www.kaiserpermanentelocations.com Open in urlscan Pro
35.208.134.119 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4ot...
Effective URL:
http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4ot...
Submission Tags: phishing malicious Search All
Submission: On April 27 via api (April 27th 2022, 6:23:34 am UTC) from US — Scanned from DE

Summary HTTP 92 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 14 domains to perform 92 HTTP transactions. The main IP is 35.208.134.119, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is www.kaiserpermanentelocations.com.

This is the only time www.kaiserpermanentelocations.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	35.208.134.119 35.208.134.119	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2600:9000:224... 2600:9000:224a:3000:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
92	22

12 35.208.134.119 (Council Bluffs, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 119.134.208.35.bc.googleusercontent.com

kaiserpermanentelocations.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.kaiserpermanentelocations.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:224a:3000:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	criteo.net static.criteo.net — Cisco Umbrella Rank: 628 pix.eu.criteo.net — Cisco Umbrella Rank: 8497 csm.eu.criteo.net — Cisco Umbrella Rank: 8498	73 KB
17	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 96 tpc.googlesyndication.com — Cisco Umbrella Rank: 127	265 KB
12	kaiserpermanentelocations.com 1 redirects kaiserpermanentelocations.com www.kaiserpermanentelocations.com	166 KB
6	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 15229 ads.eu.criteo.com — Cisco Umbrella Rank: 8495 rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 12524 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10741	100 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	33 KB
5	gstatic.com fonts.gstatic.com	143 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 64 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1323	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 163	73 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 9242	914 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 137	83 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3042	70 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 773	659 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	3 KB
92	14

	Domain	Requested by
14	pix.eu.criteo.net	ads.eu.criteo.com
14	static.criteo.net	ads.eu.criteo.com
11	www.kaiserpermanentelocations.com	www.kaiserpermanentelocations.com
10	pagead2.googlesyndication.com	www.kaiserpermanentelocations.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
7	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.kaiserpermanentelocations.com
5	fonts.gstatic.com	fonts.googleapis.com
4	csm.eu.criteo.net	ads.eu.criteo.com
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	secure-gl.imrworldwide.com	ads.eu.criteo.com
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	connect.facebook.net	www.kaiserpermanentelocations.com connect.facebook.net
2	netdna.bootstrapcdn.com	www.kaiserpermanentelocations.com netdna.bootstrapcdn.com
1	www.google.com	tpc.googlesyndication.com
1	rtb.nl.eu.criteo.com	www.kaiserpermanentelocations.com
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	fonts.googleapis.com	www.kaiserpermanentelocations.com
1	kaiserpermanentelocations.com	1 redirects
92	22

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-04` - `2022-05-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-13` - `2022-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-19` - `2022-06-18`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-15` - `2022-06-13`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-13`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-10` - `2022-07-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh

This page contains 9 frames:

Primary Page: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Frame ID: 0A681016B96D3E1AE975E63025688349
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/zrt_lookup.html
Frame ID: B0A8D904ED177B9FA7DCC038181F6732
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&h=90&slotname=3842318397&adk=2071212552&adf=473766257&pi=t.ma~as.3842318397&w=728&lmt=1651040610&psa=0&format=728x90&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&wgl=1&dt=1651040609828&bpp=5&bdt=595&idt=165&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&correlator=7964393289200&frm=20&pv=2&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=65&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=Hj6nZQEVGP&p=http%3A//www.kaiserpermanentelocations.com&dtd=181
Frame ID: FA480AAB28778B52EA067BAD1C61E86A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&adk=1812271804&adf=3025194257&lmt=1651040610&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&ea=0&pra=7&wgl=1&dt=1651040609950&bpp=1&bdt=716&idt=67&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=7964393289200&frm=20&pv=1&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=72
Frame ID: 04B80A7509536E98A92A4577D807A82C
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABO-8K4H-aAA6ME57rbjlcRldvDDMLvw&u=%7CW4pzINlo2GuF7svzcNRJpLoH7m89ODF8zxD2oCDZjAU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpNfsuV4bKOZdERZwsUOl74YTlNh2oC0QHbRnEZvUUilVUFkTWXPEuAGXOytnRATlVkzeJ9iV5sbducwlERXp6uAfnYBU3cXdAox5OHLnUXKbd6vaNdHdXzaKRlGjI2-nyYAG7K_RKHi43-vsUQy9-NY9Md4qTsbnsU9qgWpoUpRskb97z2-2wtq8zdUjNVWtiyfgYED6RK9GwhS8ryyNx-wlrqSIBOfYkgmOA9p0hLN2bsCeu3u8EUeE-cuovc-baX6qOysepO-Zch8-wZ_v9Fw2d4YZ6xuRLY-tqjAu3_iLVd6ud7JrXHbCCY-nApvgbMS37gAh5O-VzfW2gYQKVkFrQebkxMXCBHMAW0G3tC31iQDf8XELdQrbPasyw8GZPKOjBhikPRgFWH-U076q7Tr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvCk-YuFoYu_3BJr_gQeTmLqQB8me0rFc1Z2R93DAjbcBEAEgAGCVyvmBlAeCARdjYS1wdWItODM0Mjc0NjAxOTk2MjQyNaAB1bbS6gPIAQmpAo_aFuuE3LE-qAMBqgTNAk_Q158nOCNANch5mAhxuvw22Fdo2GW-jRUChqml9KmBiwmCViOlNadmnNOilioI1JWePxoR0lBC-H0JiteRA2Ah-izPVPLxvt4anX4uYDiYvt_W9FObgcY2rVqFtsAWYm3DzoOP-xjURCQ-wPfjX9d7kzUBBC8JEklsz8k38JzbUUtskI4wREuCwhxs87gLgy-OxX7x_UT4XBTDm6b8wtSRbela-d4UaIoeMM11jEw8AHxptK7L9K_yA_1r2JcfG_j128xfkX41S3I6rSJXTOlHJYQ-NCqI0zVo_QfNUOFO805Fz9C44gwICr1I9EcwJU-DJd-_B6zpadbvUqPjJpNmr_nicZcB5GuEkCma35w0ozxzeLSjBsqIfyQrTrcBAZRMkzy_f67fCdbAcsaKB8nZ2G6Ktn0_k1kTJZ6bXwafT7g-Y85fh9dRFZpJuYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2dGy89ANgeQj7eNiAk9-26PjP8Og%26client%3Dca-pub-8342746019962425%26adurl%3D
Frame ID: 9758BF2E3B6264C7BC58AD13F62CDD44
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6C0215623CCE8DA391D0FD02134FC57A
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABN78IEcS0AAo1VBcTg-Lg8qDbK4TNSg&u=%7CW4pzINlo2GvRu46e%2Fd3pt2%2BOQTPpe39RLeL29%2FmgW4M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUIsqRqxN4CBxsEbVnYfgd0fCfGD1-hwqT5P_HASFyF3R4wky1NzvbCU9nVCmvjRXZfkp2fh4wNHToRjuwgrUz4nANoGbvp-Lrkf-Ql94b8grWB0ztZb4DMdWPzF2UBHGl2JxSzlqVzGYXbbO-9SkUQGWfgYgv8-lnzX05oUkvUJchEEZmOi7KWCkuszRp5x-M_OVNxqTY5cd4V3f29mvoJsXzJpDAykSUZR7nN0DKjBQV1eQHEi97fBNWYKhDldP1QIW2G86BLh96mA76sVeI0ZcJvgKcAFuBXf4rGx6hRAYqIjRugflyayjYt9pa9NPufNFo5BRjfxcOPYORPQez9d44rYTBufAHUF0GG6lwYFMyfVnrmgSNUZdZBVnvqgh_FB38eLBXcXkL2l5IlJWZy0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCg-I2YuFoYr_vBLSJx_AP1OqogALJntKxXPWdmPdwwI23ARABIABglcr5gZQHggEXY2EtcHViLTgzNDI3NDYwMTk5NjI0MjWgAdW20uoDyAEJqQI8k0UEytuxPqgDAaoE0AJP0K2RczBzICdlQojVZl_wmyuWG7VHHGVlHYEc-_PP4wOgSieLe82vWLvORZpODTU8kSqwtT68tbJ0hRhDMagxXhJaovxbAkVdg8gUQ6MazILtd5r8nPGb1qD7FqFaU4SqhGQwCE-Ob4KjnntUMM1wcMDlz3WSk_PYfCozHz_kK6Z87lBdev2msuY1pTjIIc-iBqIwZKwqKXkSaIQv74X2AIhJ4W1gpjK14Vzu89D8URNPB5e8cQ7l5XWxKTn2BKf4E-WZhMulc8KYOk7df0sNXrjXgdEZE2ExkNLXS27bX9re0S7vXScQBMnJg0b1SUfFJ_AUpRSl3IoG2wBlqkRiVryHUndLsf3hhY3PmELIX5Q67reL3VZkk7dyjAOcq9VN9Wqvf7Gy22hzViRStbnktE2X9koCOGO9WQJPRsPP8-WoVZIWJwN__5hpVclp6iCABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1kDWvuhiDj7qm3DOznfi97gcDi1A%26client%3Dca-pub-8342746019962425%26adurl%3D
Frame ID: A7604CF6E0D76520A2E01B719738EEF9
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0F867578FF8A546524029EC729790B22
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 91E48998DED2805E5C9B6FBEED1FCBDF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nothing found for Paypal Account Update Information 3E7Cc91Cadf27C288D621Dd3F30C427Cntzjmjaznwi2Zdawywjhy2Zmoty4Oti1Ntm1Nwnhode=

Page URL History Show full URLs

http://kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznw... HTTP 301
http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznw... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

92
Requests

78 %
HTTPS

81 %
IPv6

14
Domains

22
Subdomains

22
IPs

3
Countries

1014 kB
Transfer

2601 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/ HTTP 301
http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3 HTTP 307
https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3

Request Chain 18

http://connect.facebook.net/en_US/sdk.js HTTP 307
https://connect.facebook.net/en_US/sdk.js

92 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

404
Not Found

Primary Request / Show response
www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Redirect Chain

http://kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/

36 KB
10 KB

441ms
284ms

Document
text/html

35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: c694b243d9570a72f687bc2ef988770bac07c3d3b3ef1c98cc382e79333f1a6e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Apr 2022 06:23:29 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
Link: <http://www.kaiserpermanentelocations.com/wp-json/>; rel="https://api.w.org/"
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Httpd: 1
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: 0 NC:000000 UP:SKIP_CACHE_NO_CACHE

Redirect headers

Cache-Control: no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Apr 2022 06:23:28 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
Location: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Server: nginx
Transfer-Encoding: chunked
X-Httpd: 1
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: 0301 NC:000000 UP:SKIP_CACHE_NO_CACHE
X-Redirect-By: WordPress

GET
H/1.1 200
OK style.min.css
www.kaiserpermanentelocations.com/wp-includes/css/dist/block-library/ 81 KB
15 KB 145ms
145ms Stylesheet
text/css 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Apr 2022 01:36:15 GMT
Server: nginx
ETag: W/"624e400f-145db"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: text/css
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK reset.css
www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/css/ 1 KB
1 KB 271ms
141ms Stylesheet
text/css 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/css/reset.css?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2f719d34d3d7420ad540758d502a29633213bceaa985ea2df545aa60dc7e8758

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jun 2019 18:59:05 GMT
Server: nginx
ETag: W/"5d0bd779-434"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: text/css
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H2

200

font-awesome.css
netdna.bootstrapcdn.com/font-awesome/4.4.0/css/
Redirect Chain

http://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3
https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3

32 KB
7 KB

82ms
35ms

Stylesheet
text/css

2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3

Requested by

Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/

Protocol

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e17416059f9e1ada9694ae457d869c6c2941d9da66c9e9ac5d725ab45b50d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 864
age: 1852012
cdn-cachedat: 03/12/2022 12:07:49
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.02
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: W/"8e12157da5fc90094ae4113ba110456b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 0d612afd70bc9432e22e5f8161fd4967
cf-ray: 702578404c605bf1-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

Redirect headers

Location: https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK style.css
www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/ 96 KB
21 KB 273ms
142ms Stylesheet
text/css 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/style.css?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: c12cd044316a5022a293f9e4e35588d06cf5f7cda832c145f039d4a316ab2f9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jun 2019 18:59:05 GMT
Server: nginx
ETag: W/"5d0bd779-181a3"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: text/css
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK media-queries.css
www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/css/ 91 KB
15 KB 275ms
141ms Stylesheet
text/css 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/css/media-queries.css?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e7efbcec2efa43d1352f6e0f2ca328a549f008753e94ee19f3c9b7bcf62cb9c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jun 2019 18:59:05 GMT
Server: nginx
ETag: W/"5d0bd779-16a91"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: text/css
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK jquery.min.js Show response
www.kaiserpermanentelocations.com/wp-includes/js/jquery/ 87 KB
36 KB 280ms
144ms Script
application/javascript 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Jul 2021 14:06:34 GMT
Server: nginx
ETag: W/"60f97b6a-15db1"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.kaiserpermanentelocations.com/wp-includes/js/jquery/ 11 KB
5 KB 280ms
144ms Script
application/javascript 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Dec 2020 05:18:07 GMT
Server: nginx
ETag: W/"5fd1af8f-2bd8"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK css
fonts.googleapis.com/ 49 KB
3 KB 57ms
35ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b6d92a053ef7ca8cd4e069068ff424f220030a115f0bd100397c7f427fc0207b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Wed, 27 Apr 2022 06:23:29 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 27 Apr 2022 06:23:29 GMT

GET
H/1.1 200
OK 200x50.png
www.kaiserpermanentelocations.com/wp-content/uploads/2019/06/ 2 KB
3 KB 141ms
141ms Image
image/png 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.kaiserpermanentelocations.com/wp-content/uploads/2019/06/200x50.png
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3d3cd49bbbbe8b127db11882604a518a28d4b1098336c4a2127fcd4d18b5f840

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Last-Modified: Sat, 22 Jun 2019 12:44:20 GMT
Server: nginx
ETag: "5d0e22a4-8dc"
X-Proxy-Cache-Info: DT:1
Content-Type: image/png
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2268
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 157 KB
54 KB 74ms
52ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5674f004d22f6f785ad04e3d94fdff487c9d20e7d39ec7088a9d493a1534b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 13311158072877361872
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 54536
X-XSS-Protection: 0
Expires: Wed, 27 Apr 2022 06:23:29 GMT

GET
H/1.1 200
OK scripts.js Show response
www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/js/ 147 KB
43 KB 149ms
148ms Script
application/javascript 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/js/scripts.js?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1fa3a233c0d1463154194787dbd62596c21bb054017aba903f4e77d79c0123d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jun 2019 18:59:05 GMT
Server: nginx
ETag: W/"5d0bd779-24dea"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK jquery.infinitescroll.min.js Show response
www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/js/ 21 KB
13 KB 146ms
145ms Script
application/javascript 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-content/themes/flex-mag/js/jquery.infinitescroll.min.js?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Jun 2019 18:59:05 GMT
Server: nginx
ETag: W/"5d0bd779-54c9"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.kaiserpermanentelocations.com/wp-includes/js/ 18 KB
6 KB 145ms
144ms Script
application/javascript 35.208.134.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kaiserpermanentelocations.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: www.kaiserpermanentelocations.com
URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
Protocol: HTTP/1.1
Server: 35.208.134.119 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.134.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 06:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Jul 2021 14:06:34 GMT
Server: nginx
ETag: W/"60f97b6a-4705"
Vary: Accept-Encoding
X-Proxy-Cache-Info: DT:1
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
Expires: Thu, 27 Apr 2023 06:23:29 GMT

GET
H3 200 fontawesome-webfont.woff2
netdna.bootstrapcdn.com/font-awesome/4.4.0/fonts/ 63 KB
64 KB 123ms
99ms Font
font/woff2 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0

Requested by

Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.css?ver=5.9.3
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632
age: 99869
cdn-proxyver: 1.02
cdn-cachedat: 03/11/2022 12:46:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64464
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 9959fc10f1dc0c7691a067fcbc6dd87f
accept-ranges: bytes
cf-ray: 702578433bc86955-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v24/ 30 KB
31 KB 40ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/montserrat/v24/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 17:37:43 GMT
X-Content-Type-Options: nosniff
Age: 45946
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 30876
X-XSS-Protection: 0
Last-Modified: Tue, 26 Apr 2022 14:37:35 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 26 Apr 2023 17:37:43 GMT

GET
H/1.1 200
OK memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVI.woff2
fonts.gstatic.com/s/opensans/v28/ 16 KB
17 KB 41ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v28/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVI.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9955557c047d44a9e3b361768b0c4015db5bb49ccc8c6513aa6e40ce0f1b3a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 16:39:39 GMT
X-Content-Type-Options: nosniff
Age: 49430
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 16664
X-XSS-Protection: 0
Last-Modified: Tue, 01 Mar 2022 22:03:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 26 Apr 2023 16:39:39 GMT

GET
H/1.1 200
OK S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 41ms
22ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 18:04:33 GMT
X-Content-Type-Options: nosniff
Age: 44336
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 23040
X-XSS-Protection: 0
Last-Modified: Tue, 26 Apr 2022 15:56:42 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 26 Apr 2023 18:04:33 GMT

GET
H/1.1 200
OK S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
24 KB 42ms
22ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 18:04:33 GMT
X-Content-Type-Options: nosniff
Age: 44336
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 23580
X-XSS-Protection: 0
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Wed, 26 Apr 2023 18:04:33 GMT

GET
H2

200

sdk.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/sdk.js
https://connect.facebook.net/en_US/sdk.js

3 KB
2 KB

66ms
21ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a9e299c72caf5bfc046edecb24e85e56e659367e9f4a16b1eb47511442a42734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 9zSqWgOCjg+uKilFD7Up9Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Wed, 27 Apr 2022 06:38:07 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: 1o9FKmo8pKpUqNJBxSz2lZ6AIWdPEXYLbLa4wnPkFC6RLSQbFOEDYxqk9+vyAfer0exqziEMehPM+6nBMSqdPQ==
x-fb-trip-id: 686109401
x-fb-content-md5: c852263c2ce46e4f1c35d5e05a562cd3
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 27 Apr 2022 06:23:29 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "aa0cde29cc4d4102f64188f8422e6a77"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.4
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v16/ 47 KB
48 KB 41ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/worksans/v16/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 15:16:50 GMT
X-Content-Type-Options: nosniff
Age: 572799
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 48480
X-XSS-Protection: 0
Last-Modified: Thu, 03 Feb 2022 00:24:58 GMT
Server: sffe
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="apps-themes"
Expires: Thu, 20 Apr 2023 15:16:50 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 283 KB
81 KB 44ms
21ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=653f5022a0a7cb7aa882e0e3ab709e8e

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

43129e24843ed34d7db730d6af882636ded271d94b02c73c236b79f83327e2f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Origin: http://www.kaiserpermanentelocations.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: brZsaO2Ny9BY7ShnT4C2CA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Thu, 27 Apr 2023 04:26:38 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82880
x-fb-rlafr: 0
x-fb-debug: dFB2Da8f7vU8EGwEgWkFO/7m+TMOiIRtTrN7Y3JUxORYiVgSN08L3KN7cLaaj8YS95MFi76fbbWxXtPwx+AC4g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: d0a9e7143643803e771abe0672f6df61
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 27 Apr 2022 06:23:29 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "c23a07c33d7391b31cd3850c974ee368"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/ 305 KB
109 KB 99ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8342746019962425&plah=www.kaiserpermanentelocations.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68f7e8b2ebda976f723aff03aa0e2bf1bfff02a35fba1ed5be105422ccc88da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111276
x-xss-protection: 0
server: cafe
etag: 10150417569993600798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 27 Apr 2022 06:23:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/ Frame B0A8 10 KB
5 KB 74ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 47270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 26 Apr 2022 17:15:39 GMT
etag: 3347421328414474149
expires: Tue, 10 May 2022 17:15:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 233 B
659 B 87ms
30ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.kaiserpermanentelocations.com&callback=_gfp_s_&client=ca-pub-8342746019962425

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8342746019962425&plah=www.kaiserpermanentelocations.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

72d8b09dae7ff253fce35b60f8c13a803ff0070f5f8e9464008221c45c818cff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 215
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 84ms
34ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.kaiserpermanentelocations.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 81ms
30ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.kaiserpermanentelocations.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FA48 24 KB
10 KB 219ms
174ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&h=90&slotname=3842318397&adk=2071212552&adf=473766257&pi=t.ma~as.3842318397&w=728&lmt=1651040610&psa=0&format=728x90&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&wgl=1&dt=1651040609828&bpp=5&bdt=595&idt=165&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&correlator=7964393289200&frm=20&pv=2&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=65&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=Hj6nZQEVGP&p=http%3A//www.kaiserpermanentelocations.com&dtd=181

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70a10d0600f55beebf3cd07d87f1d616a5cd7e05d48dcd816e580a3892e28b2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9829
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Apr 2022 06:23:30 GMT
expires: Wed, 27 Apr 2022 06:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 04B8 45 KB
14 KB 203ms
170ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&adk=1812271804&adf=3025194257&lmt=1651040610&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&ea=0&pra=7&wgl=1&dt=1651040609950&bpp=1&bdt=716&idt=67&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=7964393289200&frm=20&pv=1&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=72

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7dd4071d21075304c51afd2c6a3a666ed026417bedd5864ae086ee8bbd4e18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 14816
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Apr 2022 06:23:30 GMT
expires: Wed, 27 Apr 2022 06:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame FA48 3 KB
1 KB 73ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&h=90&slotname=3842318397&adk=2071212552&adf=473766257&pi=t.ma~as.3842318397&w=728&lmt=1651040610&psa=0&format=728x90&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&wgl=1&dt=1651040609828&bpp=5&bdt=595&idt=165&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&correlator=7964393289200&frm=20&pv=2&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=65&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=Hj6nZQEVGP&p=http%3A//www.kaiserpermanentelocations.com&dtd=181

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 05:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 May 2022 05:30:24 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame FA48 15 KB
7 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:11:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 567849196274905959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 May 2022 06:11:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FA48 119 KB
37 KB 89ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36950
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1650454428054601"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Apr 2022 06:23:30 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FA48 0
0 63ms
63ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C3MTjYuFoYu_3BJr_gQeTmLqQB8me0rFc1Z2R93DAjbcBEAEgAGCVyvmBlAeCARdjYS1wdWItODM0Mjc0NjAxOTk2MjQyNaAB1bbS6gPIAQmpAo_aFuuE3LE-qAMBqgTKAk_Q158nOCNANch5mAhxuvw22Fdo2GW-jRUChqml9KmBiwmCViOlNadmnNOilioI1JWePxoR0lBC-H0JiteRA2Ah-izPVPLxvt4anX4uYDiYvt_W9FObgcY2rVqFtsAWYm3DzoOP-xjURCQ-wPfjX9d7kzUBBC8JEklsz8k38JzbUUtskI4wREuCwhxs87gLgy-OxX7x_UT4XBTDm6b8wtSRbela-d4UaIoeMM11jEw8AHxptK7L9K_yA_1r2JcfG_j128xfkX41S3I6rSJXTOlHJYQ-NCqI0zVo_QfNUOFO805Fz9C44gwICr1I9EcwJU-DJd-_B6zpadbvUqPjJpNmr_nicZcB5GuEkCma35w0ozxzeLSjBsqIfyQrTrcBAZRMkzz9fY9NjllcYXkWE2oJ5chyv2k1JVM9PRwvlzs5vQcgT9baLVNCqoAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItODM0Mjc0NjAxOTk2MjQyNRgA&sigh=CyKYvSPtTHs&uach_m=[UACH]&cid=CAQSGwCNIrLM1KCx39APvMsty7tHVt5wy8_3sefX3xgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8342746019962425&output=html&h=90&slotname=3842318397&adk=2071212552&adf=473766257&pi=t.ma~as.3842318397&w=728&lmt=1651040610&psa=0&format=728x90&url=http%3A%2F%2Fwww.kaiserpermanentelocations.com%2Fpaypal-account-update-information%2F3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode%3D%2F&wgl=1&dt=1651040609828&bpp=5&bdt=595&idt=165&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&correlator=7964393289200&frm=20&pv=2&ga_vid=1064407330.1651040610&ga_sid=1651040610&ga_hid=125635978&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=65&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837&oid=2&pvsid=3415880737793137&pem=997&tmod=129019574&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=Hj6nZQEVGP&p=http%3A//www.kaiserpermanentelocations.com&dtd=181
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 27 Apr 2022 06:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 27 Apr 2022 06:23:30 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame FA48 0
0 88ms
29ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EN6BMNgFWp2DYgICAAAAuoOr-EuIFqsQYeFoYvCC3UMyufsI9EN1ABIAAA&wp=YmjhYgABO-8K4H-aAA6ME57rbjlcRldvDDMLvw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
server: Kestrel
server-processing-duration-in-ticks: 255803
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9758 132 KB
45 KB 202ms
126ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABO-8K4H-aAA6ME57rbjlcRldvDDMLvw&u=%7CW4pzINlo2GuF7svzcNRJpLoH7m89ODF8zxD2oCDZjAU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpNfsuV4bKOZdERZwsUOl74YTlNh2oC0QHbRnEZvUUilVUFkTWXPEuAGXOytnRATlVkzeJ9iV5sbducwlERXp6uAfnYBU3cXdAox5OHLnUXKbd6vaNdHdXzaKRlGjI2-nyYAG7K_RKHi43-vsUQy9-NY9Md4qTsbnsU9qgWpoUpRskb97z2-2wtq8zdUjNVWtiyfgYED6RK9GwhS8ryyNx-wlrqSIBOfYkgmOA9p0hLN2bsCeu3u8EUeE-cuovc-baX6qOysepO-Zch8-wZ_v9Fw2d4YZ6xuRLY-tqjAu3_iLVd6ud7JrXHbCCY-nApvgbMS37gAh5O-VzfW2gYQKVkFrQebkxMXCBHMAW0G3tC31iQDf8XELdQrbPasyw8GZPKOjBhikPRgFWH-U076q7Tr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvCk-YuFoYu_3BJr_gQeTmLqQB8me0rFc1Z2R93DAjbcBEAEgAGCVyvmBlAeCARdjYS1wdWItODM0Mjc0NjAxOTk2MjQyNaAB1bbS6gPIAQmpAo_aFuuE3LE-qAMBqgTNAk_Q158nOCNANch5mAhxuvw22Fdo2GW-jRUChqml9KmBiwmCViOlNadmnNOilioI1JWePxoR0lBC-H0JiteRA2Ah-izPVPLxvt4anX4uYDiYvt_W9FObgcY2rVqFtsAWYm3DzoOP-xjURCQ-wPfjX9d7kzUBBC8JEklsz8k38JzbUUtskI4wREuCwhxs87gLgy-OxX7x_UT4XBTDm6b8wtSRbela-d4UaIoeMM11jEw8AHxptK7L9K_yA_1r2JcfG_j128xfkX41S3I6rSJXTOlHJYQ-NCqI0zVo_QfNUOFO805Fz9C44gwICr1I9EcwJU-DJd-_B6zpadbvUqPjJpNmr_nicZcB5GuEkCma35w0ozxzeLSjBsqIfyQrTrcBAZRMkzy_f67fCdbAcsaKB8nZ2G6Ktn0_k1kTJZ6bXwafT7g-Y85fh9dRFZpJuYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2dGy89ANgeQj7eNiAk9-26PjP8Og%26client%3Dca-pub-8342746019962425%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44e6533fa16e8df6d04af08a9623d9533fff14683db25ee1d726e5e5368e7b43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 27 Apr 2022 06:23:29 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=faTUxhtdm6fFqte66h9GeETDBsMyNmj-s3thR6EbTU_qsXWBNXYQfB1ZkYD5kSoTQYSh7zUXzRjI80AI82OydfS4Fl6YEM74lmeUBLUM4QHRfLZGlSzQ3mVO3-PH6-GJ4GRGXxLo6z0BQc1KiWnZ3kF7qu8s5vTcc7O-vyQoHXwtoo5S0tSR-_v7kVgzZ-YKw-c7KGLyWokmjBjeyhhzQrpbMtrIULG0MYAN_VcEnXJ-wt8p7Zk1txhtZCanCbgxb2dK4Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 88368809
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/ 145 KB
51 KB 103ms
61ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d52bbfc994030136130e4ef8aa061776dc31cdb4af55171efb17e3867f464c04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52678
x-xss-protection: 0
server: cafe
etag: 5994904495940273187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Apr 2022 06:23:30 GMT

GET
DATA 200
OK truncated
/ Frame FA48 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f877a325a8cf6a12c8d2101b9761e5ea71f5967f13fd1cd01e39bd6b72d0e117

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 72ms
29ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.kaiserpermanentelocations.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 75ms
30ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.kaiserpermanentelocations.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/ Frame 6C02 10 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41728
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 26 Apr 2022 18:48:02 GMT
etag: 3347421328414474149
expires: Tue, 10 May 2022 18:48:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6C02 0
0 65ms
65ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CQ0vkYuFoYr_vBLSJx_AP1OqogALJntKxXPWdmPdwwI23ARABIABglcr5gZQHggEXY2EtcHViLTgzNDI3NDYwMTk5NjI0MjWgAdW20uoDyAEJqQI8k0UEytuxPqgDAaoEzQJP0K2RczBzICdlQojVZl_wmyuWG7VHHGVlHYEc-_PP4wOgSieLe82vWLvORZpODTU8kSqwtT68tbJ0hRhDMagxXhJaovxbAkVdg8gUQ6MazILtd5r8nPGb1qD7FqFaU4SqhGQwCE-Ob4KjnntUMM1wcMDlz3WSk_PYfCozHz_kK6Z87lBdev2msuY1pTjIIc-iBqIwZKwqKXkSaIQv74X2AIhJ4W1gpjK14Vzu89D8URNPB5e8cQ7l5XWxKTn2BKf4E-WZhMulc8KYOk7df0sNXrjXgdEZE2ExkNLXS27bX9re0S7vXScQBMnJg0b1SUfFJ_AUpRSl3IoG2wBlqkRiVryHUndLsf3hhY3PmELIX5Q67reL3VZkk7dyjAOcq9VN9Wqvf7GymWpSxKPdKapbKFk0JnekwGqpU7RFaNtNRy2V82CpOS9nejLtRnaABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTgzNDI3NDYwMTk5NjI0MjUYAA&sigh=TLG9WCXpewY&uach_m=[UACH]&cid=CAQSGwCNIrLMWQH_dDM99DPM-lTKraL_bo-iY4GnVBgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 27 Apr 2022 06:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 6C02 0
0 125ms
40ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RO0HfJ2DYgICAAAAo9mbjY1M1a8QYeFoYlA_lEy1y3OJxPyeABIAAA&wp=YmjhYgABN78IEcS0AAo1VBcTg-Lg8qDbK4TNSg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:29 GMT
server: Kestrel
server-processing-duration-in-ticks: 230946
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A760 176 KB
54 KB 162ms
162ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABN78IEcS0AAo1VBcTg-Lg8qDbK4TNSg&u=%7CW4pzINlo2GvRu46e%2Fd3pt2%2BOQTPpe39RLeL29%2FmgW4M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUIsqRqxN4CBxsEbVnYfgd0fCfGD1-hwqT5P_HASFyF3R4wky1NzvbCU9nVCmvjRXZfkp2fh4wNHToRjuwgrUz4nANoGbvp-Lrkf-Ql94b8grWB0ztZb4DMdWPzF2UBHGl2JxSzlqVzGYXbbO-9SkUQGWfgYgv8-lnzX05oUkvUJchEEZmOi7KWCkuszRp5x-M_OVNxqTY5cd4V3f29mvoJsXzJpDAykSUZR7nN0DKjBQV1eQHEi97fBNWYKhDldP1QIW2G86BLh96mA76sVeI0ZcJvgKcAFuBXf4rGx6hRAYqIjRugflyayjYt9pa9NPufNFo5BRjfxcOPYORPQez9d44rYTBufAHUF0GG6lwYFMyfVnrmgSNUZdZBVnvqgh_FB38eLBXcXkL2l5IlJWZy0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCg-I2YuFoYr_vBLSJx_AP1OqogALJntKxXPWdmPdwwI23ARABIABglcr5gZQHggEXY2EtcHViLTgzNDI3NDYwMTk5NjI0MjWgAdW20uoDyAEJqQI8k0UEytuxPqgDAaoE0AJP0K2RczBzICdlQojVZl_wmyuWG7VHHGVlHYEc-_PP4wOgSieLe82vWLvORZpODTU8kSqwtT68tbJ0hRhDMagxXhJaovxbAkVdg8gUQ6MazILtd5r8nPGb1qD7FqFaU4SqhGQwCE-Ob4KjnntUMM1wcMDlz3WSk_PYfCozHz_kK6Z87lBdev2msuY1pTjIIc-iBqIwZKwqKXkSaIQv74X2AIhJ4W1gpjK14Vzu89D8URNPB5e8cQ7l5XWxKTn2BKf4E-WZhMulc8KYOk7df0sNXrjXgdEZE2ExkNLXS27bX9re0S7vXScQBMnJg0b1SUfFJ_AUpRSl3IoG2wBlqkRiVryHUndLsf3hhY3PmELIX5Q67reL3VZkk7dyjAOcq9VN9Wqvf7Gy22hzViRStbnktE2X9koCOGO9WQJPRsPP8-WoVZIWJwN__5hpVclp6iCABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1kDWvuhiDj7qm3DOznfi97gcDi1A%26client%3Dca-pub-8342746019962425%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

155dc8d84eb5ff429e2f678fc35999b79223d282863952314376f70cca425c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 27 Apr 2022 06:23:30 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=Si7bkBtdm6fFqte6CD4itAquEdnVXerLRNtbHVx5nC3O7ljmQZb4jdJcuQtxgVFFKUyBB3LZax088OyluV_xjkDGFljqddyXD2_P_5a98GR-bhR9zKTgu3yN02sHk9MRT2fOz9FTDHEkkqJcC0cX6B7QlJIKLEEJWfFSus0cmkLPewghhJUUflEtFHpcsk8IiMiHsDyLw1GuXazVAfVF6DpnAyuN_Z5Xyr569vHZ08aK8FyS6dpBzqgWs3YUod-cplFQlw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 121446195
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 6C02 3 KB
1 KB 65ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:21:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 May 2022 06:21:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6C02 119 KB
36 KB 87ms
42ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36950
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1650454428054601"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Apr 2022 06:23:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/ Frame 6C02 15 KB
6 KB 64ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220425/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 05:29:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 567849196274905959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 May 2022 05:29:36 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9758 2 KB
1 KB 449ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABO-8K4H-aAA6ME57rbjlcRldvDDMLvw&u=%7CW4pzINlo2GuF7svzcNRJpLoH7m89ODF8zxD2oCDZjAU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpNfsuV4bKOZdERZwsUOl74YTlNh2oC0QHbRnEZvUUilVUFkTWXPEuAGXOytnRATlVkzeJ9iV5sbducwlERXp6uAfnYBU3cXdAox5OHLnUXKbd6vaNdHdXzaKRlGjI2-nyYAG7K_RKHi43-vsUQy9-NY9Md4qTsbnsU9qgWpoUpRskb97z2-2wtq8zdUjNVWtiyfgYED6RK9GwhS8ryyNx-wlrqSIBOfYkgmOA9p0hLN2bsCeu3u8EUeE-cuovc-baX6qOysepO-Zch8-wZ_v9Fw2d4YZ6xuRLY-tqjAu3_iLVd6ud7JrXHbCCY-nApvgbMS37gAh5O-VzfW2gYQKVkFrQebkxMXCBHMAW0G3tC31iQDf8XELdQrbPasyw8GZPKOjBhikPRgFWH-U076q7Tr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvCk-YuFoYu_3BJr_gQeTmLqQB8me0rFc1Z2R93DAjbcBEAEgAGCVyvmBlAeCARdjYS1wdWItODM0Mjc0NjAxOTk2MjQyNaAB1bbS6gPIAQmpAo_aFuuE3LE-qAMBqgTNAk_Q158nOCNANch5mAhxuvw22Fdo2GW-jRUChqml9KmBiwmCViOlNadmnNOilioI1JWePxoR0lBC-H0JiteRA2Ah-izPVPLxvt4anX4uYDiYvt_W9FObgcY2rVqFtsAWYm3DzoOP-xjURCQ-wPfjX9d7kzUBBC8JEklsz8k38JzbUUtskI4wREuCwhxs87gLgy-OxX7x_UT4XBTDm6b8wtSRbela-d4UaIoeMM11jEw8AHxptK7L9K_yA_1r2JcfG_j128xfkX41S3I6rSJXTOlHJYQ-NCqI0zVo_QfNUOFO805Fz9C44gwICr1I9EcwJU-DJd-_B6zpadbvUqPjJpNmr_nicZcB5GuEkCma35w0ozxzeLSjBsqIfyQrTrcBAZRMkzy_f67fCdbAcsaKB8nZ2G6Ktn0_k1kTJZ6bXwafT7g-Y85fh9dRFZpJuYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2dGy89ANgeQj7eNiAk9-26PjP8Og%26client%3Dca-pub-8342746019962425%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9758 2 KB
1 KB 448ms
29ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9758 308 B
636 B 463ms
45ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 9758 507 B
835 B 475ms
57ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 9758 0
688 B 321ms
247ms Image
text/plain 2600:9000:224a:3000:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1651040610
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABO-8K4H-aAA6ME57rbjlcRldvDDMLvw&u=%7CW4pzINlo2GuF7svzcNRJpLoH7m89ODF8zxD2oCDZjAU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpNfsuV4bKOZdERZwsUOl74YTlNh2oC0QHbRnEZvUUilVUFkTWXPEuAGXOytnRATlVkzeJ9iV5sbducwlERXp6uAfnYBU3cXdAox5OHLnUXKbd6vaNdHdXzaKRlGjI2-nyYAG7K_RKHi43-vsUQy9-NY9Md4qTsbnsU9qgWpoUpRskb97z2-2wtq8zdUjNVWtiyfgYED6RK9GwhS8ryyNx-wlrqSIBOfYkgmOA9p0hLN2bsCeu3u8EUeE-cuovc-baX6qOysepO-Zch8-wZ_v9Fw2d4YZ6xuRLY-tqjAu3_iLVd6ud7JrXHbCCY-nApvgbMS37gAh5O-VzfW2gYQKVkFrQebkxMXCBHMAW0G3tC31iQDf8XELdQrbPasyw8GZPKOjBhikPRgFWH-U076q7Tr&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvCk-YuFoYu_3BJr_gQeTmLqQB8me0rFc1Z2R93DAjbcBEAEgAGCVyvmBlAeCARdjYS1wdWItODM0Mjc0NjAxOTk2MjQyNaAB1bbS6gPIAQmpAo_aFuuE3LE-qAMBqgTNAk_Q158nOCNANch5mAhxuvw22Fdo2GW-jRUChqml9KmBiwmCViOlNadmnNOilioI1JWePxoR0lBC-H0JiteRA2Ah-izPVPLxvt4anX4uYDiYvt_W9FObgcY2rVqFtsAWYm3DzoOP-xjURCQ-wPfjX9d7kzUBBC8JEklsz8k38JzbUUtskI4wREuCwhxs87gLgy-OxX7x_UT4XBTDm6b8wtSRbela-d4UaIoeMM11jEw8AHxptK7L9K_yA_1r2JcfG_j128xfkX41S3I6rSJXTOlHJYQ-NCqI0zVo_QfNUOFO805Fz9C44gwICr1I9EcwJU-DJd-_B6zpadbvUqPjJpNmr_nicZcB5GuEkCma35w0ozxzeLSjBsqIfyQrTrcBAZRMkzy_f67fCdbAcsaKB8nZ2G6Ktn0_k1kTJZ6bXwafT7g-Y85fh9dRFZpJuYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2dGy89ANgeQj7eNiAk9-26PjP8Og%26client%3Dca-pub-8342746019962425%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:3000:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:30 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: Mu2A2Wz4RH7sAJsA4Vasmy0m_4xor5uhNzZbpqeObsFKau1bTjLEww==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 9758 43 B
348 B 101ms
34ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=SiOmtfdilEUGzUYjtvasR3GqREcPn993Z4e6FVf0G37Q-efZvaky1iVEQ9qmxq63eISUWu0orkIq6ywrYGof8NbQIWk6Msg0ZEDiyLvUV3jD3MZ4wz1Kz8vaDaSBXCnzsJJDKLeTMh26R5E6aZGlj5QZuwvC4u0Pu-11vcH0nxIO_67PXQtK5_Ft2fGUt8H5LczMC5Ze9HHMPw-J3xdgdeGwM5EqwXN59yBvY3T8CXJFN_W6NX3WG6w1hRi9EAA_1oedqgWiM5OuKxFY2iTnmR-KIN0mPtuIfiSKE4H7RcZIlxaSPUzFrzdYmCDoUP4Dz0756CtqrOujLxfmfA6OjpgpWBgzQCYCNQ3MB5hxObwOxjn9sylJI5UgDcU3Y5vahgE_qK3GLUX7Z6k5WwCBVta7J1Q5VPTJSExEvy3Bei2qXc5WhT7HqojKA41DemTytyrQ8A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:30 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4750172
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9758 12 KB
6 KB 433ms
57ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9758 7 KB
7 KB 200ms
52ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=256&s=Ztz4HcK_1CUe8izFWU-TMUXT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30839242
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7142
expires: Wed, 19 Apr 2023 04:50:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9758 4 KB
4 KB 175ms
27ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2Flogoflaschenpost-SE-135518DE-2203221217.gif%3Feb%3D1&v=3&w=400&s=kgt6QyZZbuRoH_dQatC3N10R&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f6c744cbc83d7f0b5d62c6951a13ca155b823fe1c3c724304804abb5d7a8f746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2104673
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3706
expires: Sat, 21 May 2022 15:01:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9758 2 KB
2 KB 199ms
51ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F3%2FlogoStepStone-GmbH-148733DE.gif%3Feb%3D1&v=3&w=400&s=wSPXg05NAm7YwFBXI_4Y57ix&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9b8ae796f30c05937ec5e849cea83f724110455de28d7619809a2b10ea5d803f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1573222
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1770
expires: Sun, 15 May 2022 11:23:52 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9758 0
128 B 90ms
32ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=faTUxhtdm6fFqte66h9GeETDBsMyNmj-s3thR6EbTU_qsXWBNXYQfB1ZkYD5kSoTQYSh7zUXzRjI80AI82OydfS4Fl6YEM74lmeUBLUM4QHRfLZGlSzQ3mVO3-PH6-GJ4GRGXxLo6z0BQc1KiWnZ3kF7qu8s5vTcc7O-vyQoHXwtoo5S0tSR-_v7kVgzZ-YKw-c7KGLyWokmjBjeyhhzQrpbMtrIULG0MYAN_VcEnXJ-wt8p7Zk1txhtZCanCbgxb2dK4Q&sds=2&rev=81237&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 27 Apr 2022 06:23:29 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9758 2 KB
1 KB 418ms
66ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9758 2 KB
1 KB 43ms
41ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
DATA 200
OK truncated
/ Frame 6C02 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09cbfff69cd6223beb479981538798a0390d673214cd1851a18423a829c1ccf9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A760 2 KB
1 KB 293ms
31ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABN78IEcS0AAo1VBcTg-Lg8qDbK4TNSg&u=%7CW4pzINlo2GvRu46e%2Fd3pt2%2BOQTPpe39RLeL29%2FmgW4M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUIsqRqxN4CBxsEbVnYfgd0fCfGD1-hwqT5P_HASFyF3R4wky1NzvbCU9nVCmvjRXZfkp2fh4wNHToRjuwgrUz4nANoGbvp-Lrkf-Ql94b8grWB0ztZb4DMdWPzF2UBHGl2JxSzlqVzGYXbbO-9SkUQGWfgYgv8-lnzX05oUkvUJchEEZmOi7KWCkuszRp5x-M_OVNxqTY5cd4V3f29mvoJsXzJpDAykSUZR7nN0DKjBQV1eQHEi97fBNWYKhDldP1QIW2G86BLh96mA76sVeI0ZcJvgKcAFuBXf4rGx6hRAYqIjRugflyayjYt9pa9NPufNFo5BRjfxcOPYORPQez9d44rYTBufAHUF0GG6lwYFMyfVnrmgSNUZdZBVnvqgh_FB38eLBXcXkL2l5IlJWZy0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCg-I2YuFoYr_vBLSJx_AP1OqogALJntKxXPWdmPdwwI23ARABIABglcr5gZQHggEXY2EtcHViLTgzNDI3NDYwMTk5NjI0MjWgAdW20uoDyAEJqQI8k0UEytuxPqgDAaoE0AJP0K2RczBzICdlQojVZl_wmyuWG7VHHGVlHYEc-_PP4wOgSieLe82vWLvORZpODTU8kSqwtT68tbJ0hRhDMagxXhJaovxbAkVdg8gUQ6MazILtd5r8nPGb1qD7FqFaU4SqhGQwCE-Ob4KjnntUMM1wcMDlz3WSk_PYfCozHz_kK6Z87lBdev2msuY1pTjIIc-iBqIwZKwqKXkSaIQv74X2AIhJ4W1gpjK14Vzu89D8URNPB5e8cQ7l5XWxKTn2BKf4E-WZhMulc8KYOk7df0sNXrjXgdEZE2ExkNLXS27bX9re0S7vXScQBMnJg0b1SUfFJ_AUpRSl3IoG2wBlqkRiVryHUndLsf3hhY3PmELIX5Q67reL3VZkk7dyjAOcq9VN9Wqvf7Gy22hzViRStbnktE2X9koCOGO9WQJPRsPP8-WoVZIWJwN__5hpVclp6iCABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1kDWvuhiDj7qm3DOznfi97gcDi1A%26client%3Dca-pub-8342746019962425%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A760 2 KB
1 KB 292ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A760 308 B
636 B 291ms
30ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame A760 507 B
836 B 289ms
29ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame A760 0
690 B 161ms
160ms Image
text/plain 2600:9000:224a:3000:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1651040610
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YmjhYgABN78IEcS0AAo1VBcTg-Lg8qDbK4TNSg&u=%7CW4pzINlo2GvRu46e%2Fd3pt2%2BOQTPpe39RLeL29%2FmgW4M%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUIsqRqxN4CBxsEbVnYfgd0fCfGD1-hwqT5P_HASFyF3R4wky1NzvbCU9nVCmvjRXZfkp2fh4wNHToRjuwgrUz4nANoGbvp-Lrkf-Ql94b8grWB0ztZb4DMdWPzF2UBHGl2JxSzlqVzGYXbbO-9SkUQGWfgYgv8-lnzX05oUkvUJchEEZmOi7KWCkuszRp5x-M_OVNxqTY5cd4V3f29mvoJsXzJpDAykSUZR7nN0DKjBQV1eQHEi97fBNWYKhDldP1QIW2G86BLh96mA76sVeI0ZcJvgKcAFuBXf4rGx6hRAYqIjRugflyayjYt9pa9NPufNFo5BRjfxcOPYORPQez9d44rYTBufAHUF0GG6lwYFMyfVnrmgSNUZdZBVnvqgh_FB38eLBXcXkL2l5IlJWZy0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCg-I2YuFoYr_vBLSJx_AP1OqogALJntKxXPWdmPdwwI23ARABIABglcr5gZQHggEXY2EtcHViLTgzNDI3NDYwMTk5NjI0MjWgAdW20uoDyAEJqQI8k0UEytuxPqgDAaoE0AJP0K2RczBzICdlQojVZl_wmyuWG7VHHGVlHYEc-_PP4wOgSieLe82vWLvORZpODTU8kSqwtT68tbJ0hRhDMagxXhJaovxbAkVdg8gUQ6MazILtd5r8nPGb1qD7FqFaU4SqhGQwCE-Ob4KjnntUMM1wcMDlz3WSk_PYfCozHz_kK6Z87lBdev2msuY1pTjIIc-iBqIwZKwqKXkSaIQv74X2AIhJ4W1gpjK14Vzu89D8URNPB5e8cQ7l5XWxKTn2BKf4E-WZhMulc8KYOk7df0sNXrjXgdEZE2ExkNLXS27bX9re0S7vXScQBMnJg0b1SUfFJ_AUpRSl3IoG2wBlqkRiVryHUndLsf3hhY3PmELIX5Q67reL3VZkk7dyjAOcq9VN9Wqvf7Gy22hzViRStbnktE2X9koCOGO9WQJPRsPP8-WoVZIWJwN__5hpVclp6iCABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1kDWvuhiDj7qm3DOznfi97gcDi1A%26client%3Dca-pub-8342746019962425%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:3000:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:30 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: hdb9wYyZn3_TcE7wDNnLgrGq58YxIrTI17h0A_uBOkMFwXWx5DzeNA==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame A760 43 B
347 B 33ms
33ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Qi5tFvEQXosB4o_DSZQa_qdMyZ6Mn84N6-wLLs9TWOZO5RB3f8ClnRfScOgqwzf3M3G8XsQY42WqQzPjgpWOhFEfzqXcUEl_QHdFP3LBscm7BJJqZLIpI9QK9JsvAVEP6hMaFIPfi9qJo4MGbiUq8BERgVnll7EHdB0rtHyfhMki0Pd-1d6EerPNHFL9iBCdPbeORQb7H-1jnI_OsS1mUJwOZFQlX56kYmv1V5JqaDNG1OM5yR0FhRnsbzS_RpgUsqR7VIRyrPwn8UXQcjYN6n0BcIKOjAR0nmSh63QaEL4gVk-XTADdRJfOwQLmmOOohjmOrmQEmNTMGg21juR157lrmEy5h-S20x4xzGWFjlGr1EtEzF3Tq4BMCiyV_rFo9TLICOZJ1IG3VY_trv0fp5QFcTuNSjPYKBbL8ChW0Pcsd80JTW94is4IFv-4vPbeEwovtw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:30 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3226434
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame A760 12 KB
6 KB 288ms
45ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 4 KB
4 KB 43ms
42ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f6c744cbc83d7f0b5d62c6951a13ca155b823fe1c3c724304804abb5d7a8f746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2104673
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3706
expires: Sat, 21 May 2022 15:01:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 2 KB
2 KB 32ms
32ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9b8ae796f30c05937ec5e849cea83f724110455de28d7619809a2b10ea5d803f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1573222
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1770
expires: Sun, 15 May 2022 11:23:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 5 KB
5 KB 30ms
27ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=244&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=196&s=P1mM87GxKeNVtHqDGH1gb7rz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

080069b2dce01872cbc2bfcc0b6a2cd9b9a5b9fbb22fc1683ece0cea17aac96f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30839242
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5106
expires: Wed, 19 Apr 2023 04:50:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 2 KB
2 KB 39ms
38ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FM%2FlogoManufactum-GmbH-Co-KG-43425DE.gif%3Feb%3D1&v=3&w=400&s=Rf6K_Qe71oUg535e-IJnQftN&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

62f35aeb4867d96490091063e88447731b64282ef52e137e24e5dc433ef2e43e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1576
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 2 KB
3 KB 29ms
27ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoRheinmetall-Protection-Systems-GmbH-126462DE-2106231731.gif%3Feb%3D1&v=3&w=400&s=zL-4hkuvRA011Cb17PPrYtQA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=753413
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2446
expires: Thu, 05 May 2022 23:40:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 3 KB
3 KB 37ms
35ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F4%2FlogoBruggen-SWAP-Service-GmbH-160503DE-2003271319.gif%3Feb%3D1&v=3&w=400&s=EvLPQcf435HA-64JSQFkc_CP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

342a3626821b12c1fd2f486823ccf5aaa63267c53f431090aa82a0c4b41c47a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:29 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2582983
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2770
expires: Fri, 27 May 2022 03:53:13 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 3 KB
3 KB 35ms
34ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2Flogo3C-Deutschland-GmbH-76834DE-2010091659.gif%3Feb%3D1&v=3&w=400&s=fHT7pVDUIw8hm0PP_k1SUwt-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bf5a3fc0e0ace535ffeac514b856b998dc5f7bba5d15cc4e4177dc38a8cf82f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2909
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 2 KB
2 KB 37ms
36ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FK%2FlogoK-Mail-Order-GmbH-Co-KG-39632DE.gif%3Feb%3D1&v=3&w=400&s=GPYFrAheYb6j8FYo-fNcmjcl&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

16683060260dcc3292b4f7413f950479712851231421766e8161df8567552bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1574755
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2064
expires: Sun, 15 May 2022 11:49:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 2 KB
2 KB 36ms
35ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F4%2FlogoKETTLER-Alu-Rad-GmbH-214588DE.gif%3Feb%3D1&v=3&w=400&s=n2tNaohBIvoGDd_w4AS9zSPs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

09f98d97f74df9d75aa4363f3e58c2ef785012af2de874db3fee91e364605d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2180467
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2222
expires: Sun, 22 May 2022 12:04:38 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A760 0
127 B 28ms
28ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=Si7bkBtdm6fFqte6CD4itAquEdnVXerLRNtbHVx5nC3O7ljmQZb4jdJcuQtxgVFFKUyBB3LZax088OyluV_xjkDGFljqddyXD2_P_5a98GR-bhR9zKTgu3yN02sHk9MRT2fOz9FTDHEkkqJcC0cX6B7QlJIKLEEJWfFSus0cmkLPewghhJUUflEtFHpcsk8IiMiHsDyLw1GuXazVAfVF6DpnAyuN_Z5Xyr569vHZ08aK8FyS6dpBzqgWs3YUod-cplFQlw&sds=2&rev=81237&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A760 2 KB
1 KB 235ms
56ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A760 2 KB
1 KB 34ms
32ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Apr 2023 06:23:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9758 4 KB
4 KB 28ms
27ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f6c744cbc83d7f0b5d62c6951a13ca155b823fe1c3c724304804abb5d7a8f746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2104673
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3706
expires: Sat, 21 May 2022 15:01:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A760 4 KB
4 KB 28ms
28ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f6c744cbc83d7f0b5d62c6951a13ca155b823fe1c3c724304804abb5d7a8f746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2104673
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3706
expires: Sat, 21 May 2022 15:01:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6C02 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=bdt.716,req.72,bpp.1,fb.480,e2e.1001,fs.457,reqs.458,ress.480,rese.480&srt=23&e=&id=csi_pagead&gqid=YuFoYvaqBLmNjuwP4umRwA0&qqid=CL-oy8jNs_cCFbTEEQgdVDUKIA&rt=lb.135,ol.521

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 81ms
37ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220425&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccdae89e5389d9d6d42d3a5342dd6629188be23a7073d17a631f7fc59b632867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Apr 2022 06:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10475
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Apr 2022 06:23:31 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0F86 13 KB
5 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 36999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Apr 2022 20:06:52 GMT
expires: Wed, 26 Apr 2023 20:06:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 91E4 783 B
1 KB 91ms
32ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d3bcd3f5c5bdcb661545cd385e578754fc29b867bbc278e9a7133fcb3e3f596c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-L38sVu7Zh0iFnreGk7M1BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.kaiserpermanentelocations.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-L38sVu7Zh0iFnreGk7M1BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 27 Apr 2022 06:23:31 GMT
expires: Wed, 27 Apr 2022 06:23:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0F86 35 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LOnNfct_OK6AKwq7GByGz0_K8O7BrCXN6Fs6Py5gnPc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 19:41:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13636
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 19:41:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 91E4 0
0 60ms
60ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220425&jk=3415880737793137&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0F86 0
9 B 20ms
20ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XlLqyw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 06:23:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FA48 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssdrB9vdIPV5BQPdQJLrMlsN3f0l4fn80yJXIdeaNicpeGacuZujBRrhgPpsUggvhgKHmMVIsfep_tJpRRsGId_&sig=Cg0ArKJSzF6EpXQPRcCZEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2071212552&rs=2&la=0&cr=0&vs=4&r=v&rst=1651040610011&rpt=380&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9758 0
127 B 28ms
28ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 27 Apr 2022 06:23:30 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 72ms
72ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220425&jk=3415880737793137&bg=!3N-l35vNAAYXWUUuN1k7ACkAdvg8WkGGA9lGFYXNUOdIXJM8T_e5wUu68LUHwJ4y774BlJU9dV_0fAIAAABYUgAAAAFoAQeZAqvM-tIH04DW17VDdYZr2yc1-y9tzRVluLtnOrSuKEJXHC2tQ034c20TcF7AML8zeaNIBjS4KH5sQjonzFavTPMM7ItLTpjG44c4YWDhKwLqasXR9Zrypztjxg-ZuXPLyezzcakZ9nB5LUopQVyp1HXgjbEJaBhnjHbDfieKVvhNmIjHicEP6ODu0UGEx0mWQMGmivjc5vmTc2fTfW2r5ymhZ3aT7qQL4xfLvN7zQA8W1GQtQ6ENeVR7pCzbT0p1ZuZCdcstkNlmVtymdUzE-ShdN7DUDIDIYx2ZajB3iEmxgb9FrLo8XwQmfRpTy5UJaXpny79d_8IN6KXCpAz3ogvBNVc0Ysp_TmmZXzn9E-ULphNr_PmnhKGoK-1hdKsg2xtK-g50By9Z8_EToS9JhnNezR205nusuHHk952IpJlGbqq5DRThm4VQh-gPgEsQQ-hNc4vjNqLaKRTP1o_y9Dn3gUWCUgoWLmJw3VrG9FlEwETBR5m1xcQx5vZf8nkjiU5kqKM7vn9MgND6dWP94Yy_px8FkoWeedBKnLOwfMihrSb62LlX5cKA-FAF45uXttDg-6p5-siQM4ZRbTdSS-A-DjsbtUyldpTC2fQXzv_6wJ7LV3zWE8xYdwu_D0KmZaFtbjUhMHerVhjgOg06PiB0aD0weB27zIKv-TzY9iiYMqAB4kpWT-reSpbJr9EFjr8iFTwZ5pAJMjP0X6z4ot0mju1ATt7EYg7Y51OmDPiCk_Li89Gwu_lyReu7zVPQ-V9sppry2AUBaXzGsnn8Alw0dBzNaN9DqBVkIx__K24kMbEzANgruaVmeAXu5e7T639wntOkDl2gQJeuvW0vkAZUWbZOeNKSXLzFkvWVAqnWO5LhA_v-bCLJAenA1r94wHh0hZTjwX39dD4_PQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.kaiserpermanentelocations.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6C02 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvq39c8MAnLWXii3f6CVo875Sazst-GeJsHBqwhv1jsgSpPX7vtPtwC2F07vAaxKOX0l3ZNga3ROVX6OAuKSurN&sig=Cg0ArKJSzMrZ-oBPduZ1EAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=83,766,1000,1069,1239&tos=83,683,234,69,170&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1651040610407&rpt=153&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Apr 2022 06:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A760 0
127 B 28ms
28ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 27 Apr 2022 06:23:31 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.kaiserpermanentelocations.com/	1970-01-20 11:58:56	Name: __gads Value: ID=9e951ee24b6bc440-2214ad7885cd002e:T=1651040610:RT=1651040610:S=ALNI_MbI6_kPKMtVwkL-ag1RKaZls-jCaQ
			.doubleclick.net/	1970-01-20 11:58:56	Name: IDE Value: AHWqTUn6kqMz5N-XepDLAks--7nnRC6NoyTzsKE3InsYMenuuB3lxncITHmiESJrGpE

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://www.kaiserpermanentelocations.com/paypal-account-update-information/3e7cc91cadf27c288d621dd3f30c427cntzjmjaznwi2zdawywjhy2zmoty4oti1ntm1nwnhode=/ Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.nl.eu.criteo.com
connect.facebook.net
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
kaiserpermanentelocations.com
netdna.bootstrapcdn.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
secure-gl.imrworldwide.com
static.criteo.net
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.kaiserpermanentelocations.com
178.250.2.135
178.250.2.148
178.250.2.150
2600:9000:224a:3000:1e:a43d:b640:93a1
2606:4700::6812:bcf
2a00:1450:4001:800::2002
2a00:1450:4001:802::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::2003
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2001
2a02:2638:1::2
2a02:2638:1::4
2a02:2638::2
2a02:2638::3
2a03:2880:f01c:8012:face:b00c:0:3
35.208.134.119
002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
080069b2dce01872cbc2bfcc0b6a2cd9b9a5b9fbb22fc1683ece0cea17aac96f
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09cbfff69cd6223beb479981538798a0390d673214cd1851a18423a829c1ccf9
09f98d97f74df9d75aa4363f3e58c2ef785012af2de874db3fee91e364605d7a
155dc8d84eb5ff429e2f678fc35999b79223d282863952314376f70cca425c36
16683060260dcc3292b4f7413f950479712851231421766e8161df8567552bb4
1fa3a233c0d1463154194787dbd62596c21bb054017aba903f4e77d79c0123d5
2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408
2ce9cd7dcb7f38ae802b0abb181c86cf4fcaf0eec1ac25cde85b3a3f2e609cf7
2f719d34d3d7420ad540758d502a29633213bceaa985ea2df545aa60dc7e8758
342a3626821b12c1fd2f486823ccf5aaa63267c53f431090aa82a0c4b41c47a3
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3d3cd49bbbbe8b127db11882604a518a28d4b1098336c4a2127fcd4d18b5f840
43129e24843ed34d7db730d6af882636ded271d94b02c73c236b79f83327e2f9
44e6533fa16e8df6d04af08a9623d9533fff14683db25ee1d726e5e5368e7b43
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f35aeb4867d96490091063e88447731b64282ef52e137e24e5dc433ef2e43e
68f7e8b2ebda976f723aff03aa0e2bf1bfff02a35fba1ed5be105422ccc88da1
70a10d0600f55beebf3cd07d87f1d616a5cd7e05d48dcd816e580a3892e28b2f
72d8b09dae7ff253fce35b60f8c13a803ff0070f5f8e9464008221c45c818cff
7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8e17416059f9e1ada9694ae457d869c6c2941d9da66c9e9ac5d725ab45b50d81
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9b8ae796f30c05937ec5e849cea83f724110455de28d7619809a2b10ea5d803f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a9e299c72caf5bfc046edecb24e85e56e659367e9f4a16b1eb47511442a42734
b6d92a053ef7ca8cd4e069068ff424f220030a115f0bd100397c7f427fc0207b
b7dd4071d21075304c51afd2c6a3a666ed026417bedd5864ae086ee8bbd4e18e
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
bf5a3fc0e0ace535ffeac514b856b998dc5f7bba5d15cc4e4177dc38a8cf82f4
c12cd044316a5022a293f9e4e35588d06cf5f7cda832c145f039d4a316ab2f9b
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c694b243d9570a72f687bc2ef988770bac07c3d3b3ef1c98cc382e79333f1a6e
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
c9955557c047d44a9e3b361768b0c4015db5bb49ccc8c6513aa6e40ce0f1b3a3
cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851
ccdae89e5389d9d6d42d3a5342dd6629188be23a7073d17a631f7fc59b632867
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
d3bcd3f5c5bdcb661545cd385e578754fc29b867bbc278e9a7133fcb3e3f596c
d52bbfc994030136130e4ef8aa061776dc31cdb4af55171efb17e3867f464c04
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7efbcec2efa43d1352f6e0f2ca328a549f008753e94ee19f3c9b7bcf62cb9c5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
f5674f004d22f6f785ad04e3d94fdff487c9d20e7d39ec7088a9d493a1534b43
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6c744cbc83d7f0b5d62c6951a13ca155b823fe1c3c724304804abb5d7a8f746
f877a325a8cf6a12c8d2101b9761e5ea71f5967f13fd1cd01e39bd6b72d0e117

www.kaiserpermanentelocations.com Open in urlscan Pro 35.208.134.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

92 Requests

78 %HTTPS

81 %IPv6

14 Domains

22 Subdomains

22 IPs

3 Countries

1014 kBTransfer

2601 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.kaiserpermanentelocations.com Open in urlscan Pro
35.208.134.119 Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

78 %
HTTPS

81 %
IPv6

14
Domains

22
Subdomains

22
IPs

3
Countries

1014 kB
Transfer

2601 kB
Size

2
Cookies

92 HTTP transactions
2 data transactions