youtubei/v1/ Frame 6021 74 KB
25 KB 145ms
144ms XHR
application/json 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

81de0bef4d215f25efd857ea6aae275b66b6670952b42d1609e57a955c952b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Youtube-Bootstrap-Logged-In: false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20230808.01.01
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25602
x-xss-protection: 0

GET
H2 200 NwNT5Ks8chAEtov-zzFuWPPL2on9ikO4YKEbQljHKv4.js Show response
www.google.com/js/th/ Frame 6021 37 KB
15 KB 115ms
14ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/NwNT5Ks8chAEtov-zzFuWPPL2on9ikO4YKEbQljHKv4.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

370353e4ab3c721004b68bfecf316e58f3cbda89fd8a43b860a11b4258c72afe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 15:09:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14723
x-xss-protection: 0
last-modified: Mon, 24 Jul 2023 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 11 Aug 2024 15:09:54 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/ Frame 6021 41 KB
13 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5fdd19dddc91000ecd56ad92efc0fe96b422df35350402a389b8f069bf1ebe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:29:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 260968
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13170
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 08 Aug 2024 17:29:22 GMT

GET
H2 200 modules.5b778dfa5bf83cc4cad1.js Show response
script.hotjar.com/ 223 KB
55 KB 83ms
27ms Script
application/javascript 13.32.110.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5b778dfa5bf83cc4cad1.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3449617.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-74.vie50.r.cloudfront.net

Software

Resource Hash

0e003b169bf76bfe6b71c69c6a01cbd962ea9189c223ccd3d0c1c0a39b053fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 12:45:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 105224
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55520
last-modified: Fri, 11 Aug 2023 12:44:17 GMT
etag: "9a87f94f5bf940f93cf870fa9a112900"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: EKjuBCvVj46E4u7lJ6_uqYc3woFgPa971pdAqnYSsk0hjAnDmAu3DA==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
214 B 27ms
27ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
68 B 26ms
25ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=102499935&t=pageview&_s=1&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&dr=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&ul=en-us&de=UTF-8&dt=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDACEABRAAAACAEK~&jid=2111431897&gjid=952460631&cid=731224134.1691863131&tid=UA-162681275-1&_gid=35406325.1691863131&_r=1&_slc=1&gtm=45He3890n81TL2MM4B&cd1=892284&cd2=not_applicable&cd3=First%20Group%20Management%20MB&cd4=not_applicable&cd5=not_applicable&cd6=not_applicable&cd7=not_applicable&cd8=not_applicable&cd9=not_applicable&cd10=not_applicable&cd11=not_applicable&cd12=galaxy&cd13=custom&cg1=web&cg2=not_applicable&cg3=group_property&cd19=tvs_yes&cd20=not_applicable&cd21=group_property&cd22=not_applicable&cd23=not_applicable&cd24=1&cd25=en&cd26=web&cd27=not_applicable&cd28=not_applicable&cd29=not_applicable&cd30=no&cd31=no&cd34=%7C&cd36=%7C&cd38=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&cd39=not_applicable&cd40=firstgroup-sa.co.za&cd41=GTM-TL2MM4B&cd42=65&cd54=be4&cd59=0&z=1140061237

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
71 B 24ms
24ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=102499935&t=pageview&_s=1&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&dr=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&ul=en-us&de=UTF-8&dt=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDACEABRAAAACAEK~&jid=590409068&gjid=1581968489&cid=731224134.1691863131&tid=UA-135537499-1&_gid=35406325.1691863131&_r=1&_slc=1&gtm=45He3890n81K9Q4XPK&cd1=not_set&cd2=not_applicable&cd3=not_applicable&cd4=not_applicable&cd5=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&cd6=not_applicable&cd7=not_applicable&cd8=not_applicable&cd9=en&cd10=not_applicable&cd11=not_applicable&cd12=not_applicable&cd13=not_applicable&cd14=no&cg1=not_applicable&cd20=no&z=1579679565

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6021 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AOPolaT1LYYbpOw1hd8FF9JVeudO2dPTqLmFdeR8nFV1=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 6021 3 KB
4 KB 104ms
22ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AOPolaT1LYYbpOw1hd8FF9JVeudO2dPTqLmFdeR8nFV1=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02a40f2e04358612332400244cd5334e264ea2de1c828722881dcf31c4371a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:17:51 GMT
x-content-type-options: nosniff
age: 2459
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3572
x-xss-protection: 0
server: fife
etag: "v65"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Aug 2023 17:17:51 GMT

GET
DATA 200
OK truncated
/ Frame 6021 394 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79678d24bd9f41105fb06584b5e9a01dc43daa1a8f110e24dc07f21cf997f38c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 18ms
16ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=831287870643310&ev=PageView&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&rl=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&if=false&ts=1691863130638&sw=1600&sh=1200&v=2.9.123&r=stable&ec=0&o=30&fbp=fb.2.1691863130210.1337316876&it=1691863130066&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 12 Aug 2023 17:58:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 log
logs.convertexperiments.com/ 2 B
172 B 70ms
14ms Ping
application/json 18.195.182.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logs.convertexperiments.com/log
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.182.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-182-116.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.firstgroup-sa.co.za
date: Sat, 12 Aug 2023 17:58:50 GMT
access-control-allow-credentials: true
server: nginx/1.20.0
content-length: 2
content-type: application/json; charset=utf-8

POST
H2 200 /
10041242.metrics.convertexperiments.com/log-rep/ 2 B
172 B 84ms
19ms Ping
application/json 18.184.21.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://10041242.metrics.convertexperiments.com/log-rep/
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.21.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-21-194.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.firstgroup-sa.co.za
date: Sat, 12 Aug 2023 17:58:50 GMT
access-control-allow-credentials: true
server: nginx/1.20.0
content-length: 2
content-type: application/json; charset=utf-8

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 11ms
11ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=102499935&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&dr=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&ul=en-us&de=UTF-8&dt=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Google%20Optimize&ea=2kyco3QpSfCTG6iMjPW3Sg&_u=aHDACEABRAAAACAEK~&jid=&gjid=&cid=731224134.1691863131&tid=UA-135537499-1&_gid=35406325.1691863131&gtm=45He3890n81K9Q4XPK&cd1=not_set&cd2=not_applicable&cd3=not_applicable&cd4=not_applicable&cd5=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F%23msdynttrid%3DHylZMtJ5L8Rf8BuSniZVYlUSSFRZ6FrkzGhSa0oIs5c&cd6=not_applicable&cd7=not_applicable&cd8=not_applicable&cd9=en&cd10=not_applicable&cd11=not_applicable&cd12=not_applicable&cd13=not_applicable&cd14=no&cg1=not_applicable&cd20=no&z=1465982309

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 10:31:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 26869
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 swiper.min.css
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/css/ 17 KB
3 KB 50ms
24ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/css/swiper.min.css

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5c9917ae6f29de0ba5c6606ea4d7bae6a7072f6b08fc90ddf9cfc09027b07ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1974277
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2436
last-modified: Thu, 22 Jun 2023 10:42:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "649425b0-984"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U61zPHC4Wq7FBjNj5c%2BLvv83uhdh324Yky032Pnw5hrXe%2FltDfr1AEvV5jJ1p%2BXn3V64lzgC0Fw8BA91FI%2BbpbDTr%2BXrQZwSjkBLr3Qz5nqqtpFmrX1VILYpTBQ9906cq1Y4TxvyQZEK8KQSSFJQvPQV"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f5a9bd719d89b82-FRA
expires: Thu, 01 Aug 2024 17:58:50 GMT

GET
H2 200 swiper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/js/ 95 KB
20 KB 62ms
37ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.1/js/swiper.min.js?_=1691863129872

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/integration/first-hotels/public/js/bundle.js?v93be0159edb1b68f42ec36ab9db3b90a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00792ef04b29d7cbd5110cea7e934b63b774145c63defbc66d3df9bd1023ff63

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1472735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20430
last-modified: Thu, 22 Jun 2023 10:42:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "649425b0-4fce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53LUGE%2FqBbBNHQUzlpUadexSWqqm2Cbkdiew%2BTrr1Kl%2B0YX1WlegwddGbtVv6vmawIn01MyvMw6fluoa%2BMGUrY%2Fcb16g4vAc%2Bvk1DzvjeIDQx0OQMBsqScwWAFgd9ZdqtdBkuhY9f%2Brw7qeaFD1b8Yjc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f5a9bd719da9b82-FRA
expires: Thu, 01 Aug 2024 17:58:50 GMT

GET
H3 200 calendar.svg
www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/ 491 B
681 B 144ms
142ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/calendar.svg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70bf367f8a864b1ffff64191ae85b7f6bd66f5127b7acdaa73db9e4e46c8981a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:13 GMT
server: cloudflare
etag: W/"2f714d01df95c551b9ab4b6e5ea28175"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7f5a9bd6fa4b37fe-FRA
x-amz-cf-id: Voouiq5vtoS-z6JvVs10YX9NjYrayPWL01d2ikECXcuFEhNvosR-MA==

GET
H3 200 bed.svg
www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/ 1 KB
928 B 189ms
187ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/bed.svg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acd49b929d9d8836eb1f57feb264259aaafc6c6a0ba9cfb9b803150f040814f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 cc216c6d975e303d13c81952a95bc0fc.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:32 GMT
server: cloudflare
etag: W/"9fda7d9765c377fcb092ef755a545920"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7f5a9bd6fa4e37fe-FRA
x-amz-cf-id: yHEBNFdiKNFXErZBODgU5F5Ty9O1ZJD1h8BCf_PQbYfJoXUBFi5L1A==

GET
H3 200 minus2.png
www.firstgroup-sa.co.za/integration/first-hotels/public/images/ 141 B
549 B 159ms
157ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/minus2.png

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81ee91b271d16e2cfce70838aae0a41831cc99e8ffa7c070c021e9d803b5b03a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 141
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:26 GMT
server: cloudflare
etag: "46201ff060cf4e3609f7dbad20bf7534"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bd6fa5037fe-FRA
x-amz-cf-id: Li4lAoEvZA7m4qnvoLBw1DpFGpn-2AubhyEa1cEfoPYZoh5rNbzpEw==

GET
H3 200 plus2.png
www.firstgroup-sa.co.za/integration/first-hotels/public/images/ 292 B
700 B 128ms
127ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/plus2.png

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dadd2fe93bedffecaca7fed58fd74af66da5fefff858b48cb2d45494236f4d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 292
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:12 GMT
server: cloudflare
etag: "81ed7bc1309fce5cd1b0c43e40a61b2d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bd6fa5137fe-FRA
x-amz-cf-id: 6lSZGmGvcjDgT9zFmPn9NvKJ_AF7GXClmghJqheMSLtRFtzRcpi8Kg==

GET
H3 200 adult.svg
www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/ 504 B
705 B 157ms
156ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/adult.svg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0854d432df5634f3e1bcba1668e56d8de1e0cb55ede3a6bbcee97b463b06df9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:13 GMT
server: cloudflare
etag: W/"32626b48f6cec679f75b8c37a10e3dbd"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7f5a9bd6fa5337fe-FRA
x-amz-cf-id: U3hn5KQd_cQAWTTs0CXtHlmMFIN7zV40J6kV0-CGhihRVkR8YIAhTQ==

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 29ms
29ms Preflight
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sat, 12 Aug 2023 17:58:50 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6021 90 B
134 B 33ms
33ms XHR
application/json+protobuf 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32dc9c280fd462f199e49cc6a3d81bafbe3d6e87373c8317d05bc271a7631162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

POST
H3 204 qoe Show response
www.youtube.com/api/stats/ Frame 6021 0
19 B 26ms
26ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?fmt=243&cpn=_O0KQgJxBTfn8a-f&el=embedded&ns=yt&fexp=23983296%2C24004644%2C24007246%2C24080738%2C24135310%2C24208765%2C24219382%2C24255165%2C24361589%2C24380264%2C24415864%2C24439361%2C24522523%2C24524098%2C24543668%2C24549485%2C24564582%2C51000316&cl=555007094&seq=1&docid=ivIUsLAx7_s&ei=WsjXZOmUIeC9x_AP9P-BsAU&event=streamingstats&plid=AAYCvZTovGRzZEZy&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FivIUsLAx7_s%3Fstart%3D3%26rel%3D0%26autoplay%3D1%26loop%3D1%26playlist%3DivIUsLAx7_s%26start%3D3%26mute%3D1&qclc=ChBfTzBLUWdKeEJUZm44YS1mEAE&embargoed=0&cbr=Chrome&cbrver=115.0.5790.170&c=WEB_EMBEDDED_PLAYER&cver=1.20230808.01.01&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.010:B,0.268:B,0.268:B&cat=streaming&cmt=0.010:0.000,0.268:3.000&vfs=0.268:243:247::r&view=0.268:4800:1079&bwe=0.268:130000&bat=0.268:1:1&vis=0.268:0&bh=0.268:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 725 B
2 KB 205ms
46ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=243&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=5206753&dur=135.920&lmt=1652779089795588&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANvinPp6-3Fis8v3uAFoOB-CqSreOLKi1S1qYbiFkl8uAiEAsd8nPrm-J5YshDrFWmdHVnAjaPduL6MOXEKLRgmLL7c%3D&alr=yes&sig=AOq0QJ8wRQIhAO8csEZWCBk6VdmB71cjmhtq1rJny8bosr7glYYgQH0KAiBwTSZ_0j15xIxc-LfHT3BbuLvWiBZ4-DAhVtlFflV9Xw%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=0-669&rn=1&rbuf=0&pot=Iij3qvesk30_8LTNhJ-i7JPQucPGxqDvx56m-Z3wnOTax7XN0pmzj8Tu&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

456f76e0ae5bc0b2f2ac9bd4306691eb0c7c87aae92249ce436c1f3745f0a014

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:50 GMT
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Last-Modified: Tue, 17 May 2022 09:18:09 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: application/vnd.yt-ump
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Expires: Sat, 12 Aug 2023 17:58:50 GMT

POST
H/1.1 200
OK videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 556 B
2 KB 200ms
44ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=0-500&rn=2&rbuf=0&pot=Iij84_zlmDQ0ub-Ej9appZiZsorNj6umzNetsJa5l63Rjr6E2dC4xs-n&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

ee7e81d11ec12279107e6f1a901a1c741655798bfa9fc8e550f6357b62629b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:50 GMT
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Last-Modified: Tue, 17 May 2022 09:18:42 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: application/vnd.yt-ump
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Expires: Sat, 12 Aug 2023 17:58:50 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/ Frame 6021 116 KB
33 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

631f53ff2a22fe40a20e2aa08c22b8f2ffa57758338e1d51631285eb78af61d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:29:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 260968
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33633
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 08 Aug 2024 17:29:22 GMT

GET
H3 200 captions.js Show response
www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/ Frame 6021 70 KB
23 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/captions.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab2c50b0f96b78ba9de36dd89a648ecaef214c89667bb3c9c8bd4220e63184d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:30:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 260895
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23787
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 08 Aug 2024 17:30:35 GMT

GET
H3 200 endscreen.js Show response
www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/ Frame 6021 33 KB
8 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/endscreen.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a3b0cbf952799547c2631866cd4668ed212a3fb921e1e72753354c956f21802

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 17:30:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 260895
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8355
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 01:59:39 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 08 Aug 2024 17:30:35 GMT

POST
H3 200 next Show response
www.youtube.com/youtubei/v1/ Frame 6021 7 KB
2 KB 236ms
235ms XHR
application/json 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

38f16d8606a09ffd210bc1f30e84dcbf27415c58f66fca1f766a8026a0b8b179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Youtube-Bootstrap-Logged-In: false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20230808.01.01
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2398
x-xss-protection: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/684551382/ 42 B
340 B 37ms
35ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/684551382/?random=1691863130134&cv=11&fst=1691859600000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&fmt=3&is_vtc=1&random=578793273&rmt_tld=0&ipr=y

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/684551382/ 42 B
455 B 175ms
31ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/684551382/?random=1691863130134&cv=11&fst=1691859600000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&fmt=3&is_vtc=1&random=578793273&rmt_tld=1&ipr=y

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/684551679/ 42 B
108 B 37ms
35ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/684551679/?random=1691863130137&cv=11&fst=1691859600000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&fmt=3&is_vtc=1&random=2590364987&rmt_tld=0&ipr=y

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/684551679/ 42 B
108 B 176ms
32ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/684551679/?random=1691863130137&cv=11&fst=1691859600000&bg=ffffff&guid=ON&async=1&gtm=45He3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&ref=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&frm=0&tiba=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&fmt=3&is_vtc=1&random=2590364987&rmt_tld=1&ipr=y

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
355 B 173ms
29ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-135537499-1&cid=731224134.1691863131&jid=590409068&gjid=1581968489&_gid=35406325.1691863131&_u=aHDACEABRAAAACAEK~&z=1035923329

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0cb3ad59518a9b556a3900b3f67c8312cf1f2db88f77cbadad1e6e4f7b425e0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstgroup-sa.co.za/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 12 Aug 2023 17:58:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
260 B 137ms
25ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3R5SJEDWK4&gtm=45je3890&_p=102499935&cid=731224134.1691863131&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691863130&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&dr=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&dt=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&en=page_view&_fv=1&_ss=1&ep.hotel_name=not_applicable&ep.hotel_id=not_applicable&ep.hotel_bid=892284&ep.hotel_brand_name=First%20Group%20Management%20MB&ep.hotel_chain_id=not_applicable&ep.hotel_city=not_applicable&ep.hotel_continent=not_applicable&ep.hotel_country=not_applicable&ep.hotel_state=not_applicable&ep.hotel_sub_brand_name=not_applicable&ep.hotel_tc_region=not_applicable&ep.hotel_booking_engine=not_applicable&ep.page_has_tvs=no&ep.page_language=en&ep.page_section=not_applicable&ep.page_subsection=not_applicable&ep.site_cms=galaxy&ep.site_galaxy_product=custom&ep.site_tvs=tvs_yes&ep.hotel_property_type=group_property&ep.hotel_star_rating=not_applicable&ep.hotel_room_types_count=not_applicable&epn.site_number_of_languages=1&ep.site_global_product=web&ep.page_content_group=not_applicable&ep.site_be_version=be4&epn.page_tvs_videos_count=0&up.user_logged_in=no
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK image-northwest.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 286 KB
0 719ms
242ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/image-northwest.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:28 GMT
Server: AmazonS3
x-amz-request-id: 0FGP5CCDA9CJZ704
ETag: "de9ce20048668d9b28753e1d493ccfbf"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1081274
x-amz-id-2: FfAMfP2qYVsEcvFNmXj/Hxy7eGN8hxAR1slbImQyJpCtM57HCqzqIrYM1otVP7Qem5Ok1FLGmDOTe0Qk79dhvw==

GET
H/1.1 200
OK image-kzn.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 302 KB
0 715ms
238ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/image-kzn.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:27 GMT
Server: AmazonS3
x-amz-request-id: 0FGJC677PW2P6J8X
ETag: "e68f88725f99deaf8fbb43de5b7e8a51"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1110493
x-amz-id-2: 2YF8p6jiNi4Fu4zqyBAZE9C585ykQR6rbUvZQE4sznJCm7Ru8gKkOi3Hjl3F7bkSesaNYtf+ij4OWUATmjfLlw==

GET
H/1.1 200
OK img-kzn-north.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 155 KB
0 982ms
254ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/img-kzn-north.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:27 GMT
Server: AmazonS3
x-amz-request-id: 0FGTJ823D350EDCQ
ETag: "128ab376115a33abb96cfa0fa46e85f6"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 772521
x-amz-id-2: gOPxbTME3OcP7Zv5mJhGO+QOcVhPQ9hyLJnNIXb06TWSyQSKw0zbaOvqWpWkK/9qJ9D4o38tF9PDbJI6zatLTw==

GET
H/1.1 200
OK img-wc.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 175 KB
0 1153ms
236ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/img-wc.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:26 GMT
Server: AmazonS3
x-amz-request-id: 0FGV3VNBM1DAMXPD
ETag: "a3154ce144f293c3a825224f845fdc3d"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1231702
x-amz-id-2: qDSC1yDtfMTUCtXSESLZ9fWGtIjReHOnC6ftLiSq4fR8W3f9rG2BljApKAxrZAwU50Q40aRXH0sV/VVuLdh/nQ==

GET
H/1.1 200
OK img-kzn-south.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 131 KB
0 1169ms
251ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/img-kzn-south.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:25 GMT
Server: AmazonS3
x-amz-request-id: 0FGYTX5GH2B315TZ
ETag: "81335bb4e94ffe4fc8dc9b7c25ee9243"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 771269
x-amz-id-2: N6kjpx0CT97TH3jNrmYhUs1qrZjm8pkYkRUNmeXDhgUX0sW0fS5uRpYCnduZoD0THal55nmrjZTNjU34sjas0A==

GET
H/1.1 200
OK img-namibia.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 61 KB
0 1172ms
234ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/img-namibia.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Sat, 20 May 2023 07:58:24 GMT
Server: AmazonS3
x-amz-request-id: 0FGPB8PHZXBQ9YEH
ETag: "de9ce20048668d9b28753e1d493ccfbf"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1081274
x-amz-id-2: NDp6NNNiHDKr3BcR+1Wm6goCb0NfFkIhA0awQjlEoaLGBftE9R8yQlkaYcwHJHDiUuvhaHpVayjgcnA7IxpL2A==

GET img-eastercape.png
crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 0
0

GET
H/1.1 200
OK fg-icon-4.png
crpimagebucket.s3.af-south-1.amazonaws.com/ 34 KB
34 KB 681ms
230ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fg-icon-4.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6189a3e875798b48a2aff20850cc045c4f13c714a801df8130819228595fe37f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Wed, 12 Jul 2023 18:50:43 GMT
Server: AmazonS3
x-amz-request-id: 0FGNCNGB6MJ7BN79
ETag: "b4d9294108d31835b0d2b62956b5055f"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 34737
x-amz-id-2: FRmj60U0bsdHPOLwHAICPQzhSPb5os+DatHTGqnZHp2W3+jsXngn6I7UJFJIn6kzocmn3Hm/D/Ow+RIEL8oGfg==

GET
H/1.1 200
OK fg-icon-3.png
crpimagebucket.s3.af-south-1.amazonaws.com/ 38 KB
39 KB 701ms
250ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fg-icon-3.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7187324394cdd90e7af3d8288d741d4e6abd9ca9d881a9d4dc004880b05d56b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Wed, 12 Jul 2023 18:50:43 GMT
Server: AmazonS3
x-amz-request-id: 0FGKRDF6XTPAFF63
ETag: "0c96ad303cca158166ff74e17ab2c16e"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 39228
x-amz-id-2: HlwKSxcNI3QLxombpj0+tUX+6cpq3OLHtOwIzV7LbtCFQCAvOOL0IitoIqEELMXvFpQQFGDM5cj/7OoLDWmBQg==

GET
H/1.1 200
OK fg-icon-2.png
crpimagebucket.s3.af-south-1.amazonaws.com/ 21 KB
22 KB 687ms
237ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fg-icon-2.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b4211cdc39964bfc88e6d753bba82c5714b3eb7077f2df4afb523971bac804a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Wed, 12 Jul 2023 18:50:44 GMT
Server: AmazonS3
x-amz-request-id: 0FGYPE6E3CYQHDX7
ETag: "0950a2769cb5bf6ffdef52814ec19971"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 21773
x-amz-id-2: t0p/RzlkBpA3J7ajRHaPDI0JCr/me+aH7EY7DGblEYYScb1ZLP+V8UfL65Z7t7jgorWu2JXmB++nm6yRaF78xA==

GET
H/1.1 200
OK fg-icon-1.png
crpimagebucket.s3.af-south-1.amazonaws.com/ 16 KB
16 KB 700ms
252ms Image
image/png 3.5.228.141

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fg-icon-1.png
Requested by: Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.228.141 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5bd577e488488216796fb0c3f962f4c49f25299c5404ed1c51ba896213d0f35b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 17:58:52 GMT
Last-Modified: Wed, 12 Jul 2023 18:50:44 GMT
Server: AmazonS3
x-amz-request-id: 0FGST7MP485Q3ETE
ETag: "0dcfd8c7e7f70346426443047fcc8077"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 16330
x-amz-id-2: U15DpYIgzJx0HCyvF5lEjgv9hYXQ3m5Fhg0G8vfgajjxNRzhaZnV6HamiLWTiJ3lkGF+yIQWLYvNk8Er9b+V0A==

GET
H2 200 first-resorts_logo.svg
image-tc.galaxy.tf/wisvg-4m6yt5wuiu9svu0z84gd1865b/ 41 KB
24 KB 534ms
533ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wisvg-4m6yt5wuiu9svu0z84gd1865b/first-resorts_logo.svg?width=300

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d07bfa00d1f9d04ac74c4e9111a7f8c5476ac28ea4fdf1e31bb40752245790c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: oSDYTGeIIEiqbV0brshL4KYyeEJTWEnt
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 05 Dec 2021 19:11:47 GMT
server: cloudflare
etag: W/"4dfa5ec8111fe122e18ab1da6ed7c61f"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
cf-ray: 7f5a9bd7ec8f0472-FRA
x-amz-cf-id: Ain7Htv0xhGTQ6T5gMHqqdCBEhfQ9NKU6_lE_KjwABhKkQiwVWfYNA==

GET
H3 200 close.png
www.firstgroup-sa.co.za/integration/first-hotels/public/images/ 3 KB
3 KB 175ms
174ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/close.png

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6f096aff0b42de211cfa97c74df6dab72fc336b06eaab72d712ab7d41e66064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 71d15e4317f9ba4644f6c17f42ef94c8.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 3090
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:38 GMT
server: cloudflare
etag: "d82a031e66a9d559cb1cab2207e2b3a4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
cf-ray: 7f5a9bd7eb4137fe-FRA
x-amz-cf-id: pJk_PzY9ULHQdrKd4ht54La58YZrHN4t6U0QyZi9DggeJTN3lDcG_w==

GET
H2 200 first-apartments-chalets_logo.svg
image-tc.galaxy.tf/wisvg-egap6jwd082pqvi53ktbjjac6/ 52 KB
29 KB 505ms
504ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wisvg-egap6jwd082pqvi53ktbjjac6/first-apartments-chalets_logo.svg?width=300

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c06384c2930a25b8c0e71e8f2fb89d3a9039411169e5e693b38d6e6204c18483

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: LjnLd35bshMAKVIu3chlb9hbGIlZLGpK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 05 Dec 2021 19:11:47 GMT
server: cloudflare
etag: W/"f41f9bb39113922fc0f00cd167f28a16"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
cf-ray: 7f5a9bd7ec920472-FRA
x-amz-cf-id: OhvcHO1yXDzIyPE0tH6coIMYzgL_BDbLekAz4sKhMOXsa5EcGup1BQ==

GET
H2 200 first-hotels-suites_logo.svg
image-tc.galaxy.tf/wisvg-4js3slet0mmg904cag0k4gq2u/ 45 KB
25 KB 483ms
482ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wisvg-4js3slet0mmg904cag0k4gq2u/first-hotels-suites_logo.svg?width=300

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

464bf5d03bbddcbf63100cead9433316f908de11ee2cf598961e82e8504ea514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: KCGEv.g20pPJ1o3WlkpThOXnfWostzTD
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 05 Dec 2021 19:11:47 GMT
server: cloudflare
etag: W/"4cd88dc31e91aa6866b585c9c9e53c06"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
cf-ray: 7f5a9bd7ec960472-FRA
x-amz-cf-id: aB6Qamx0BUxVPATd0MzGKxleBeNDK7aNcV8ngODXeF82npbZ7kySmw==

GET
H2 200 first-private-collection_logo.png
image-tc.galaxy.tf/wipng-22smndb4ld8djtb809hlejloa/ 44 KB
44 KB 466ms
465ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-22smndb4ld8djtb809hlejloa/first-private-collection_logo.png?width=300

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ee569bcfc70ba3ee9b288d31aa6097e52e27a2b59d76407c241f23686afaa1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: tv4ZDz9bcCPHu2JcT2r56f2ATUkyo5kh
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
content-length: 44709
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 07 Dec 2021 07:05:07 GMT
server: cloudflare
etag: "d368aabb1cb79e8a12398e1cbfe355a1"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd7ec980472-FRA
x-amz-cf-id: b88RETCfZMINV2lLA8v8nyxrVHMwv2H4DtNpgDi3yaP1TcW8TAlS4A==

GET
DATA 200
OK truncated
/ 152 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81f5a03e1b49cbe1692501481bd08328870b21f448be669a04666ae2a6c96855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 150 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d47a786c6b9e0f114e0ff0c92a8ff81d27d822447e41279494336c84560ea675

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 6021 28 B
50 B 31ms
28ms XHR
application/json 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-Goog-Request-Time: 1691863130866
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

date: Sat, 12 Aug 2023 17:58:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 24ms
24ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-LP9ZQF3SMX&gtm=45je3890&_p=102499935&cid=731224134.1691863131&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691863130&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&dr=https%3A%2F%2Fdd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com%2F&dt=Luxury%20Holiday%20Accommodation%20in%20South%20Africa%20%7C%20First%20Group%20Resorts&en=page_view&_fv=1&_ss=1&ep.page_subsection=not_applicable&ep.page_language=en&ep.hotel_city=not_applicable&ep.hotel_country=not_applicable&ep.hotel_brand_name=not_applicable&ep.hotel_id=not_applicable&ep.hotel_name=not_applicable&up.user_logged_in_session=no
Requested by: Host: dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
URL: https://dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/t/t/n601bxJgssLdbs4sbdo4e8YqXeDlEG0Kgq4fzixxPKEx/AVeoDQWS60rFNIhfT3JO10LjvtHk4sCehVP3ZrxYXRwx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstgroup-sa.co.za
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 7A68 0
18 B 16ms
16ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.firstgroup-sa.co.za
Referer: https://www.firstgroup-sa.co.za/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.firstgroup-sa.co.za
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 17:58:50 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 magalies-1.jpg
image-tc.galaxy.tf/wijpeg-e7u9abmxsjszbsjdsnhjfhh8/ 214 KB
215 KB 515ms
510ms Image
image/jpeg 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-e7u9abmxsjszbsjdsnhjfhh8/magalies-1.jpg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

054869ad4bf0c379b4dc42a8322c026082b05f60227e5e21e7f823513978a8db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: einsLE.lCbJThLVD6.cagspemVr0u7CH
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 219054
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 May 2023 17:25:51 GMT
server: cloudflare
etag: "ce80fbbc2749c28126ad54a46b780ba5"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad7f9bf5-FRA
x-amz-cf-id: oZPcGLy75c4eqhtXzZQ___1BZchRhTwoLOdky6vnM19yXRfaMZYWVg==

GET
H3 200 1555580642-5cb846e292fc6-thumb.jpg
image-tc.galaxy.tf/wijpeg-acgu6fdbcjlt07orrng8egg6k/ 119 KB
120 KB 534ms
529ms Image
image/jpeg 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-acgu6fdbcjlt07orrng8egg6k/1555580642-5cb846e292fc6-thumb.jpg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9567db7f44c31edfeeb66b61f5b54d55e861d7e948d185f85acbf4d92f7d4791

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: rYSmbMZM67CPkL225mdB8YcVHRuEAyr6
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 122125
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 May 2023 17:39:25 GMT
server: cloudflare
etag: "5db7ff615b14acac36766f09c4f281b4"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad829bf5-FRA
x-amz-cf-id: 35pqmZbv4F5o9H-UJT2p081SZ04qhVteJln1uCHcA_0rCJUtCfYXFA==

GET
H3 200 midlands-1.jpg
image-tc.galaxy.tf/wijpeg-c6v17qs3r19mzxsbr8ikeag4y/ 228 KB
229 KB 538ms
532ms Image
image/jpeg 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-c6v17qs3r19mzxsbr8ikeag4y/midlands-1.jpg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ceb77b17a375d1ebac44a425f0f68a9350a5205c568b9b2c8cccbfc754464aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: D3EZ33iiywpY2kZjqBYrL76b4NQBgsGe
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
content-length: 233283
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 07 Jan 2023 22:22:55 GMT
server: cloudflare
etag: "286f1e2937b18699440a6c9c6e5a5e20"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad839bf5-FRA
x-amz-cf-id: wUs3OrYMQfEWmGCfiYZbj7r2ZvYAfLCa-ZfNAvxsVEZfr6izUoRjzA==

GET
H3 200 qwantani-3-bedroom-chalet-re11-ko-241-2019.jpg
image-tc.galaxy.tf/wijpeg-5vgy2so0shak403zlqahy5194/ 100 KB
101 KB 556ms
551ms Image
image/jpeg 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-5vgy2so0shak403zlqahy5194/qwantani-3-bedroom-chalet-re11-ko-241-2019.jpg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac972e92471558a5ac45dbb31889b2ce96647fd2ee75e7c881b78df67075f091

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: RbKqtFEHy7Khb2ivR_TIpRyu7Ty4VwXx
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 102345
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 May 2023 17:43:22 GMT
server: cloudflare
etag: "6b2cb72652fbe7cc372e50232690f0a4"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad849bf5-FRA
x-amz-cf-id: clVE3z-Wo1oKgje-ezehqddqpTDwLJ7jF8bA-hWOOt3rz0mSQoODyg==

GET
H3 200 microsoftteams-image.png
image-tc.galaxy.tf/wipng-3spy3e54q7r3mxbjmiflfwzq3/ 696 KB
697 KB 559ms
553ms Image
image/png 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-3spy3e54q7r3mxbjmiflfwzq3/microsoftteams-image.png

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd81877dee9b8de82e1ef329d3d590f35c5a6f35db9a772ae64cce37e8c4955

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: I6INyuXztMgW0VUXebr557.vzrJ27WBo
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 712516
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 31 May 2023 17:45:31 GMT
server: cloudflare
etag: "ae3ce0d0517057b5d9dbf11b4c73a5e3"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad869bf5-FRA
x-amz-cf-id: W_STTxf_9BYiGtS7w5ubqQ815VgK8xzjzl9nrWdspdGJZRBoS3wy_g==

GET
H3 200 margate-1.jpg
image-tc.galaxy.tf/wijpeg-5x6wrn4ixdjwdfmzquz4b7k6v/ 159 KB
0 1244ms
1238ms Image
image/jpeg 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-5x6wrn4ixdjwdfmzquz4b7k6v/margate-1.jpg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-amz-version-id: tTaZ44hdP8vQ22lr4cHdlY56Db1.JxJK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
cf-cache-status: DYNAMIC
x-amz-replication-status: REPLICA
alt-svc: h3=":443"; ma=86400
content-length: 300469
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Apr 2022 18:45:06 GMT
server: cloudflare
etag: "b0addd1833de97d6be403b5445a2fe95"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7f5a9bd8ad879bf5-FRA
x-amz-cf-id: 1QfxG1SW6vDecPyqjBb89ylyvk13CQjxFOE342KB4EdXTkWusi_r1w==

GET
H3 200 magalies-park Show response
www.firstgroup-sa.co.za/ 103 KB
16 KB 206ms
201ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/magalies-park

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbaeab2ed9b08396fe9eb50e625be37bc41095ef32bf9ef05e99350b15f53d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 ea6b6651a564f3c1a19b54389d1f51e8.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:12 GMT
server: cloudflare
etag: W/"3b64d7566462bd817cb61f7433a34218"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac0737fe-FRA
x-amz-cf-id: fjnNa5NqYl1opp31jVX7OYz__3KIb1F4QqN0d4LB8ZJDs87DQZXk4A==

GET
H3 200 la-montagne Show response
www.firstgroup-sa.co.za/ 104 KB
16 KB 209ms
205ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/la-montagne

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6e6c099db196d9167087c5e4b1fb7b7a34ee9020f7d2b614883194ba47b7519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 eaaa1e97697a6ab196c5224bbc70d9c8.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:12 GMT
server: cloudflare
etag: W/"96edcf05059d0ccff14e6044c26cb1d0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac0937fe-FRA
x-amz-cf-id: IWYnf8QFv2ls4XhVXqOhoB9hdIsz5M6-mkZ7rT_24B-kQ1WVc6FFaw==

GET
H3 200 midlands-saddle-and-trout Show response
www.firstgroup-sa.co.za/ 106 KB
16 KB 316ms
312ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/midlands-saddle-and-trout

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8db19ec556281513f35f4fafc0010c39b1c8ad15c3419331ea692e5ad13dd24f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 69f8ad486723f285e484ce57919faf2e.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:20:54 GMT
server: cloudflare
etag: W/"03b542b69578800eb1069ce2e546ca24"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac0a37fe-FRA
x-amz-cf-id: r-gHjG8y8k29FaduABQK9rKB7SmTh0N4_GATcTjMVeVLTEIuztqZEQ==

GET
H3 200 qwantani Show response
www.firstgroup-sa.co.za/ 104 KB
16 KB 240ms
237ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/qwantani

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffcebca678b2e45846c5fa75b96c7f9229d85521f8438d19994ba66cd0c196a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 6266dd3ac90488da9055f1b5c43dd138.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:00 GMT
server: cloudflare
etag: W/"db9a3e1a77c69e37343975c7eae1d66a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac0b37fe-FRA
x-amz-cf-id: 74CukKINNBWzcS8OHit1gdB2fzK-OARDzvJZICNs3Ahq67FTpkoeKg==

GET
H3 200 bushmans-nek Show response
www.firstgroup-sa.co.za/ 110 KB
17 KB 244ms
241ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/bushmans-nek

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

207b7088bcd61880bc07ce962ecd4a7f52d0feb79a22f3edffb4c65616de5d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 e95a7a28b8645be1b2217f0d289a4450.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:13 GMT
server: cloudflare
etag: W/"dfd3754597a81bc4b4e1f9b408b5a89c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac0f37fe-FRA
x-amz-cf-id: smZUdt7FiO4ULLVEGlWpxrNr1T0gDtZ4UySIOoOX4oevsAhsLjqfxQ==

GET
H3 200 margate-sands Show response
www.firstgroup-sa.co.za/ 106 KB
16 KB 278ms
275ms XHR
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstgroup-sa.co.za/margate-sands

Requested by

Host: cdn-4.convertexperiments.com
URL: https://cdn-4.convertexperiments.com/js/1004973-10041242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c8a44f7c6d1d9a2c14f46df0a645d42fa8ba455e5cf8ffc94e009e3abf4ac6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Aug 2023 12:21:03 GMT
server: cloudflare
etag: W/"7c8f2bb7551e4fbc08cfa26c133593c5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac1137fe-FRA
x-amz-cf-id: cc9f3az4DhJerlVt5mggymP4GGFBQ3IYCXGbfjlcZivrhGJdrLywfw==

GET
H3 404 fa-chevron-right-blue.png'
www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 53 KB
53 KB 547ms
545ms Image
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/fa-chevron-right-blue.png'

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92f99f2e7e8d68192343c9f3eb7ecd63743cdf231fa7eda81b41cf23fb5c9f7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 3c015e946da40663bafaddc790a7bb6a.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Error from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac1437fe-FRA
x-amz-cf-id: vs1Bn0M9-k8st84ibxB5qj0iesfJH1otmDTPLOuKmDsVYrdqBhUR5Q==

GET
H3 404 fa-chevron-left-blue.png'
www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/ 53 KB
53 KB 561ms
558ms Image
text/html 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/fa-chevron-left-blue.png'

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92f99f2e7e8d68192343c9f3eb7ecd63743cdf231fa7eda81b41cf23fb5c9f7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 0c978a13e60975108c0dd1f18364108e.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP64-C2
content-encoding: br
x-cache: Error from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 7f5a9bd8ac1637fe-FRA
x-amz-cf-id: NNzMN-KmOvnxBTqpi7mNsk-RchY-ca_aPEe_o4J3_Ii9hVFR6wr49w==

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 46ms
45ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-135537499-1&cid=731224134.1691863131&jid=590409068&_u=aHDACEABRAAAACAEK~&z=1403119712

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ru/ads/ 42 B
408 B 84ms
42ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ru/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-135537499-1&cid=731224134.1691863131&jid=590409068&_u=aHDACEABRAAAACAEK~&z=1403119712

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 6021 0
10 B 17ms
16ms Image
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?f1QMRA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 64 KB
64 KB 47ms
19ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=501-66036&rn=3&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

bc109442d6d08933a67b0f00c920e0c7916a760910f56ab6369e22b4ac919b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 6021 4 KB
2 KB 84ms
25ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 3BF6 0
15 B 14ms
14ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.firstgroup-sa.co.za
Referer: https://www.firstgroup-sa.co.za/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.firstgroup-sa.co.za
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 17:58:51 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 child.svg
www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/ 519 B
719 B 135ms
135ms Image
image/svg+xml 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstgroup-sa.co.za/integration/first-hotels/public/images/svg/child.svg

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1008f86262ea5d3c1d8917291494386829d0bd2869d033c148d9b163099b1635

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.firstgroup-sa.co.za/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 82e9051d8d41080bd3028731e0e8677e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 17 Sep 2021 12:35:13 GMT
server: cloudflare
etag: W/"67e4895ea6c606c63b4b64b36034c5e0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7f5a9bd9cd6e37fe-FRA
x-amz-cf-id: lvmO-NkQtAx00JnRmsSYmn3iZf-QAwFN1bMegzVrogwW9-ySd4j8Lw==

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 117 KB
117 KB 14ms
14ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=243&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=5206753&dur=135.920&lmt=1652779089795588&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANvinPp6-3Fis8v3uAFoOB-CqSreOLKi1S1qYbiFkl8uAiEAsd8nPrm-J5YshDrFWmdHVnAjaPduL6MOXEKLRgmLL7c%3D&alr=yes&sig=AOq0QJ8wRQIhAO8csEZWCBk6VdmB71cjmhtq1rJny8bosr7glYYgQH0KAiBwTSZ_0j15xIxc-LfHT3BbuLvWiBZ4-DAhVtlFflV9Xw%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=670-119952&rn=4&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

bcec23ad664498a53075b038812dd7575d281fd1b1b83b48fbdf2d5c73fa483c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

GET file.jpg
image-tc.galaxy.tf/wijpeg-3dq8g1uts3kjq6dmuyj4p9xt9/ 0
0

GET file.jpg
image-tc.galaxy.tf/wijpeg-b0s6fddxj1wokopnwzjl62isa/ 0
0

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 734 B
758 B 46ms
45ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=0-678&rn=5&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

29c72f50baa77d7a96841e6df51b4eedb48a39f05825f3276700cb5bf758e867

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 117 KB
117 KB 13ms
12ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=243&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=5206753&dur=135.920&lmt=1652779089795588&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANvinPp6-3Fis8v3uAFoOB-CqSreOLKi1S1qYbiFkl8uAiEAsd8nPrm-J5YshDrFWmdHVnAjaPduL6MOXEKLRgmLL7c%3D&alr=yes&sig=AOq0QJ8wRQIhAO8csEZWCBk6VdmB71cjmhtq1rJny8bosr7glYYgQH0KAiBwTSZ_0j15xIxc-LfHT3BbuLvWiBZ4-DAhVtlFflV9Xw%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=119953-239235&rn=6&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

e4f6019b8649b0be2019a78df9656c55e42bd480d4e84e80110bd96d80847d44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/115/ Frame 6021 51 KB
15 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/115/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cdf2602ac04f7e2bed582d4299c73d464fc4ab069e3ad5a20ee2b6635a015b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 06:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42359
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15373
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:08:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sun, 13 Aug 2023 06:12:52 GMT

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 64 KB
64 KB 14ms
14ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=66037-131572&rn=7&rbuf=788&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

b85ae7bf693120b0a98e59d30577c09bb5f661b2f497b63288b11984c6f19e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST videoplayback
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 0
0

GET
H3 204 playback Show response
www.youtube.com/api/stats/ Frame 6021 0
17 B 27ms
27ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/playback?ns=yt&el=embedded&cpn=_O0KQgJxBTfn8a-f&ver=2&cmt=3&fmt=243&fs=0&rt=0.765&euri=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&lact=797&cl=555007094&mos=1&volume=100&cbr=Chrome&cbrver=115.0.5790.170&c=WEB_EMBEDDED_PLAYER&cver=1.20230808.01.01&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&epm=1&delay=4&hl=de_DE&cr=DE&len=135.941&fexp=23983296%2C24004644%2C24007246%2C24080738%2C24135310%2C24208765%2C24219382%2C24255165%2C24361589%2C24380264%2C24415864%2C24439361%2C24522523%2C24524098%2C24543668%2C24549485%2C24564582%2C51000316&rtn=5&afmt=251&size=4800%3A1079&inview=0&muted=1&docid=ivIUsLAx7_s&ei=WsjXZOmUIeC9x_AP9P-BsAU&plid=AAYCvZTovGRzZEZy&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FivIUsLAx7_s%3Fstart%3D3%26rel%3D0%26autoplay%3D1%26loop%3D1%26playlist%3DivIUsLAx7_s%26start%3D3%26mute%3D1&list=TLGGRRHao84sq50xMjA4MjAyMw&of=Cuk9b7Yz_FusRqGHXf1u8A&vm=CAQQARgBOjJBQWpSVTZsamRRUzhzcVVKa3hfa2dZbWx0X25JNFNJcEJLaURfTTdyWlh5OE9FaU80Z2JfQVBta0tETG1QNHBGLUhkQVdWVGplcUxrNU5yUzhWSmtVNFRDWF90RkVrVFJHQmMyeERXYWR5cGIzRzVkVXZSNWZLT2VBOUJUcEZnUHZ2U2hmeXNOclJrVm0tdDlGNE1oAQ

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 ptracking Show response
www.youtube.com/ Frame 6021 0
17 B 24ms
24ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/ptracking?html5=1&video_id=ivIUsLAx7_s&cpn=_O0KQgJxBTfn8a-f&ei=WsjXZOmUIeC9x_AP9P-BsAU&ptk=youtube_single&oid=Y1jvZwNl8JcDQpSglHERyg&pltype=contentugc

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 6021
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

25ms
24ms

XHR
application/json

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.firstgroup-sa.co.za
URL: https://www.firstgroup-sa.co.za/

Protocol

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5eef0da28736c0d6bec2bc7e465568c9ec92cc57f00f02b231424189c7cc52c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime Show response
www.youtube.com/api/stats/ Frame 6021 0
17 B 47ms
46ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/watchtime?ns=yt&el=embedded&cpn=_O0KQgJxBTfn8a-f&ver=2&cmt=3.013&fmt=243&fs=0&rt=0.773&euri=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&lact=806&cl=555007094&state=paused&volume=100&cbr=Chrome&cbrver=115.0.5790.170&c=WEB_EMBEDDED_PLAYER&cver=1.20230808.01.01&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=DE&len=135.941&afmt=251&idpj=-6&ldpj=-27&rti=5&size=4800%3A1079&inview=0&st=0&et=3.013&muted=1&docid=ivIUsLAx7_s&ei=WsjXZOmUIeC9x_AP9P-BsAU&plid=AAYCvZTovGRzZEZy&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FivIUsLAx7_s%3Fstart%3D3%26rel%3D0%26autoplay%3D1%26loop%3D1%26playlist%3DivIUsLAx7_s%26start%3D3%26mute%3D1&list=TLGGRRHao84sq50xMjA4MjAyMw&of=Cuk9b7Yz_FusRqGHXf1u8A&vm=CAQQARgBOjJBQWpSVTZsamRRUzhzcVVKa3hfa2dZbWx0X25JNFNJcEJLaURfTTdyWlh5OE9FaU80Z2JfQVBta0tETG1QNHBGLUhkQVdWVGplcUxrNU5yUzhWSmtVNFRDWF90RkVrVFJHQmMyeERXYWR5cGIzRzVkVXZSNWZLT2VBOUJUcEZnUHZ2U2hmeXNOclJrVm0tdDlGNE1oAQ

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime Show response
www.youtube.com/api/stats/ Frame 6021 0
17 B 26ms
25ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/watchtime?ns=yt&el=embedded&cpn=_O0KQgJxBTfn8a-f&ver=2&cmt=3.013&fmt=243&fs=0&rt=0.777&euri=https%3A%2F%2Fwww.firstgroup-sa.co.za%2F&lact=809&cl=555007094&state=playing&volume=100&cbr=Chrome&cbrver=115.0.5790.170&c=WEB_EMBEDDED_PLAYER&cver=1.20230808.01.01&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=DE&len=135.941&rtn=11&afmt=251&idpj=-6&ldpj=-27&size=4800%3A1079&inview=0&st=3.013&et=3.013&muted=1&docid=ivIUsLAx7_s&ei=WsjXZOmUIeC9x_AP9P-BsAU&plid=AAYCvZTovGRzZEZy&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FivIUsLAx7_s%3Fstart%3D3%26rel%3D0%26autoplay%3D1%26loop%3D1%26playlist%3DivIUsLAx7_s%26start%3D3%26mute%3D1&list=TLGGRRHao84sq50xMjA4MjAyMw&of=Cuk9b7Yz_FusRqGHXf1u8A&vm=CAQQARgBOjJBQWpSVTZsamRRUzhzcVVKa3hfa2dZbWx0X25JNFNJcEJLaURfTTdyWlh5OE9FaU80Z2JfQVBta0tETG1QNHBGLUhkQVdWVGplcUxrNU5yUzhWSmtVNFRDWF90RkVrVFJHQmMyeERXYWR5cGIzRzVkVXZSNWZLT2VBOUJUcEZnUHZ2U2hmeXNOclJrVm0tdDlGNE1oAQ

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 64 KB
64 KB 20ms
20ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=501-66036&rn=9&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

bc109442d6d08933a67b0f00c920e0c7916a760910f56ab6369e22b4ac919b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST
H3 204 qoe Show response
www.youtube.com/api/stats/ Frame 6021 0
19 B 26ms
26ms XHR
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?fmt=247&afmt=251&cpn=_O0KQgJxBTfn8a-f&el=embedded&ns=yt&fexp=23983296%2C24004644%2C24007246%2C24080738%2C24135310%2C24208765%2C24219382%2C24255165%2C24361589%2C24380264%2C24415864%2C24439361%2C24522523%2C24524098%2C24543668%2C24549485%2C24564582%2C51000316&cl=555007094&seq=2&docid=ivIUsLAx7_s&ei=WsjXZOmUIeC9x_AP9P-BsAU&event=streamingstats&plid=AAYCvZTovGRzZEZy&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FivIUsLAx7_s%3Fstart%3D3%26rel%3D0%26autoplay%3D1%26loop%3D1%26playlist%3DivIUsLAx7_s%26start%3D3%26mute%3D1&qclc=ChBfTzBLUWdKeEJUZm44YS1mEAI&embargoed=0&cbr=Chrome&cbrver=115.0.5790.170&c=WEB_EMBEDDED_PLAYER&cver=1.20230808.01.01&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&afs=0.270:251::i&cat=spkadtrt&cmt=0.279:3.000,0.770:3.000,0.775:3.013,0.778:3.013,0.781:3.013,0.828:3.013&vps=0.279:S:ss.15,0.770:PL,0.775:SU,0.778:B,0.781:S,0.828:S,0.828:S&ctmp=startSeconds:t.695;ss.3,hidden:,mdstm:t.804;rst4disc.d;cd.0.000;sq.-1&user_intent=0&bh=0.770:1.360,0.828:0.000&vfs=0.828:247:247:243:r&view=0.828:4800:1079&bwm=0.828:437481:0.917&bwe=0.828:1413667&bat=0.828:1:1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1
X-YouTube-Client-Version: 1.20230808.01.01
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgs5UFdzNi1lWE04QSjZkN-mBg%3D%3D
X-YouTube-Ad-Signals: dt=1691863130403&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C4800%2C1079&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 450 KB
450 KB 15ms
15ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=679-461253&rn=10&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

6cef062d5ca987609306c6c38e0306cc71b2a9515c219aec6edc4a61b37d2931

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 450 KB
450 KB 12ms
12ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=461254-921828&rn=11&rbuf=0&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

bdfc0779132c6df5c7a59e8b5f357577e6b83b7c9f6831314c66fbf59dc5408c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 64 KB
64 KB 15ms
15ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=66037-131572&rn=12&rbuf=775&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

b85ae7bf693120b0a98e59d30577c09bb5f661b2f497b63288b11984c6f19e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 450 KB
450 KB 20ms
20ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=921829-1382403&rn=13&rbuf=1760&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a50c1f7c3ac4af6507da0285a1a94058c4e9783d83a0e881afa2b3e71f53aa55

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 991 KB
991 KB 20ms
19ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=1382404-2396739&rn=14&rbuf=4405&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

6b6c0077b8772814391fd83f93ebc4c4695640d753503278b622d77c51fcbbc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:51 GMT
date: Sat, 12 Aug 2023 17:58:51 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 76 KB
76 KB 8ms
8ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=131573-209461&rn=15&rbuf=4470&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

4a29788382b01c8a6fdaae693c3e4cf1b0c35c92a1cd599ff8c6faecf2538ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST
H3 200 videoplayback Show response
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 128 KB
128 KB 9ms
8ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=251&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=2317727&dur=135.941&lmt=1652779122065814&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALso9-PUcs879uShteaDsYlDUuvGa-W8LPRyka6PcRvEAiA9Qv8gQ6oE_E63GvuncyGkwOmeqno3-NTOdpdyMeNEUw%3D%3D&alr=yes&sig=AOq0QJ8wRAIgS2bnpHw7KtE4cfgIMS5cvBLIJSh0XKzFSeVs1rvRnEMCIGPylNSJ-usnpf0W_xGhE57xE2xpPXuhl-lD3DX9X1_x&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=209462-340528&rn=16&rbuf=9046&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

55028c09e0dd216d852c50fd04dcc9f4d8f1925c7ee27ec837f6800f6b461ac9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

client-protocol: quic
date: Sat, 12 Aug 2023 17:58:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 May 2022 09:18:42 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: https://www.youtube.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
expires: Sat, 12 Aug 2023 17:58:51 GMT

POST
H3 200 videoplayback
rr5---sn-4g5ednsl.googlevideo.com/ Frame 6021 0
0 16ms
16ms Fetch
application/vnd.yt-ump 2a00:1450:4001:6a::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=247&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=19574369&dur=135.920&lmt=1652779089836499&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgd822zErym5J1NoRHblGqoO4HvMjCCo-5-wHE-20W2-ICIQChL31NuLg3MJEn_17M_9p651NnF7GVyn0wLrH9U1u1eQ%3D%3D&alr=yes&sig=AOq0QJ8wRQIhAIYOLcVzn0sgnWw9XRK-4EtDSR4H-o5AA-IM3tsaFe8eAiAyrK9yzHfxeiXRTLw8YUhxwxdyF5bVFVfrc4LAoljrTg%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=2396740-3655365&rn=17&rbuf=10303&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3cd2d050/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sat, 12 Aug 2023 17:58:52 GMT
date: Sat, 12 Aug 2023 17:58:52 GMT
x-restrict-formats-hint: None
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
last-modified: Tue, 17 May 2022 09:18:09 GMT
server: gvs 1.0
vary: Origin
content-type: application/vnd.yt-ump
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21298
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
client-protocol: quic

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Domain: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Domain: www.youtube.com
URL: https://www.youtube.com/embed/ivIUsLAx7_s?start=3&rel=0&autoplay=1&loop=1&playlist=ivIUsLAx7_s&start=3&mute=1

Domain: crpimagebucket.s3.af-south-1.amazonaws.com
URL: https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/img-eastercape.png

Domain: image-tc.galaxy.tf
URL: https://image-tc.galaxy.tf/wijpeg-3dq8g1uts3kjq6dmuyj4p9xt9/file.jpg

Domain: image-tc.galaxy.tf
URL: https://image-tc.galaxy.tf/wijpeg-b0s6fddxj1wokopnwzjl62isa/file.jpg

Domain: rr5---sn-4g5ednsl.googlevideo.com
URL: https://rr5---sn-4g5ednsl.googlevideo.com/videoplayback?expire=1691884730&ei=WsjXZOmUIeC9x_AP9P-BsAU&ip=2a00%3Ac98%3A2030%3Aa004%3A1%3A%3A8&id=o-ANGhk8g65XYR_6B4v3Uc67-LJDRyJyYVKBKik7XM4n1Y&itag=243&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278&source=youtube&requiressl=yes&mh=2w&mm=31%2C29&mn=sn-4g5ednsl%2Csn-4g5lznls&ms=au%2Crdu&mv=m&mvi=5&pl=56&initcwndbps=692500&spc=UWF9fw-5tOOJukiVoRNM9JNq2yzVf7J4hdKC0Z-Ydw&vprv=1&svpuc=1&mime=video%2Fwebm&ns=GSdsXuJ_cMiWvgPiOJYzf7YP&gir=yes&clen=5206753&dur=135.920&lmt=1652779089795588&mt=1691862796&fvip=5&keepalive=yes&fexp=24007246&beids=24350018&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=-87kkBIIkCJ0oQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANvinPp6-3Fis8v3uAFoOB-CqSreOLKi1S1qYbiFkl8uAiEAsd8nPrm-J5YshDrFWmdHVnAjaPduL6MOXEKLRgmLL7c%3D&alr=yes&sig=AOq0QJ8wRQIhAO8csEZWCBk6VdmB71cjmhtq1rJny8bosr7glYYgQH0KAiBwTSZ_0j15xIxc-LfHT3BbuLvWiBZ4-DAhVtlFflV9Xw%3D%3D&cpn=_O0KQgJxBTfn8a-f&cver=1.20230808.01.01&range=239236-241066&rn=8&rbuf=2081&pot=MmQDP-3r6Eh2sAMHaLJhDBdFsH781lFwpk3bAvF-dQQYUhBW80au0Dh8gsYvvAHovj0Q-u0RDNP2bXjhx07DmGQhf--jwZuD2tmkvZyu35sQrXYIoR8Scam8Xu5MnP34Wx_0I9XK&ump=1&srfvp=1

Verdicts & Comments Add Verdict or Comment

108 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/	1970-01-20 23:33:43	Name: 79f08280-5c63-4331-b04d-fb6f39afda51 Value: kUNmSOPnEirSxT7UbKDMh037wOAsrHfyELFPqtY85J8
dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com/	1969-12-31 23:59:59	Name: 319af4c0-e197-4de9-8a9b-fe98c8a2ca04 Value: kUNmSOPnEirSxT7UbKDMh037wOAsrHfyELFPqtY85J8
.firstgroup-sa.co.za/	1970-01-20 16:07:19	Name: _gcl_au Value: 1.1.1973812446.1691863130
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: aoGyFyXj1-s
.youtube.com/	1970-01-20 18:16:55	Name: VISITOR_INFO1_LIVE Value: 9PWs6-eXM8A
.firstgroup-sa.co.za/	1970-01-20 16:07:19	Name: _fbp Value: fb.2.1691863130210.1337316876
.www.firstgroup-sa.co.za/	1970-01-20 22:43:19	Name: cf_clearance Value: U34BVkf1yvQpae0q4.4yU3uzJPNaqzz8ThlIASdU.HY-1691863130-0-1-c90def93.72c1001a.a255e905-0.2.1691863130
.doubleclick.net/	1970-01-20 13:57:44	Name: test_cookie Value: CheckForPermission
.firstgroup-sa.co.za/	1970-01-20 13:59:09	Name: _gid Value: GA1.3.35406325.1691863131
.firstgroup-sa.co.za/	1970-01-20 13:57:43	Name: _gat_UA-98837830-1 Value: 1
.firstgroup-sa.co.za/	1970-01-20 13:57:43	Name: _gat_tct Value: 1
.firstgroup-sa.co.za/	1970-01-20 13:57:43	Name: _gat_UA-135537499-1 Value: 1
.firstgroup-sa.co.za/	1970-01-20 13:57:44	Name: _conv_s Value: si%3A1sh%3A1691863130650-0.24946435706196857pv%3A1
.firstgroup-sa.co.za/	1970-01-20 18:16:55	Name: _conv_r Value: s%3Add1562d995504d8bb9c66c5977d522m%3Areferralt%3A*c%3A
.firstgroup-sa.co.za/	1970-01-20 18:20:31	Name: _conv_v Value: vi%3A1sc%3A1cs%3A1691863131fs%3A1691863131pv%3A1*exp%3A%7B10046213.%7Bv.100421568-g.%7B%7D%7D-10049174.%7Bv.100428469-g.%7B%7D%7D%7D
.firstgroup-sa.co.za/	1970-01-20 23:33:43	Name: _ga_3R5SJEDWK4 Value: GS1.1.1691863130.1.0.1691863130.0.0.0
.firstgroup-sa.co.za/	1970-01-20 23:33:43	Name: _ga Value: GA1.1.731224134.1691863131
.firstgroup-sa.co.za/	1970-01-20 22:43:19	Name: _hjSessionUser_3449617 Value: eyJpZCI6ImEyM2JhNTFlLTQ2NGItNTdmNy04NmY2LWI3YjQ0N2EyMjY2MSIsImNyZWF0ZWQiOjE2OTE4NjMxMzA5MDQsImV4aXN0aW5nIjpmYWxzZX0=
.firstgroup-sa.co.za/	1970-01-20 13:57:44	Name: _hjFirstSeen Value: 1
.firstgroup-sa.co.za/	1970-01-20 13:57:43	Name: _hjIncludedInSessionSample_3449617 Value: 0
.firstgroup-sa.co.za/	1970-01-20 13:57:44	Name: _hjSession_3449617 Value: eyJpZCI6ImM5MjNlZDIyLWUzNWUtNDk1ZS04NWQ5LTdmMDI5ODNlNTRjZiIsImNyZWF0ZWQiOjE2OTE4NjMxMzA5MTMsImluU2FtcGxlIjpmYWxzZX0=
.firstgroup-sa.co.za/	1970-01-20 13:57:44	Name: _hjAbsoluteSessionInProgress Value: 0
.firstgroup-sa.co.za/	1970-01-20 23:33:43	Name: _ga_LP9ZQF3SMX Value: GS1.1.1691863130.1.0.1691863130.0.0.0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.
network	error	URL: https://www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/fa-chevron-right-blue.png' Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.firstgroup-sa.co.za/'https://crpimagebucket.s3.af-south-1.amazonaws.com/fontawesome/fa-chevron-left-blue.png' Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10041242.metrics.convertexperiments.com
api.tsa-db.com
cdn-4.convertexperiments.com
cdn.galaxy.tf
cdnjs.cloudflare.com
connect.facebook.net
crpimagebucket.s3.af-south-1.amazonaws.com
dd1562d995504d8bb9c66c5977d5221d.svc.dynamics.com
dynamic.travelclick-websolutions.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image-tc.galaxy.tf
jnn-pa.googleapis.com
logs.convertexperiments.com
mktdplp102cdn.azureedge.net
onboard.triptease.io
region1.google-analytics.com
rr5---sn-4g5ednsl.googlevideo.com
script.hotjar.com
static.doubleclick.net
static.hotjar.com
stats.g.doubleclick.net
www.facebook.com
www.firstgroup-sa.co.za
www.google-analytics.com
www.google.com
www.google.de
www.google.ru
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
crpimagebucket.s3.af-south-1.amazonaws.com
image-tc.galaxy.tf
rr5---sn-4g5ednsl.googlevideo.com
www.youtube.com
13.32.110.74
18.184.21.194
18.195.182.116
195.244.31.25
2001:4860:4802:34::36
2600:9000:25eb:9e00:16:41f8:18c0:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700:3034::6815:1478
2606:4700::6811:180e
2606:4700::6811:ba3a
2a00:1450:4001:6a::a
2a00:1450:4001:800::200e
2a00:1450:4001:801::2008
2a00:1450:4001:806::200e
2a00:1450:4001:808::2001
2a00:1450:4001:808::200a
2a00:1450:4001:80e::2004
2a00:1450:4001:810::2002
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2006
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c08::9d
2a02:26f0:480:b82::14a9
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.5.228.141
52.169.10.20
52.222.149.81
00792ef04b29d7cbd5110cea7e934b63b774145c63defbc66d3df9bd1023ff63
02a40f2e04358612332400244cd5334e264ea2de1c828722881dcf31c4371a95
054869ad4bf0c379b4dc42a8322c026082b05f60227e5e21e7f823513978a8db
06821251a29e71f8fd4f60349667c54d163b16d7bc8b1d47144c7f5042683eef
06974c9091b3e70446eb2ab5ec7bb699b26d663dfdff6bea5cdd6a14e1dd8398
07b896a6d0efd4c2b706477a0f2c2ada2dff59d654a3cd4bf2ed84333a90d7c7
0854d432df5634f3e1bcba1668e56d8de1e0cb55ede3a6bbcee97b463b06df9e
0cb3ad59518a9b556a3900b3f67c8312cf1f2db88f77cbadad1e6e4f7b425e0c
0cc32f757c93e1f0ead3f3c7a82abd4a1f3627ae69095466d755e0b7b24c1a64
0e003b169bf76bfe6b71c69c6a01cbd962ea9189c223ccd3d0c1c0a39b053fe1
1008f86262ea5d3c1d8917291494386829d0bd2869d033c148d9b163099b1635
1a3b0cbf952799547c2631866cd4668ed212a3fb921e1e72753354c956f21802
1bee18ec8d387da52c83bb979a5ebfd0a81f01e4578a9217246454d7248e8e44
1c9626c5402c15ca7c1548128fa80f832a527167e1929c0d7761ad2c5c9c4606
1ceca7f93027ae6ce822af44faf9da291281b4edb529a5786d6eeb559bdd1855
1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d07bfa00d1f9d04ac74c4e9111a7f8c5476ac28ea4fdf1e31bb40752245790c
207b7088bcd61880bc07ce962ecd4a7f52d0feb79a22f3edffb4c65616de5d5b
21e3b91dff6fbc82e8f064bdff51a687158d9362c8b0c85d1b84cb9d8bea62e3
223b53fe6d76f02cacfa858abf2929c33a427bd98928b49f6144f61de7442512
26b462068bdb82b16889165aae09e185499c92d7f70e02805f922e9291169a7d
29c72f50baa77d7a96841e6df51b4eedb48a39f05825f3276700cb5bf758e867
2fd81877dee9b8de82e1ef329d3d590f35c5a6f35db9a772ae64cce37e8c4955
30d352e26a4125dbb420c490d16b9ba03015a89a14b4ee4c38a7dfaade9d6672
32dc9c280fd462f199e49cc6a3d81bafbe3d6e87373c8317d05bc271a7631162
3642c7e774562f7483d7b0de93dd1759fc6928e85eebd7e62ddae72e9d46c9cb
370353e4ab3c721004b68bfecf316e58f3cbda89fd8a43b860a11b4258c72afe
387802abcdae28d34fc9820f6a349eb718e46e07b0016cdcdd457f62bd1e3891
38f16d8606a09ffd210bc1f30e84dcbf27415c58f66fca1f766a8026a0b8b179
3d11f751bbfcb3f74bcf60fcd587652038107e810669cd061441a399110e6e91
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45323faee617fa4d1d0a407bd583004804bceeeaa544b5c64620875f794faa73
456f76e0ae5bc0b2f2ac9bd4306691eb0c7c87aae92249ce436c1f3745f0a014
45b3d549261a118768c314e4431476d8d33820dc90e8be45d3b042f4472b0db4
464bf5d03bbddcbf63100cead9433316f908de11ee2cf598961e82e8504ea514
48bad552d6886e2445947eb63f508631089b16cd348e9a115458a6f09d790e69
4a29788382b01c8a6fdaae693c3e4cf1b0c35c92a1cd599ff8c6faecf2538ae4
4ceb77b17a375d1ebac44a425f0f68a9350a5205c568b9b2c8cccbfc754464aa
4fa9553b8e1c2e83d93cb6409d0c04fbd7f4df5fa073dc09526380b79c74aa6a
55028c09e0dd216d852c50fd04dcc9f4d8f1925c7ee27ec837f6800f6b461ac9
5547d8f26f4675dd63aa5f6b080b0dec9af0a22ff9232e297f03feeeb143cc3b
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bd577e488488216796fb0c3f962f4c49f25299c5404ed1c51ba896213d0f35b
5d18d8c02267735d514d1b55662dd81b79a74863066d4c6145d108a8099b7818
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
5eef0da28736c0d6bec2bc7e465568c9ec92cc57f00f02b231424189c7cc52c1
6189a3e875798b48a2aff20850cc045c4f13c714a801df8130819228595fe37f
631f53ff2a22fe40a20e2aa08c22b8f2ffa57758338e1d51631285eb78af61d3
67048f24f9e15b8d779c632b86d09c4d9c9bb887a3142132bbb5f103e5163e11
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6b6c0077b8772814391fd83f93ebc4c4695640d753503278b622d77c51fcbbc0
6c8a44f7c6d1d9a2c14f46df0a645d42fa8ba455e5cf8ffc94e009e3abf4ac6a
6cef062d5ca987609306c6c38e0306cc71b2a9515c219aec6edc4a61b37d2931
6ff63be0f3ff1d88d1a3de3f0115d9593a43ac04b6e0dcb5f4b1846d9767e105
70bf367f8a864b1ffff64191ae85b7f6bd66f5127b7acdaa73db9e4e46c8981a
7187324394cdd90e7af3d8288d741d4e6abd9ca9d881a9d4dc004880b05d56b4
728e2bdd2f7e678175dccbc728d33db34fb33f9c3eacdb092cb8925cd91f1184
7709a3a753368dd902babe99c18fe83e46687d7a96f243d0106e61636dd0b757
79678d24bd9f41105fb06584b5e9a01dc43daa1a8f110e24dc07f21cf997f38c
79ee569bcfc70ba3ee9b288d31aa6097e52e27a2b59d76407c241f23686afaa1
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
805d6b8ee89a52f3e39dcc7a8aa466ea5795ddd3933f7bf2f848219cb26d7437
81de0bef4d215f25efd857ea6aae275b66b6670952b42d1609e57a955c952b14
81ee91b271d16e2cfce70838aae0a41831cc99e8ffa7c070c021e9d803b5b03a
81f5a03e1b49cbe1692501481bd08328870b21f448be669a04666ae2a6c96855
82459c87ed7d203946353ab51cd4ad241e28cdbd58a183ac3f89e4a5abe10b56
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83916a5459c05de171ef747a875a65d223db6c1dd22c77d57ec9360ab176f0d5
84eacf3f43bf7b9177fb78c533f34c3930cd517da0295bfd57bd5e01b2400ed8
87d0c7f3c30cf74913468135b848dfa09f4851fad0bacbfe4e433c4da52f3a9f
8ab03989e598adb11b0685eddc89c28335e8e37a982fc9e53f2ef35227bb2527
8d561b3b5b59d01ba7eb7228cc3f9e7eb550941335bb93f9696b1ebda16debb9
8db19ec556281513f35f4fafc0010c39b1c8ad15c3419331ea692e5ad13dd24f
92f99f2e7e8d68192343c9f3eb7ecd63743cdf231fa7eda81b41cf23fb5c9f7e
94eb0a52735a4fda922b79ef6779dce909df3cc8be2df88a068329e653ec7614
9567db7f44c31edfeeb66b61f5b54d55e861d7e948d185f85acbf4d92f7d4791
97cda42374d2f162af0faeb04e3113a0f497ff0077b03450ba61b88bdc3f7b07
9cdf2602ac04f7e2bed582d4299c73d464fc4ab069e3ad5a20ee2b6635a015b8
9d350c18850ccb96442fd9e501dfb290827f44090e10449f25ad95cd782d2d4a
9e2fd837706dddcf705eb8f148f17035ef45ab7c7572c561b8490c72a78fb6f1
a4d21af82fff03e13660f93dccaa1fe66efec82343bb0096f0bdf2606a71ba2b
a50c1f7c3ac4af6507da0285a1a94058c4e9783d83a0e881afa2b3e71f53aa55
ab2c50b0f96b78ba9de36dd89a648ecaef214c89667bb3c9c8bd4220e63184d3
ac972e92471558a5ac45dbb31889b2ce96647fd2ee75e7c881b78df67075f091
acd49b929d9d8836eb1f57feb264259aaafc6c6a0ba9cfb9b803150f040814f8
ae61c203f46423b463b144bdce07a3403780e1276228e39a31958ff0602e1551
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4211cdc39964bfc88e6d753bba82c5714b3eb7077f2df4afb523971bac804a1
b4e8fdcb8768b79bd2c243c78d8c348e03fbf4627f9ef5efcc6e018c617aa61f
b85ae7bf693120b0a98e59d30577c09bb5f661b2f497b63288b11984c6f19e60
bb30fb7d044c56ae5f6cf016c6cd539b023be7444bd51992d154862731a81258
bbaeab2ed9b08396fe9eb50e625be37bc41095ef32bf9ef05e99350b15f53d65
bc109442d6d08933a67b0f00c920e0c7916a760910f56ab6369e22b4ac919b6e
bcec23ad664498a53075b038812dd7575d281fd1b1b83b48fbdf2d5c73fa483c
bdfc0779132c6df5c7a59e8b5f357577e6b83b7c9f6831314c66fbf59dc5408c
be7b85136bd51909802cf9df3eb5a9c4422d6149bb469b07233a0ea591a73b46
c06384c2930a25b8c0e71e8f2fb89d3a9039411169e5e693b38d6e6204c18483
c5fdd19dddc91000ecd56ad92efc0fe96b422df35350402a389b8f069bf1ebe8
ce4f1b48eedafeaa3d9b02d15dc642b4cc9a995b6e517d6d9bd91d007a420a6c
d47a786c6b9e0f114e0ff0c92a8ff81d27d822447e41279494336c84560ea675
d5d3fc55488572a9b3887994dd1df3fb180c34fb6960f2383b064ee7b304a397
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dadd2fe93bedffecaca7fed58fd74af66da5fefff858b48cb2d45494236f4d4c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfda8e97c19d1b57e5c77e515defcd80d7613d7b985bf58fe9abd989ccd5714a
e1af5c26a6ca0cf6e1efcd25d203b5d1b890d8d2756d58ca0cfdfafa2f488576
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e469a2c69ee48268522d69aa6fa85aef8a1c05f2874676711d38c1fd66b84a02
e4f6019b8649b0be2019a78df9656c55e42bd480d4e84e80110bd96d80847d44
e6e6c099db196d9167087c5e4b1fb7b7a34ee9020f7d2b614883194ba47b7519
e94826ed9cfd12ab25a587e4bcdb4c237167fcd85b38b8350782de861c0bb0ec
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee7e81d11ec12279107e6f1a901a1c741655798bfa9fc8e550f6357b62629b8a
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5c9917ae6f29de0ba5c6606ea4d7bae6a7072f6b08fc90ddf9cfc09027b07ee
f6f096aff0b42de211cfa97c74df6dab72fc336b06eaab72d712ab7d41e66064
fa80ff98e460b47ef13c3f8d436f3d323a303444be42dadac03f8655f8c07248
fe9f5235c18e578dc12c1bd5956e6f96088c13b588d8d3cdfdcbcc97c5dddaa5
ffcebca678b2e45846c5fa75b96c7f9229d85521f8438d19994ba66cd0c196a6

www.firstgroup-sa.co.za Open in urlscan Pro 2606:4700::6811:ba3a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

160 Requests

93 %HTTPS

77 %IPv6

25 Domains

34 Subdomains

32 IPs

4 Countries

7755 kBTransfer

15747 kBSize

23 Cookies

48 Outgoing links

Page URL History

Redirected requests

160 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.firstgroup-sa.co.za Open in urlscan Pro
2606:4700::6811:ba3a Public Scan

Screenshot
Live screenshot

Full Image

160
Requests

93 %
HTTPS

77 %
IPv6

25
Domains

34
Subdomains

32
IPs

4
Countries

7755 kB
Transfer

15747 kB
Size

23
Cookies

160 HTTP transactions
5 data transactions