observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://observer.com/
Effective URL:
https://observer.com/
Submission Tags: tranco_l324
Submission: On October 27 via api (October 27th 2021, 3:14:06 am UTC) from DE — Scanned from DE

Summary HTTP 180 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 57 IPs in 3 countries across 61 domains to perform 180 HTTP transactions. The main IP is 192.0.66.160, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is observer.com.
TLS certificate: Issued by R3 on September 25th 2021. Valid for: 3 months.

This is the only time observer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	192.0.66.160 192.0.66.160	2635 (AUTOMATTIC) (AUTOMATTIC)
2	172.217.23.104 172.217.23.104	15169 (GOOGLE) (GOOGLE)
1	99.84.156.2 99.84.156.2	16509 (AMAZON-02) (AMAZON-02)
1	99.84.159.109 99.84.159.109	16509 (AMAZON-02) (AMAZON-02)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
7	142.250.186.78 142.250.186.78	15169 (GOOGLE) (GOOGLE)
2	75.2.40.13 75.2.40.13	16509 (AMAZON-02) (AMAZON-02)
1	34.231.207.29 34.231.207.29	14618 (AMAZON-AES) (AMAZON-AES)
3	2.18.234.163 2.18.234.163	16625 (AKAMAI-AS) (AKAMAI-AS)
7	54.146.124.230 54.146.124.230	14618 (AMAZON-AES) (AMAZON-AES)
1 3	91.228.74.198 91.228.74.198	16509 (AMAZON-02) (AMAZON-02)
2	157.240.20.19 157.240.20.19	32934 (FACEBOOK) (FACEBOOK)
1 3	99.84.156.73 99.84.156.73	16509 (AMAZON-02) (AMAZON-02)
1	99.84.156.80 99.84.156.80	16509 (AMAZON-02) (AMAZON-02)
1	74.125.133.155 74.125.133.155	15169 (GOOGLE) (GOOGLE)
2	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2.16.107.122 2.16.107.122	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
2	157.240.20.35 157.240.20.35	32934 (FACEBOOK) (FACEBOOK)
6	104.16.148.64 104.16.148.64	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.150.54 104.19.150.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.156.67 99.84.156.67	() ()
1	99.84.156.173 99.84.156.173	() ()
1	104.20.185.68 104.20.185.68	() ()
1	23.22.200.199 23.22.200.199	() ()
1	35.241.9.51 35.241.9.51	() ()
2 3	185.33.221.91 185.33.221.91	() ()
5	34.107.254.252 34.107.254.252	() ()
3	99.84.152.64 99.84.152.64	() ()
6	142.250.184.194 142.250.184.194	() ()
1	52.216.179.27 52.216.179.27	() ()
1	142.250.185.130 142.250.185.130	() ()
2	142.250.186.65 142.250.186.65	() ()
4	34.98.72.95 34.98.72.95	() ()
1	216.58.212.162 216.58.212.162	() ()
1	34.120.253.250 34.120.253.250	() ()
4	172.217.16.130 172.217.16.130	() ()
2	142.250.184.193 142.250.184.193	() ()
4	34.117.4.53 34.117.4.53	() ()
2	2.18.233.180 2.18.233.180	() ()
1	198.47.127.19 198.47.127.19	() ()
3 4	37.157.6.241 37.157.6.241	() ()
2 2	213.155.156.182 213.155.156.182	() ()
7	185.64.190.80 185.64.190.80	() ()
1	178.250.0.163 178.250.0.163	() ()
1 1	85.114.159.93 85.114.159.93	() ()
9	185.64.189.110 185.64.189.110	() ()
3 3	52.16.214.249 52.16.214.249	() ()
4 4	172.217.23.98 172.217.23.98	() ()
1	185.86.137.131 185.86.137.131	() ()
1 1	162.55.6.210 162.55.6.210	() ()
3 3	213.19.147.45 213.19.147.45	() ()
4 4	3.33.220.150 3.33.220.150	() ()
1	104.26.11.209 104.26.11.209	() ()
1 1	87.98.242.60 87.98.242.60	() ()
1	173.231.180.197 173.231.180.197	() ()
1 2	104.18.13.5 104.18.13.5	() ()
1	38.91.45.7 38.91.45.7	() ()
1 2	151.101.129.44 151.101.129.44	() ()
2 2	185.29.132.245 185.29.132.245	() ()
2	198.47.127.20 198.47.127.20	() ()
1	159.253.128.183 159.253.128.183	() ()
2 2	18.156.0.31 18.156.0.31	() ()
1	212.82.100.176 212.82.100.176	() ()
2 2	151.101.2.49 151.101.2.49	() ()
1	89.207.16.201 89.207.16.201	() ()
1 1	46.228.164.11 46.228.164.11	() ()
2 2	66.155.71.150 66.155.71.150	() ()
1 1	34.98.107.212 34.98.107.212	() ()
1 1	185.33.220.243 185.33.220.243	() ()
1	34.254.122.11 34.254.122.11	() ()
180	57

50 192.0.66.160 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

observer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.104 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.156.2 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-2.txl52.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.159.109 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-159-109.txl52.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.40.13 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.231.207.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-207-29.compute-1.amazonaws.com

srv-2021-10-27-03.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.234.163 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-163.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.146.124.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-124-230.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.228.74.198 (United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.19 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.84.156.73 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-73.txl52.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.156.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-80.txl52.r.cloudfront.net

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-jsonp.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.107.122 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-107-122.deploy.static.akamaitechnologies.com

ntvcld-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.35 (United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-frt3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.148.64 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.150.54 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.156.67 (None, )

ASN- ()

htlbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.156.173 (None, )

ASN- ()

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.185.68 (None, )

ASN- ()

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.22.200.199 (None, )

ASN- ()

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (None, )

ASN- ()

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.91 (None, ) 2 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.107.254.252 (None, )

ASN- ()

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.84.152.64 (None, )

ASN- ()

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.194 (None, )

ASN- ()

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.179.27 (None, )

ASN- ()

ams-pageview-public.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (None, )

ASN- ()

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.65 (None, )

ASN- ()

e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.72.95 (None, )

ASN- ()

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (None, )

ASN- ()

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.130 (None, )

ASN- ()

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.193 (None, )

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.117.4.53 (None, )

ASN- ()

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dfp.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.241 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.182 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.190.80 (None, )

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.64.189.110 (None, )

ASN- ()

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.16.214.249 (None, ) 3 redirects

ASN- ()

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.98 (None, ) 4 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.131 (None, )

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.210 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.33.220.150 (None, ) 4 redirects

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.11.209 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.242.60 (None, ) 1 redirects

ASN- ()

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.13.5 (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.91.45.7 (None, )

ASN- ()

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (None, ) 1 redirects

ASN- ()

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.245 (None, ) 2 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (None, )

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.183 (None, )

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.176 (None, )

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.207.16.201 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (None, ) 2 redirects

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (None, ) 1 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.243 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.122.11 (None, )

ASN- ()

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	observer.com observer.com	549 KB
21	pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com	30 KB
11	doubleclick.net 4 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	177 KB
8	googlesyndication.com e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	37 KB
7	permutive.com cdn.permutive.com api.permutive.com	82 KB
7	postrelease.com jadserve.postrelease.com	7 KB
7	google-analytics.com www.google-analytics.com	74 KB
6	bounceexchange.com assets.bounceexchange.com tag.bounceexchange.com api.bounceexchange.com	167 KB
6	cookielaw.org cdn.cookielaw.org	114 KB
4	adsrvr.org 4 redirects match.adsrvr.org	2 KB
4	adform.net 3 redirects c1.adform.net	2 KB
4	adnxs.com 3 redirects ib.adnxs.com secure.adnxs.com	4 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
3	bidr.io 3 redirects match.prod.bidr.io	2 KB
3	bouncex.net dfp.bouncex.net events.bouncex.net	456 B
3	amazon-adsystem.com c.amazon-adsystem.com	39 KB
3	google.com www.google.com adservice.google.com	1 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	11 KB
3	ntv.io s.ntv.io	116 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	746 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	580 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	de17a.com 2 redirects d5p.de17a.com	634 B
2	facebook.com www.facebook.com	331 B
2	akamaihd.net ntvcld-a.akamaihd.net	91 KB
2	moatads.com z.moatads.com s-jsonp.moatads.com	55 KB
2	facebook.net connect.facebook.net	113 KB
2	sail-personalize.com api.sail-personalize.com	474 B
2	wp.com stats.wp.com pixel.wp.com	3 KB
2	parsely.com cdn.parsely.com srv-2021-10-27-03.pixel.parsely.com	19 KB
2	googletagmanager.com www.googletagmanager.com	113 KB
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	simpli.fi um.simpli.fi	610 B
1	turn.com d.turn.com Failed ad.turn.com	518 B
1	deepintent.com match.deepintent.com	44 B
1	adgrx.com cm.adgrx.com	408 B
1	erne.co 1 redirects green.erne.co	325 B
1	ad4m.at ad4m.at	915 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	535 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	smartadserver.com rtb-csync.smartadserver.com	163 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	criteo.com dis.criteo.com	334 B
1	googletagservices.com www.googletagservices.com	37 KB
1	amazonaws.com ams-pageview-public.s3.amazonaws.com	448 B
1	prmutv.co 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	453 B
1	chartbeat.net ping.chartbeat.net	201 B
1	onetrust.com geolocation.onetrust.com	398 B
1	chartbeat.com static.chartbeat.com	14 KB
1	htlbid.com htlbid.com	103 KB
1	quantcount.com rules.quantcount.com	428 B
1	sail-horizon.com ak.sail-horizon.com	43 KB
0	bidtheatre.com Failed match.adsby.bidtheatre.com Failed
0	clientgear.com Failed event.clientgear.com Failed
0	behave.com Failed ssp.behave.com Failed
180	61

	Domain	Requested by
50	observer.com	observer.com
9	simage2.pubmatic.com	ads.pubmatic.com
7	image2.pubmatic.com	ads.pubmatic.com
7	jadserve.postrelease.com	s.ntv.io
7	www.google-analytics.com	observer.com www.googletagmanager.com www.google-analytics.com
6	securepubads.g.doubleclick.net	htlbid.com securepubads.g.doubleclick.net observer.com www.googletagservices.com
6	cdn.cookielaw.org	observer.com cdn.cookielaw.org
5	api.permutive.com	cdn.permutive.com
4	match.adsrvr.org	4 redirects
4	cm.g.doubleclick.net	4 redirects
4	c1.adform.net	3 redirects ads.pubmatic.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	assets.bounceexchange.com	securepubads.g.doubleclick.net tag.bounceexchange.com assets.bounceexchange.com
3	match.prod.bidr.io	3 redirects
3	c.amazon-adsystem.com	htlbid.com c.amazon-adsystem.com
3	ib.adnxs.com	2 redirects cdn.permutive.com
3	sb.scorecardresearch.com	1 redirects observer.com
3	s.ntv.io	observer.com s.ntv.io
2	pixel-sync.sitescout.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	sync.mathtag.com	2 redirects
2	sync.1rx.io	2 redirects
2	d5p.de17a.com	2 redirects
2	events.bouncex.net
2	ads.pubmatic.com	assets.bounceexchange.com ads.pubmatic.com
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cdn.permutive.com	observer.com cdn.permutive.com
2	www.facebook.com
2	pixel.quantserve.com	1 redirects
2	www.google.com	tpc.googlesyndication.com
2	ntvcld-a.akamaihd.net
2	connect.facebook.net	observer.com connect.facebook.net
2	api.sail-personalize.com	ak.sail-horizon.com
2	www.googletagmanager.com	observer.com
1	rtb.gumgum.com	ads.pubmatic.com
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	ad.turn.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	match.deepintent.com	ads.pubmatic.com
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	cm.adgrx.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	ad4m.at	ads.pubmatic.com
1	sync.targeting.unrulymedia.com	1 redirects
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	ads.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	dfp.bouncex.net	observer.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	tag.bounceexchange.com	assets.bounceexchange.com
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	ams-pageview-public.s3.amazonaws.com
1	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	cdn.permutive.com
1	ping.chartbeat.net
1	geolocation.onetrust.com	cdn.cookielaw.org
1	static.chartbeat.com	observer.com
1	htlbid.com	observer.com
1	s-jsonp.moatads.com	observer.com
1	z.moatads.com	s.ntv.io
1	stats.g.doubleclick.net	www.google-analytics.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	www.googletagmanager.com
1	pixel.wp.com	observer.com
1	srv-2021-10-27-03.pixel.parsely.com	observer.com
1	stats.wp.com	observer.com
1	cdn.parsely.com	observer.com
1	ak.sail-horizon.com	observer.com
0	match.adsby.bidtheatre.com Failed	ads.pubmatic.com
0	event.clientgear.com Failed	ads.pubmatic.com
0	d.turn.com Failed	ads.pubmatic.com
0	ssp.behave.com Failed
180	83

This site contains links to these domains. Also see Links.

Domain
businessofart.observer.com
artobserved.observer.com
flashfinance2021.com
partners.thepennyhoarder.com
observermedia.com
www.facebook.com
twitter.com
www.linkedin.com
instagram.com
privacyportal.onetrust.com
wpvip.com
onetrust.com

Subject Issuer	Validity	Valid
observer.com R3	`2021-09-25` - `2021-12-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
ak.sail-horizon.com Amazon	`2021-01-07` - `2022-02-04`	a year	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
api.sail-personalize.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.pixel.parsely.com R3	`2021-09-24` - `2021-12-23`	3 months	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2021-01-25` - `2022-02-01`	a year	crt.sh
*.postrelease.com Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-05` - `2021-11-03`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
a248.e.akamai.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2021-03-02` - `2022-03-01`	a year	crt.sh
htlbid.com Amazon	`2020-12-21` - `2022-01-19`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.prmutv.co R3	`2021-10-25` - `2022-01-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
api.permutive.com R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2021-10-25` - `2022-01-23`	3 months	crt.sh
tag.bounceexchange.com R3	`2021-09-24` - `2021-12-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.wunderkind.co R3	`2021-10-15` - `2022-01-13`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://observer.com/
Frame ID: 4B41D2F62773A53D9A44398624880F86
Requests: 138 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: AC05594EF61DD15DE020142723E7AA2E
Requests: 1 HTTP requests in this frame

Frame: https://e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C6E55392CC3AA32308123AED096B53D9
Requests: 1 HTTP requests in this frame

Frame: https://e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CFCC17B6AB03433F21AB24A19751B557
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: ED5AF02E63905355327C138C55217981
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Frame ID: 0F3DDCE35C094C09580DEF3A1E00D00F
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 7D3A48A10513C00AB1AFB7C09E989AF1
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A7A6A2BE55822C1471DD0C919A2B60D1
Requests: 2 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50
Frame ID: 74AE422C160E95FAF4FF751F357B7C79
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543
Frame ID: 85C7419DC94D9779EC01F2160B370CE2
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: E5AFE5B3186E735E6B52450123F56119
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796
Frame ID: 26032A581EB421DEDA4D851A0B180340
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH0jk7C8YgAADT5Gy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Frame ID: 9B1303011B79C1B99306211BB126720D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 4BCD9677053E9AB35A72C5E8F8CD2486
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003
Frame ID: C29F820775DBE8F7BACC52E21AD7B8D6
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 91792F6A13E911799EA935DBCB93336A
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi
Frame ID: 8C4B5800D72EB9ECBB9AF4BCBD6F58FB
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: D60DD7E45021E23F692310A2FEBC904D
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 76F9A531FA06363373EEF9ADC27F9263
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 6E1F43073BC4F3288012AB45ABABE696
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: EFF398AE184750E9D107122DB984D8BC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Latest News and Trends | ObserverBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Bounce Exchange (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

^https?://tag\.bounceexchange\.com/

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js
googletagmanager\.com/gtm\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

180
Requests

96 %
HTTPS

0 %
IPv6

61
Domains

83
Subdomains

57
IPs

3
Countries

2007 kB
Transfer

5945 kB
Size

23
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://businessofart.observer.com/
Title: Events

Search URL Search Domain Scan URL

URL: https://artobserved.observer.com/home
Title: Events

Search URL Search Domain Scan URL

URL: https://flashfinance2021.com/augen-nc/index.html?ad_id=456441&adcampaign_id=169634&publication_id=13782&device=desktop&content_id=368426&headline_id=1598009&cpid=655af0b6-54e1-4d63-8482-4228af4dcd36&ntv_a=-fYGAND5PA96kQA&prx_ro=s&ntv_acpl=1092087&ntv_acsc=2&ntv_gsscm=848*5;835*10;644*7;837*5;839*5;680*5;648*6;698*6;619*6;&ntv_cr=0&ntv_fr
Title: Sponsored Content China's Newest Coin Has Global Markets Surging By Flash Finance 2021

Search URL Search Domain Scan URL

URL: https://partners.thepennyhoarder.com/the-penny-hoarder-issues-urgent-alert-6-companies-are-overcharging-you/?ntv_a=b4wGA5-BKAJTMRA&prx_ro=s&ntv_acpl=1127205&ntv_acsc=2&ntv_gsscm=848*5;835*10;644*7;837*5;839*5;680*5;648*6;698*6;619*6;&ntv_cr=0&ntv_fr
Title: Sponsored Content Penny Hoarder Issues “Urgent” Alert: 6 Companies Are... By The Penny Hoarder

Search URL Search Domain Scan URL

URL: http://observermedia.com/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/observer

Search URL Search Domain Scan URL

URL: https://twitter.com/observer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/observer-media

Search URL Search Domain Scan URL

URL: https://instagram.com/observer

Search URL Search Domain Scan URL

URL: http://observermedia.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: http://observermedia.com/terms
Title: Terms

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/8bf444f2-ddd6-41ff-8e24-b69ac0176e05/19c22396-023a-465c-a9c0-d9f831d1d9cd
Title: Do not sell my data

Search URL Search Domain Scan URL

URL: https://wpvip.com/?utm_source=vip_powered_wpcom&utm_medium=web&utm_campaign=VIP%20Footer%20Credit&utm_term=observer.com
Title: WordPress VIP

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://sb.scorecardresearch.com/b?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=

Request Chain 147

https://c1.adform.net/serving/cookie/match?party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50

Request Chain 148

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543

Request Chain 150

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796

Request Chain 151

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIMGprN0M4WWdBQURUNUd5M0tUQQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH0jk7C8YgAADT5Gy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Request Chain 152

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 153

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=845455356 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=845455356 HTTP 302
https://sync.1rx.io/usersync/tradedesk/b0901b5a-2084-4bbe-a3c2-95b63caf36f5 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003

Request Chain 155

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi

Request Chain 157

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 159

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 160

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=967HbZjGTrK2EDZPhp_7UA%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 161

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=801a6178-c3fa-4300-a53d-daf72be4ef3e

Request Chain 162

https://pixel.onaudience.com/?partner=214&mapped=F7AEC76D-98C6-4EB2-B610-364F869FFB50 HTTP 302
https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m HTTP 302
https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1d4d5d6d15bd2c7c HTTP 302
https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1d4d5d6d15bd2c7c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MlJmODd4bk1kYnU2TF80MHc2SUJTUkZKbHJEWGVlX1dmdHg5d1YyR25sUFE&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_gid=CAESEO5k_N8aV02kTVsRDMNSSqo&google_cver=1 HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjdBRUM3NkQtOThDNi00RUIyLUI2MTAtMzY0Rjg2OUZGQjUw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 164

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDC5fhopxGDvHxBlnGABpIE&google_cver=1

Request Chain 166

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&gdpr=0&gdpr_consent=

Request Chain 167

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=9082289130176231131

Request Chain 168

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b0901b5a-2084-4bbe-a3c2-95b63caf36f5

Request Chain 169

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=300325025199577992&gdpr=0&gdpr_consent=

Request Chain 170

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h

Request Chain 171

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F7AEC76D-98C6-4EB2-B610-364F869FFB50&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F7AEC76D-98C6-4EB2-B610-364F869FFB50&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fo.59IhE2uWDOnVvq9vaa311ICrFMV0-~A&gdpr=0&gdpr_consent=

Request Chain 173

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=59da657b-5f16-44e0-8b78-6e706103df7c

Request Chain 174

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YXjD_wAMOQdvuwA6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjD_wAMOQdvuwA6&gdpr=0&gdpr_consent=&_test=YXjD_wAMOQdvuwA6

Request Chain 176

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3042841183873246856&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 177

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=71047368-f923-4ecd-8890-08f0d600715c-6178c3fb-5553&gdpr=0&gdpr_consent=

Request Chain 179

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=300325025199577992

180 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
observer.com/
Redirect Chain

http://observer.com/
https://observer.com/

150 KB
28 KB

30ms
6ms

Document
text/html

192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

0c2dddb5f4b2ec5c23f6af02ddf7154ddb2926ce37d46366829010098c255314

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:method: GET
:authority: observer.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:13:55 GMT
content-type: text/html; charset=UTF-8
content-length: 28283
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://observer.com/wp-json/>; rel="https://api.w.org/" <http://nyob.co/N5PKir>; rel=shortlink
content-encoding: gzip
x-rq: hhn2 0 4 9980
cache-control: max-age=300, must-revalidate
age: 1622
x-cache: hit
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=31536000;includeSubdomains;preload

Redirect headers

Location: https://observer.com/
Non-Authoritative-Reason: HSTS

GET
H2 200 crimson-text-v11-latin-regular.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 15 KB
15 KB 7ms
6ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/crimson-text-v11-latin-regular.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6f6fb4a5ed73890ce881e4b94a3e971684a44fdead6c1c2a45b31e96ab32de4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/crimson-text-v11-latin-regular.woff2
pragma: no-cache
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 18
x-cache: hit
content-length: 14888
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-3a28"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 montserrat-v15-latin-regular.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 19 KB
19 KB 9ms
8ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-regular.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-regular.woff2
pragma: no-cache
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 18
x-cache: hit
content-length: 19172
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-4ae4"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 flexslider-icon.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 748 B
809 B 8ms
8ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2
pragma: no-cache
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 330
x-cache: grace
content-length: 748
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-2ec"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 jquery.min.js Show response
observer.com/wp-includes/js/jquery/ 87 KB
31 KB 12ms
12ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 21 Sep 2021 19:12:51 GMT
server: nginx
age: 1070126
etag: W/"614a2eb3-15db1"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 31148
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 main.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 59 KB
11 KB 7ms
7ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ead189cbd293c28b092697ab4e45a921efb6058f679defb0e61e2ec6fcd4f27a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-ec9f"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 11326
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 124 KB
49 KB 54ms
23ms Script
application/javascript 172.217.23.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

962c8a69b5aa4b1fd6a66b7cf284c08fae36858811b310a876f57a2e95828777

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 49439
x-xss-protection: 0
expires: Wed, 27 Oct 2021 03:13:55 GMT

GET
H2 200 default.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 67 KB
10 KB 16ms
8ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/default.min.css?ver=04282021

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2890470f2b0be06395234095f949c4ec1c06a5306d3bbac08b7ff57b14289f3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/css/default.min.css?ver=04282021
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-10a42"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 10277
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 print.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 143 B
191 B 16ms
9ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/print.min.css?ver=04282021

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/css/print.min.css?ver=04282021
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: "6165d9b8-8f"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 143
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
observer.com/wp-includes/js/mediaelement/ 11 KB
3 KB 16ms
9ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 21 Sep 2021 19:12:51 GMT
server: nginx
age: 1070126
etag: W/"614a2eb3-2bf8"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 2593
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 wp-mediaelement.min.css
observer.com/wp-includes/js/mediaelement/ 4 KB
1 KB 32ms
25ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.1

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.1
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 21 Sep 2021 19:12:51 GMT
server: nginx
age: 1070126
etag: W/"614a2eb3-105a"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1161
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 lasso-live.css
observer.com/wp-content/plugins/lasso/admin/assets/css/ 26 KB
4 KB 18ms
11ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/lasso/admin/assets/css/lasso-live.css?v=1635272650&ver=253

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/lasso/admin/assets/css/lasso-live.css?v=1635272650&ver=253
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
age: 31691
etag: W/"617847ca-698a"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4088
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 jetpack.css
observer.com/wp-content/mu-plugins/jetpack-10.2/css/ 85 KB
17 KB 16ms
10ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/mu-plugins/jetpack-10.2/css/jetpack.css?ver=10.2.1

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

41b60d2262cffca90f6cd644983a2d813336dc959558bdd6ae54b35ef06dd9fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/mu-plugins/jetpack-10.2/css/jetpack.css?ver=10.2.1
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Thu, 07 Oct 2021 00:41:12 GMT
server: nginx
age: 455418
etag: W/"615e4228-15494"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 17112
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 media-credit.css
observer.com/wp-content/plugins/media-credit/css/ 109 B
158 B 17ms
10ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/media-credit/css/media-credit.css?ver=2.7.5

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f8c75a1076576464dd8faee80f57812b9a20f9d53977c896824ec1bd58614aa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/media-credit/css/media-credit.css?ver=2.7.5
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: "6165d9b8-6d"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 109
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 121 KB
43 KB 94ms
20ms Script
application/javascript 99.84.156.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-2.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:08:49 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 04:22:34 GMT
server: AmazonS3
age: 307
etag: W/"b22b4f4738e8722be1636447be239da2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f4fd9b491f9f2f2d7eed7c38209919d4.cloudfront.net (CloudFront)
cache-control: max-age=600; must-revalidate
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: 25kOursiziv5SGJkOlU5lGDtRMwsg1843jI2DmXgIXTm2IUxsT3b1g==

GET
H2 200 sailthru.js Show response
observer.com/wp-content/plugins/hc-sailthru/assets/js/ 761 B
485 B 8ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/hc-sailthru/assets/js/sailthru.js?ver=20211026

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/hc-sailthru/assets/js/sailthru.js?ver=20211026
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
age: 31691
etag: W/"617847ca-2f9"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 428
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 helpers.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 924 B
547 B 8ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/helpers.js?ver=2021.07.14

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b4aced5f9b322c7d7992a40ea8ed5a9cb2d375f9ca109885dd3b26712583c790

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/helpers.js?ver=2021.07.14
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-39c"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 495
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 jquery.flexslider.min.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/ 21 KB
6 KB 9ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/jquery.flexslider.min.js?ver=2.2.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/vendor/jquery.flexslider.min.js?ver=2.2.2
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-5429"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 6422
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 theme.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 5 KB
2 KB 9ms
8ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/theme.js?ver=1.2.0.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0088fe12f5d431f21a930ddc7605f11cdd05411121cb89cce1dba2dfacd3fe0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/theme.js?ver=1.2.0.2
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-1467"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 2026
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 sailthru-widget.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 1 KB
611 B 9ms
8ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/sailthru-widget.js?ver=2021.10.26

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ffd9ded54779f779de2be92f0f1eb04a48113d5981d1814f41c06d7603a4d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/sailthru-widget.js?ver=2021.10.26
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
age: 31691
etag: W/"617847ca-437"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 559
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 delay-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
1 KB 9ms
9ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/delay-load.js?ver=8f7693010179fc5007dacef632d329a6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/xcurrent/assets/js/delay-load.js?ver=8f7693010179fc5007dacef632d329a6
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-b50"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1237
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 lazy-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 8 KB
4 KB 9ms
9ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/lazy-load.js?ver=6bd186b35f60946321703040eae7bccf

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/xcurrent/assets/js/lazy-load.js?ver=6bd186b35f60946321703040eae7bccf
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-214a"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 3790
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 script-queue.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
2 KB 13ms
5ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070126
etag: W/"6165d9b8-dd9"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1493
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/observer.com/ 48 KB
19 KB 89ms
33ms Script
application/javascript 99.84.159.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/observer.com/p.js?ver=2.5.2
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.159.109 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-159-109.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: b17c92dab911dc411afb4fc07040d41ab97374894275b8e213c8af4c1761bd69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: public
date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 00:33:28 GMT
server: nginx
x-amz-cf-pop: TXL52-C1
etag: W/"5e8532d8-c07b"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 969e7c67b62bdfae78f727a06e4512c3.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-id: tQVx__EMnoraSGJMoqZxafS8m0-OgWEIgTLi0xfQ3P4Al_m7H9cDNw==
expires: Thu, 28 Oct 2021 01:38:05 GMT

GET
H2 200 e-202143.js Show response
stats.wp.com/ 9 KB
3 KB 53ms
13ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202143.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn
date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 16 Oct 2022 21:07:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 53ms
14ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 4369
date: Wed, 27 Oct 2021 02:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19887
expires: Wed, 27 Oct 2021 04:01:06 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 search-ffffff.svg
observer.com/wp-content/themes/newyorkobserver-2014/images/ 2 KB
1 KB 12ms
7ms Image
image/svg+xml 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/search-ffffff.svg

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/images/search-ffffff.svg
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
age: 104
etag: "617847ca-960"
vary: X-Mobile-Class, Accept-Encoding
x-cache: hit
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1039
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 observer-logo-white-2015.png
observer.com/wp-content/themes/newyorkobserver-2014/images/ 3 KB
3 KB 16ms
11ms Image
image/png 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/observer-logo-white-2015.png

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/images/observer-logo-white-2015.png
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=080221
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
x-rq: hhn2 98 174 3146
last-modified: Fri, 09 Apr 2021 02:03:56 GMT
server: nginx
age: 15033043
etag: "606fb60c-b7d"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2941
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 montserrat-v15-latin-500.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 19 KB
19 KB 22ms
0ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-500.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

sec-fetch-mode: cors
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-500.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 18
x-cache: hit
content-length: 19272
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-4b48"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 montserrat-v15-latin-700.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 19 KB
19 KB 29ms
5ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-700.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

sec-fetch-mode: cors
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402
:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-700.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:55 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 18
x-cache: hit
content-length: 19480
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-4c18"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:55 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 256 B
474 B 101ms
101ms Fetch
application/json 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 4d0923902fe43fb9b663f70eb6df067dfe70b51c575abd648c87da470527662c

Request headers

x-lib-version: v1.0.1
Accept-Language: de-DE,de;q=0.9
authorization: Bearer eddd21a32bf5284abd9bc8ac7ddeec34
content-type: application/json
accept: application/json
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
x-referring-url: https://observer.com/

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 173
allowedmethods: GET,OPTIONS
expires: -1

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 345ms
102ms Preflight
text/plain 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Server: 75.2.40.13 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Origin: https://observer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-type: text/plain
content-length: 18
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
allow: HEAD,GET,OPTIONS

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 14ms
13ms Ping
text/plain 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-T9PLB60R8S&gtm=2oeak0&_p=1552079825&sr=1600x1200&ul=en-us&cid=1141453447.1635304436&_s=1&dl=https%3A%2F%2Fobserver.com%2F&dt=Latest%20News%20and%20Trends%20%7C%20Observer&sid=1635304436&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 86 KB
34 KB 19ms
18ms Script
application/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NXSTMDF&cid=1141453447.1635304436

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Google Tag Manager /

Resource Hash

6dc99f0099433be16452505b2efdedfafaf6dca016be5e4446777d018f218bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 34619
x-xss-protection: 0
expires: Wed, 27 Oct 2021 03:13:56 GMT

GET
H/1.1 200
OK /
srv-2021-10-27-03.pixel.parsely.com/plogger/ 43 B
260 B 393ms
94ms Image
image/gif 34.231.207.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2021-10-27-03.pixel.parsely.com/plogger/?rand=1635304436182&plid=47706726&idsite=observer.com&url=https%3A%2F%2Fobserver.com%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fobserver.com%2F&sref=&sts=1635304436178&slts=0&title=Latest+News+and+Trends+%7C+Observer&date=Wed+Oct+27+2021+03%3A13%3A56+GMT%2B0000+(GMT)&action=pageview&pvid=9108969&u=pid%3D4706b444f3f5f94a2220b7c2758af476
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.231.207.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-231-207-29.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:56 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 27-Oct-2021 03:13:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 11ms
9ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.2.1&blog=168679389&post=0&tz=-4&srv=observer.com&host=observer.com&ref=&fcp=230&rand=0.9568987955686246
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 eternals-marvel.jpeg
observer.com/wp-content/uploads/sites/2/2021/10/ 37 KB
37 KB 7ms
6ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/eternals-marvel.jpeg?quality=80&crop=0px%2C78px%2C1001px%2C387px&resize=970%2C375&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9cd51c031ae0e26daae376011b70ea9daf2b1c921b122ce93f30769c1427ef45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/eternals-marvel.jpeg?quality=80&crop=0px%2C78px%2C1001px%2C387px&resize=970%2C375&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 200 443
last-modified: Tue, 26 Oct 2021 20:26:17 GMT
server: nginx
etag: "9989b1eb0c87e7d3"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 38044
expires: Wed, 26 Oct 2022 20:26:17 GMT

GET
H2 200 GettyImages-1183871260.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 5 KB
5 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/GettyImages-1183871260.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f5474d1ea76f97e96a990f4031d413a2574c6755447b67cad386cd9d68b069b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/GettyImages-1183871260.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 84 443
last-modified: Tue, 26 Oct 2021 19:32:17 GMT
server: nginx
etag: "b4928d5fd8cbad9b"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4940
expires: Wed, 26 Oct 2022 19:32:17 GMT

GET
H2 200 Screen-Shot-2021-10-26-at-2.15.05-PM.png
observer.com/wp-content/uploads/sites/2/2021/10/ 54 KB
54 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/Screen-Shot-2021-10-26-at-2.15.05-PM.png?w=300&h=225&crop=1&quality=80&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

03e2ef46ab60facfd5553f87f519f673c7e60368da58e74fa505102347da7779

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/Screen-Shot-2021-10-26-at-2.15.05-PM.png?w=300&h=225&crop=1&quality=80&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 27 443
last-modified: Tue, 26 Oct 2021 18:36:01 GMT
server: nginx
etag: "4f2f7a008949df49"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 55282
expires: Wed, 26 Oct 2022 18:36:01 GMT

GET
H2 200 GettyImages-1341230768.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 8 KB
8 KB 10ms
9ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/GettyImages-1341230768.jpg?quality=80&crop=180px%2C0px%2C2872px%2C2154px&resize=300%2C225&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

702d7bc763ab7b6becf9c59da5b158b5995c860438fadd91d54c1ef01a7cb369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/GettyImages-1341230768.jpg?quality=80&crop=180px%2C0px%2C2872px%2C2154px&resize=300%2C225&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 144 443
last-modified: Tue, 26 Oct 2021 16:54:10 GMT
server: nginx
etag: "9b47aeeb1323565e"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 8544
expires: Wed, 26 Oct 2022 16:54:10 GMT

GET
H2 200 GettyImages-520756502.jpg
observer.com/wp-content/uploads/sites/2/2020/02/ 6 KB
6 KB 10ms
9ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2020/02/GettyImages-520756502.jpg?quality=80&crop=352px%2C0px%2C2648px%2C1986px&resize=300%2C225&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3f26621a90831f9a8158752e0fcde1a48200bbb8b5cbec205db00ff343479213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2020/02/GettyImages-520756502.jpg?quality=80&crop=352px%2C0px%2C2648px%2C1986px&resize=300%2C225&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 142 443
last-modified: Tue, 26 Oct 2021 15:36:49 GMT
server: nginx
etag: "49888b414cfede6b"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 5994
expires: Wed, 26 Oct 2022 15:36:49 GMT

GET
H2 200 GettyImages-959854850.jpg
observer.com/wp-content/uploads/sites/2/2020/11/ 7 KB
7 KB 10ms
10ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2020/11/GettyImages-959854850.jpg?resize=300,225

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3877ffb9461eb878a47993ddca6152bda7c884f4a8eea272499c547b305a9fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2020/11/GettyImages-959854850.jpg?resize=300,225
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 84 443
last-modified: Mon, 25 Oct 2021 20:49:11 GMT
server: nginx
etag: "560c2a4c697dbae4"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 6688
expires: Tue, 25 Oct 2022 20:49:11 GMT

GET
H2 200 WOFT_S1_UT_103_200108_THIJAN_00956r_v2.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 18 KB
18 KB 8ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/WOFT_S1_UT_103_200108_THIJAN_00956r_v2.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

eb000da68e316ff3df5f83db3a212b3e2cd124ae1f1240d2c5e0d088c6d76871

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/WOFT_S1_UT_103_200108_THIJAN_00956r_v2.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 196 443
last-modified: Mon, 25 Oct 2021 17:32:12 GMT
server: nginx
etag: "7f49db9fcecd5237"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 18622
expires: Tue, 25 Oct 2022 17:32:12 GMT

GET
H2 200 discovery_plus.0.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 12 KB
13 KB 8ms
8ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/discovery_plus.0.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

734c9bc8d2376785fecf89760d0711ff420b67e72f9cedf61c3c01041b4a9b09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/discovery_plus.0.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 200 443
last-modified: Mon, 25 Oct 2021 17:32:11 GMT
server: nginx
etag: "cfcb32849f01e57c"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 12708
expires: Tue, 25 Oct 2022 17:32:11 GMT

GET
H2 200 jeremy-strong-nicholas-braun.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 8 KB
9 KB 8ms
8ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/jeremy-strong-nicholas-braun.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f433395d73f0f4c86fdcb3d64d2ef849f768181303b8e5b693d62309c7fd02f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/jeremy-strong-nicholas-braun.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 198 443
last-modified: Mon, 25 Oct 2021 02:46:38 GMT
server: nginx
etag: "44342e955ec28680"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 8680
expires: Tue, 25 Oct 2022 02:46:38 GMT

GET
H2 200 Screen-Shot-2021-10-20-at-10.35.50-AM.png
observer.com/wp-content/uploads/sites/2/2021/10/ 65 KB
65 KB 8ms
8ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/Screen-Shot-2021-10-20-at-10.35.50-AM.png?w=300&h=225&crop=1&quality=80&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e600ffd74855a94cf1300522e79f2b5ad0b784d914e2f80b63e87397dcabe73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/Screen-Shot-2021-10-20-at-10.35.50-AM.png?w=300&h=225&crop=1&quality=80&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 196 443
last-modified: Sun, 24 Oct 2021 18:07:19 GMT
server: nginx
etag: "731083ab7ffb2257"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 66108
expires: Mon, 24 Oct 2022 18:07:19 GMT

GET
H2 200 13MINS_STILL.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 7 KB
7 KB 7ms
6ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/13MINS_STILL.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3d79d7309cfa98a0ce059d9acfa54b666159874f5ed51f7e8694e5fed05d0ead

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/13MINS_STILL.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
x-rq: hhn2 109 140 443
last-modified: Mon, 25 Oct 2021 23:38:19 GMT
server: nginx
etag: "8dae7812a5cfdc8e"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 7528
expires: Tue, 25 Oct 2022 23:38:19 GMT

GET
H2 200 underscore.min.js Show response
observer.com/wp-includes/js/ 19 KB
7 KB 7ms
6ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/underscore.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/underscore.min.js
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 21 Sep 2021 19:12:52 GMT
server: nginx
age: 1070127
etag: W/"614a2eb4-4a84"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 7341
expires: Thu, 27 Oct 2022 03:13:56 GMT

GET
H2 200 api-request.min.js Show response
observer.com/wp-includes/js/ 1 KB
685 B 7ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/api-request.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/api-request.min.js
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Thu, 09 Sep 2021 02:41:32 GMT
server: nginx
age: 3767698
etag: W/"6139745c-401"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 589
expires: Thu, 27 Oct 2022 03:13:56 GMT

GET
H2 200 backbone.min.js Show response
observer.com/wp-includes/js/ 23 KB
8 KB 6ms
6ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/backbone.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/backbone.min.js
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 21 Sep 2021 19:12:52 GMT
server: nginx
age: 1070127
etag: W/"614a2eb4-5d0a"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 7917
expires: Thu, 27 Oct 2022 03:13:56 GMT

GET
H2 200 wp-api.min.js Show response
observer.com/wp-includes/js/ 14 KB
4 KB 9ms
8ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/wp-api.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-includes/js/wp-api.min.js
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Thu, 09 Sep 2021 02:41:32 GMT
server: nginx
age: 3767698
etag: W/"6139745c-395f"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4133
expires: Thu, 27 Oct 2022 03:13:56 GMT

GET
H2 200 / Show response
observer.com/wp-json/wp/v2/ 186 KB
11 KB 204ms
203ms XHR
application/json 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-json/wp/v2/

Requested by

Host: observer.com
URL: https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

62893d653961fcd5b137b0a5cb8358f6bd2c0e2d94e16b9165fefc9ae768b3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
:path: /wp-json/wp/v2/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://observer.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: miss
vary: Accept-Encoding, Origin
x-rq: hhn2 0 4 9980
allow: GET
server: nginx
strict-transport-security: max-age=31536000;includeSubdomains;preload
content-type: application/json; charset=UTF-8
link: <https://observer.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type

GET
H2 200 241208357_396681235458286_1259694173632757179_n.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 5 KB
5 KB 15ms
14ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/241208357_396681235458286_1259694173632757179_n.jpg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ab4b1896de91e0599270d4a551a6c40694735d53ba0097b7228fafec969fa9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/241208357_396681235458286_1259694173632757179_n.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:57 GMT
x-rq: hhn2 109 140 443
last-modified: Wed, 13 Oct 2021 19:05:29 GMT
server: nginx
etag: "9bdf56c98e29dd7e"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4842
expires: Thu, 13 Oct 2022 19:05:29 GMT

GET
H2 200 GettyImages-504677899.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 15 KB
15 KB 15ms
14ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/GettyImages-504677899.jpg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a968362fb540700e2f49426fe5b0f0a6cb04c249356f82e19e1e2112a4741665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/GettyImages-504677899.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:57 GMT
x-rq: hhn2 109 195 443
last-modified: Wed, 13 Oct 2021 12:11:58 GMT
server: nginx
etag: "53f6c771b3519b16"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 15410
expires: Thu, 13 Oct 2022 12:11:58 GMT

GET
H2 200 molnu-capsule3.jpeg
observer.com/wp-content/uploads/sites/2/2021/10/ 1 KB
1 KB 15ms
15ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/molnu-capsule3.jpeg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ff676cae8092ac570c372375a3037760eee4e052e228feec312fb499acc39fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/molnu-capsule3.jpeg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:57 GMT
x-rq: hhn2 109 83 443
last-modified: Tue, 05 Oct 2021 16:48:46 GMT
server: nginx
etag: "a5e99577c024b3cf"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1190
expires: Wed, 05 Oct 2022 16:48:46 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 387 KB
113 KB 44ms
19ms Script
application/x-javascript 2.18.234.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Requested by: Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.163 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-163.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f4b3853b7e792cec8a88f9da8a31d2b29ee09d6a77aabc45979c9ab2937f0962

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:57 GMT
Content-Encoding: gzip
x-amz-request-id: 895P7GZMS448PBGC
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: E1f3G4zwvNTivmbsjwi9gTDTblbRbtJyRdbl9CMpQza/SzA88yTu1Zx0HeDBqc0Pyxav9taZuIY=
Last-Modified: Fri, 08 Oct 2021 20:59:32 GMT
Server: AmazonS3
ETag: "5cac4cabadee93ec669a5ded971f5756"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 GettyImages-1095401126.jpg
observer.com/wp-content/uploads/sites/2/2021/10/ 10 KB
10 KB 6ms
6ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2021/10/GettyImages-1095401126.jpg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

db36765bcbd94bfcb454e9796be7317d22613ea0708994207f38a1b067e08fb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/uploads/sites/2/2021/10/GettyImages-1095401126.jpg?quality=80&w=300&h=225&crop=1&strip
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:57 GMT
x-rq: hhn2 109 144 443
last-modified: Tue, 26 Oct 2021 18:58:15 GMT
server: nginx
etag: "31b3f3884e253abd"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 10258
expires: Wed, 26 Oct 2022 18:58:15 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 23 KB
4 KB 504ms
272ms Script
text/javascript 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fobserver.com%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 02d4b5c09660a6caa583ac18d57c2b9ef4733d3db40538a161103bf07671c4b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 4181
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 app.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 5 KB
2 KB 291ms
289ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/app.js?ver=5.8.1

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e4503431038f190f2d13551529fea120f9e6e44df46109550fa03b893cd6338a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/app.js?ver=5.8.1
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _ga=GA1.1.1141453447.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418; ntvSession={}
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
age: 31692
etag: W/"617847ca-156f"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1649
expires: Thu, 27 Oct 2022 03:13:58 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 209 KB
64 KB 90ms
60ms Script
application/javascript 172.217.23.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

1714ada8ee5a721f6bf04a8f3635fde6c72dc2f6e77bfec80e74835c111378fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 65955
x-xss-protection: 0
expires: Wed, 27 Oct 2021 03:13:58 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 26 KB
10 KB 47ms
19ms Script
application/javascript 91.228.74.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 72d43d4ff0adb982ce42d41ef08e5f88c1854e4c8ea6455771ace93761a067c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
etag: "f5gpBRZmwYYTVm3LkZ0l2w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 03 Nov 2021 03:13:58 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 36ms
14ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

4b5e988359c30afd1d84b7a5118296f1fc33f4527d530b096ca27aa7fbfef99a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25969
x-xss-protection: 0
pragma: public
x-fb-debug: CRP1k7K7lq2yfIKRbZcxVUoFxeBCntmUQGB++cHyneGQuVAyr55Ne5Ieg3c+OCTebDm2H7U3kCgcqC6egmrnKA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 27 Oct 2021 03:13:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 86ms
21ms Script
application/javascript 99.84.156.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.73 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-73.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 02:32:50 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 2672
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: dThUy0TapB_SfsExvoExnePcW6hRVWTmPwYpM73GT83ytLulK9emdw==

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 17ms
17ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 02:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 947
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 27 Oct 2021 03:58:11 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
19 KB 17ms
17ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 4372
date: Wed, 27 Oct 2021 02:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19887
expires: Wed, 27 Oct 2021 04:01:06 GMT

GET
H2 200 rules-p-8e-8kU1qcT19Y.js Show response
rules.quantcount.com/ 3 B
428 B 105ms
57ms Script
application/javascript 99.84.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-8e-8kU1qcT19Y.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-80.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
via: 1.1 21b99afa310f2ff34977f80506fb1672.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 20:13:47 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 3
x-amz-cf-id: Goa70K2B_MhXKtxGlFCSaHpITtBtHhE34W2avYMGSlsxfxshYeyOrg==

GET
H3 200 832096553515722 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 308ms
295ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/832096553515722?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.20.19 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

2c209f8785c931051f77a66eb051ca14d4be0354da6c5b29bd09a374d3a4b743

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: h3RcHjH08DjbLIK5kSlTk3Ywqn/ytIvFTQK5C8KOx8ozsPRFy9Ylvr/HmmRqkOZtCF/XcRSBZRi00rjOfql6sw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 27 Oct 2021 03:13:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 33ms
33ms Ping
image/gif 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
409 B 76ms
30ms XHR
text/plain 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j94&tid=UA-1212249-1&cid=1141453447.1635304436&jid=880066254&uid=1141453447.1635304436&gjid=888711841&_gid=1886347526.1635304436&_u=aGDAgUAjQAAAAE~&z=148224529

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Oct 2021 03:13:58 GMT
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 18ms
17ms Ping
image/gif 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK click-out-icon.css
s.ntv.io/css/ 618 B
1 KB 7ms
7ms Stylesheet
text/css 2.18.234.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/css/click-out-icon.css
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.163 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-163.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 8e41a8e6b02e146fe25fa71262a12a24c80ee7e0debfcae0757a4fe6c67de5a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:58 GMT
Last-Modified: Wed, 13 Sep 2017 22:37:26 GMT
Server: AmazonS3
x-amz-request-id: 880B72DFDE73E1A1
ETag: "43c31858c9aac81661d142577cb1fc68"
Access-Control-Allow-Methods: GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 618
x-amz-id-2: oJuMSYYTkoOSfPRAwKWeUHSB/I4XdenD8NLhFAx/kTATfZPgnOYWZme29G+bjHzZ0WiWyUBL9lM=

GET
H2 200 moatcontent.js Show response
z.moatads.com/nativonielsen548znrb18/ 167 KB
55 KB 51ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/nativonielsen548znrb18/moatcontent.js?moatClientLevel1=13782
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 17:04:05 GMT
server: AmazonS3
x-amz-request-id: 541CA3CB462144FD
etag: "774acff2cee5852cdfc3fd8471cb2667"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=11635
accept-ranges: bytes
content-length: 55696
x-amz-id-2: WNwhnB94WoMq7DmM1MaoToceuK3QbHC7vn11hUldfKqO5oRdP3/lkIWqAFpXgth7b2BO5KLt3DE=

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
427 B 119ms
116ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=5619837&ntv_pl=1092087
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK 080417E262A34091B76E6B9619D16A3D.jpg
ntvcld-a.akamaihd.net/image/upload/w_600,h_450,c_fill,g_auto:text,f_auto/assets/ 39 KB
40 KB 78ms
15ms Image
image/webp 2.16.107.122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntvcld-a.akamaihd.net/image/upload/w_600,h_450,c_fill,g_auto:text,f_auto/assets/080417E262A34091B76E6B9619D16A3D.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.107.122 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-122.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 124caf6cc75e9844669d94a8bdc903c55cdde0aff16a60aa42ec08149e3ddcd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:58 GMT
X-Check-Cacheable: YES
X-Serial: 282
ETag: "035d03f166d4ac979880f51e76bbcbe0"
Content-Type: image/webp
Cache-Control: private, no-transform, max-age=922473
Last-Modified: Mon, 21 Jun 2021 05:15:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 40064
Server: Akamai Image Manager
Expires: Sat, 06 Nov 2021 19:28:31 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
427 B 118ms
116ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=46,302&ntv_ui=2db80b86-dfd1-4132-be5c-ead7cef8f0ad&ntv_a=b4wGA5-BKAJTMRA&ntv_fl=CF4se3gYGjAPzQcMJoAeWbt9Edl0Z3l9q9WDcci28eK6JJPo3u-wIDvPT0hWSJb-CqcJ7DvVOtFFp7bDvsl_auuPpdeThw_Uq4WjmDHC5qoQIWv90au7KsoODqSdPPsuTMLGW3JGHRbIDIQOPwCEzavN6do6SK15v6parG-cWHWtktXr7AWJzuFwN-OjOnrfwhLHOiqi7pyzneDdWyStMvcbT6ixm2-_P1kH7YKSg9s=&ord=1931760691&ntv_ht=9sN4YQA&ntv_tad=16&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK 3C381BB08C3440A78A725123EF23E85B.jpg
ntvcld-a.akamaihd.net/image/upload/w_600,h_450,c_fill,g_auto:text,f_auto/assets/ 51 KB
51 KB 75ms
13ms Image
image/webp 2.16.107.122
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntvcld-a.akamaihd.net/image/upload/w_600,h_450,c_fill,g_auto:text,f_auto/assets/3C381BB08C3440A78A725123EF23E85B.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.107.122 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-122.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 28e8719cfd2ede354c19d22bd98ee30310470b9eebb2b7e254265a16315e0986

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:58 GMT
X-Check-Cacheable: YES
X-Serial: 116
ETag: "234e88e947d521a3c40e9a453ecbd20b"
Content-Type: image/webp
Cache-Control: private, no-transform, max-age=1335774
Last-Modified: Thu, 24 Jun 2021 21:49:55 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 52282
Server: Akamai Image Manager
Expires: Thu, 11 Nov 2021 14:16:52 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
427 B 117ms
115ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=46&ntv_ui=95e80a5c-1b22-4303-9bfc-02d7176dcb7e&ntv_a=-fYGAND5PA96kQA&ntv_fl=CF4se3gYGjAPzQcMJoAeWTLunWOKm480ihA5hwo2yCcrfSoC8_RbX2LAExRU3oyGm7E2GpwJjyAsgUJXzUoD7mYXQiOS2IORPYBh99LNS82QKqCh7mMeR4uoaw7TNgmuP7DIUvGl1Nbur7M0XIW_LiJqBS9Yo2trV1l8Yk9SBqEQU_3mEVnwDtnM8mFb0c2yt2ihWt70iK0zFxY_KPTKZHD8owHcC5Xjv_VfaGUWlUY=&ord=-1962300109&ntv_ht=9sN4YQA&ntv_tad=16&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 gdprConsent
jadserve.postrelease.com/ 43 B
427 B 118ms
116ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/gdprConsent?ntv_pl=1127205&ntv_gdpr_consent=&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
472 B 47ms
18ms Image
image/gif 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j94&tid=UA-1212249-1&cid=1141453447.1635304436&jid=880066254&_u=aGDAgUAjQAAAAE~&z=232294756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK click-out-icon.ttf
s.ntv.io/font/ 1 KB
2 KB 23ms
7ms Font
application/octet-stream 2.18.234.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/font/click-out-icon.ttf?sjshwd
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/css/click-out-icon.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.163 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-163.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ee2214a948aa510978878e09453b21c85f1bcfe78a7c55412268ad85a5fb147d

Request headers

Referer: https://s.ntv.io/css/click-out-icon.css
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:13:58 GMT
Last-Modified: Tue, 04 Oct 2016 00:20:40 GMT
Server: AmazonS3
x-amz-request-id: AC8FC5A61A32D72F
ETag: "f587575d5d6dc5e7dc296da77fb11396"
Access-Control-Allow-Methods: GET
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 1092
x-amz-id-2: HpmlO9jp42YcpH/ytKgJ6y3WOr8NGe0HL5xeSJfJ9rdt9gQvyYNLG9CGGlqG2AwyIUAjwpZku7A=

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=

64 B
330 B

38ms
33ms

Image
image/gif

99.84.156.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.73 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-73.txl52.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
via: 1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: U-j_BrHRTA3ov5WR4i_XHoTpyXESwTC7KclvP0fvK0eRRian8GafdA==

Redirect headers

date: Wed, 27 Oct 2021 03:13:58 GMT
via: 1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1635304438459&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
content-length: 198
x-amz-cf-id: Gf2Gt6iq_ud40WQ_trZ2m5j_pVlbxkkUupOU0IWO1rc9wxfIigADAQ==

GET
H2 200 pixel;r=1909698245;source=gtm;rf=0;a=p-8e-8kU1qcT19Y;url=https%3A%2F%2Fobserver.com%2F;uh=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;uht=2;fpan=1;fpa=P0-1044573503-16353044384...
pixel.quantserve.com/ 35 B
372 B 15ms
13ms Image
image/gif 91.228.74.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1909698245;source=gtm;rf=0;a=p-8e-8kU1qcT19Y;url=https%3A%2F%2Fobserver.com%2F;uh=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;uht=2;fpan=1;fpa=P0-1044573503-1635304438486;pbc=;ns=0;ce=1;qjs=1;qv=bb78f58d-20211025154311;cm=;gdpr=0;ref=;d=observer.com;je=0;sr=1600x1200x24;dst=0;et=1635304438486;tzo=0;ogl=type.website%2Ctitle.Latest%20News%20and%20Trends%20%7C%20Observer%2Cdescription.Observer%20covers%20the%20top%20stories%20and%20all%20of%20the%20latest%20trends%20in%20lifestyle%252C%20arts%252C%2Curl.https%3A%2F%2Fobserver%252Ecom%2F%2Csite_name.Observer%2Cimage.https%3A%2F%2Fs0%252Ewp%252Ecom%2Fi%2Fblank%252Ejpg%2Clocale.en_US

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 13782 Show response
s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/ 0
279 B 37ms
35ms Script
binary/octet-stream 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/13782?t=202192732
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: y2EydSaLrffiklWKlbzH9tI6NG14k76O
last-modified: Sat, 09 Oct 2021 06:01:13 GMT
server: AmazonS3
x-amz-request-id: 3BWN54VFE9S6SE1V
etag: "d41d8cd98f00b204e9800998ecf8427e"
content-type: binary/octet-stream
date: Wed, 27 Oct 2021 03:13:58 GMT
accept-ranges: bytes
content-length: 0
x-amz-id-2: TMm4QcDRvnacjbZ0gyc1a/vNb8Spn+kwBkuDXP6UcIvBvrg8jgxQI/D2X+p7thHtfr3eCLpG84Y=

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
427 B 105ms
104ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=28&ntv_ui=95e80a5c-1b22-4303-9bfc-02d7176dcb7e&ntv_a=-fYGAND5PA96kQA&ntv_fl=CF4se3gYGjAPzQcMJoAeWTLunWOKm480ihA5hwo2yCcrfSoC8_RbX2LAExRU3oyGm7E2GpwJjyAsgUJXzUoD7mYXQiOS2IORPYBh99LNS82QKqCh7mMeR4uoaw7TNgmuP7DIUvGl1Nbur7M0XIW_LiJqBS9Yo2trV1l8Yk9SBqEQU_3mEVnwDtnM8mFb0c2yt2ihWt70iK0zFxY_KPTKZHD8owHcC5Xjv_VfaGUWlUY=&ord=1917110684&ntv_ht=9sN4YQA&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:58 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
313 B 42ms
8ms Image
image/gif 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=832096553515722&ev=PageView&dl=https%3A%2F%2Fobserver.com%2F&rl=&if=false&ts=1635304438674&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.1.1635304438668.484358679&it=1635304438324&coo=false&exp=p0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 27 Oct 2021 03:13:58 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 79ms
17ms Script
application/javascript 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: OPcq+YIYFFKAyM1Ar0weOg==
age: 702515
vary: Accept-Encoding
content-length: 6350
x-ms-lease-status: unlocked
last-modified: Thu, 14 Oct 2021 05:25:41 GMT
server: cloudflare
etag: 0x8D98ED3103C1468
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: de611b3d-201e-0068-496c-c486b7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c0664c8a27a0-PRG
expires: Thu, 04 Nov 2021 03:13:58 GMT

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js Show response
cdn.permutive.com/ 282 KB
80 KB 125ms
64ms Script
application/javascript 104.19.150.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.150.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c0aab7bc1a479eb609e17700950454cb8b05a24647227587fb789e6b24b7545

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
x-guploader-uploadid: ADPycduZmiU7qu15Stx3oe3TtzRtN7lUTc2XnN0bEO0TBaZHFgCWrXu6gaUhsXK-CUgb3pb5B5TQrGvgzE6pSZ8yGRQ
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
last-modified: Tue, 26 Oct 2021 21:54:03 GMT
server: cloudflare
etag: W/"f8e362bdf4603cc1294c702d031d9bbe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=MPQeoQ==, md5=+ONivfRgPMEpTHAtAx2bvg==
x-goog-generation: 1635285243728029
cache-control: public, max-age=300
x-goog-stored-content-length: 84148
cf-ray: 6a48c0664be7413e-PRG
expires: Wed, 27 Oct 2021 03:18:58 GMT

GET
H2 200 infinite-scroll.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 2 KB
1 KB 14ms
1ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/infinite-scroll.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6dcbd9aa3265194d3306dd54a3db815f9c9c0c1ae5f61dfbd5ee0c69dae7f038

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

:path: /wp-content/themes/newyorkobserver-2014/dist/js/infinite-scroll.js
pragma: no-cache
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418; _ga=GA1.2.1141453447.1635304436; _dc_gtm_UA-1212249-1=1; ntvSession={"id":5619837,"placementID":1092087,"lastInteraction":1635304438374,"sessionStart":1635304438374,"sessionEndDate":1635379200000,"experiment":""}; __qca=P0-1044573503-1635304438486; _fbp=fb.1.1635304438668.484358679
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Mon, 13 Sep 2021 11:51:22 GMT
server: nginx
age: 3767698
etag: W/"613f3b3a-8e7"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1127
expires: Thu, 27 Oct 2022 03:13:58 GMT

GET
H2 200 posts Show response
observer.com/wp-json/wp/v2/ 182 KB
35 KB 732ms
728ms XHR
application/json 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-json/wp/v2/posts?page=2&nyo_post_hidden=213498167&offset=21&sticky=false

Requested by

Host: observer.com
URL: https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

28d574c373356c91c889e09ba74e8de0088ec81b21b172aeba6d4edc5b08fbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418; _ga=GA1.2.1141453447.1635304436; _dc_gtm_UA-1212249-1=1; ntvSession={"id":5619837,"placementID":1092087,"lastInteraction":1635304438374,"sessionStart":1635304438374,"sessionEndDate":1635379200000,"experiment":""}; __qca=P0-1044573503-1635304438486; _fbp=fb.1.1635304438668.484358679
:path: /wp-json/wp/v2/posts?page=2&nyo_post_hidden=213498167&offset=21&sticky=false
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
x-wp-nonce: dae7cc4a9a
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://observer.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
X-WP-Nonce: dae7cc4a9a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: pass
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-rq: hhn2 0 4 9980
allow: GET
server: nginx
x-wp-totalpages: 10431
strict-transport-security: max-age=31536000;includeSubdomains;preload
content-type: application/json; charset=UTF-8
link: <https://observer.com/wp-json/wp/v2/posts?page=1&nyo_post_hidden%5B0%5D=213498167&offset=21&sticky>; rel="prev", <https://observer.com/wp-json/wp/v2/posts?page=3&nyo_post_hidden%5B0%5D=213498167&offset=21&sticky>; rel="next"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
x-wp-total: 104309
accept-ranges: bytes
x-robots-tag: noindex
x-wp-nonce: dae7cc4a9a

GET
H2 200 htlbid.js Show response
htlbid.com/v3/observer.com/ 418 KB
103 KB 581ms
468ms Script
application/javascript 99.84.156.67

General

Check archive.org

Show headers Download Go to

Full URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Requested by: Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.67 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8089c60121d4ccdfcb08d828b5cbeb5758f57804ed814aa730453457a8942550

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:00 GMT
content-encoding: br
last-modified: Mon, 18 Oct 2021 21:37:06 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
etag: W/"75b9f1bd4afe5758194e95841a98e269"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 c6649c9545bbfa66bc79c9ba552d7a4a.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-id: _WxXnSffYY3-Jj-F5hNPeD69i68op2fc16QZy4FvboaKJe90u0URNA==

GET
H2 200 6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/ 3 KB
2 KB 86ms
24ms XHR
application/x-javascript 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 0CCuNb2oi4MBXRI3Igqd4w==
age: 9300
vary: Accept-Encoding
content-length: 1135
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:25 GMT
server: cloudflare
etag: 0x8D8872AA28370D2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3184b24e-f01e-00e2-0256-b23c94000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c0673dc44108-PRG
expires: Wed, 27 Oct 2021 07:13:58 GMT

GET
H2 200 web-vitals-analytics.js Show response
observer.com/wp-content/plugins/site-performance-tracker/js/dist/module/ 8 KB
3 KB 8ms
6ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/site-performance-tracker/js/dist/module/web-vitals-analytics.js?ver=3341ad667815cda20a9427ada8f97aee

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2dd20b5ae5d38e849ee491ff38409bfa925eab1da662cef639d6a2de5ab7843a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

sec-fetch-mode: cors
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: script
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _ga_T9PLB60R8S=GS1.1.1635304436.1.0.1635304436.0; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418; _ga=GA1.2.1141453447.1635304436; _dc_gtm_UA-1212249-1=1; ntvSession={"id":5619837,"placementID":1092087,"lastInteraction":1635304438374,"sessionStart":1635304438374,"sessionEndDate":1635379200000,"experiment":""}; __qca=P0-1044573503-1635304438486; _fbp=fb.1.1635304438668.484358679
:path: /wp-content/plugins/site-performance-tracker/js/dist/module/web-vitals-analytics.js?ver=3341ad667815cda20a9427ada8f97aee
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:58 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Tue, 12 Oct 2021 18:53:44 GMT
server: nginx
age: 1070127
etag: W/"6165d9b8-1e47"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 2788
expires: Thu, 27 Oct 2022 03:13:58 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 78ms
22ms Script
application/x-javascript 99.84.156.173

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.173 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 01:20:13 GMT
content-encoding: gzip
last-modified: Fri, 09 Jul 2021 00:11:37 GMT
server: nginx
age: 6825
etag: W/"60e79439-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 8e2919534da029bb37f64b265b219373.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: s7_09GpsNpx7JBxVLWbkwEbJhaGQGJtlgx7tkepBAogaEgJcK53GLg==
expires: Wed, 27 Oct 2021 03:20:13 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 193 B
398 B 115ms
31ms Script
text/javascript 104.20.185.68

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.185.68 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

60756645bbed6ad3cc3e8be0a057dff15132f22b5b60cbe14e48250980043653

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a48c0680efa4126-PRG

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 554ms
101ms Image
image/gif 23.22.200.199

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=observer.com&p=%2F&u=Brv6XxCtSUVvC9x3O8&d=observer.com&g=13018&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3533&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=828&t=CEGIcgD5byEFD5tH_UD_EACKCr62oa&V=128&i=Latest%20News%20and%20Trends%20%7C%20Observer&tz=0&sn=1&sv=DGeoyQDtPvlVDsX3QU4I4gwDqBS9Z&sd=1&im=06532c4f&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.200.199 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:59 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.9.0/ 341 KB
74 KB 35ms
35ms Script
application/javascript 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 56jOXvghU3RiFIKiZ2Zh+g==
age: 702513
vary: Accept-Encoding
content-length: 75725
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:12 GMT
server: cloudflare
etag: 0x8D88D721D404CB2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 59a8eb87-301e-0099-0f6c-c45724000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c0688dfb27a0-PRG
expires: Thu, 04 Nov 2021 03:13:59 GMT

GET
H2 200 pxid Show response
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/ 46 B
453 B 132ms
18ms XHR
application/json 35.241.9.51

General

Check archive.org

Show headers Download Go to

Full URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/pxid?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: c494f73f06208ad9fa331b73a95c5d6e381ec82a06ee31c50ba85f2fc65ea11a

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 66
via: 1.1 google

GET
H/1.1 200
OK getuidj Show response
ib.adnxs.com/ 11 B
688 B 259ms
13ms XHR
application/json 185.33.221.91

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 -, , ASN (),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 03:13:59 GMT
X-Proxy-Origin: 216.131.114.37; 216.131.114.37; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 79b2cbc3-a60e-4184-a6b5-80130f79c8a4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://observer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-models.bin Show response
cdn.permutive.com/models/v2/ 423 B
1 KB 148ms
64ms XHR
application/x-binary 104.19.150.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/v2/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-models.bin
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.150.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 634303d6427df14400395dff1ac7e11b992fc9957d58edf4b09c283bf176e160

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
x-guploader-uploadid: ADPycdvX6mzPnhGkok85mPHwlb4-KW5uq9dh9SNEyYZGpmI-9dyNWgt5KfJGmOmk_4Uz7cKrqHLNWacYwDDMoMgL1Qs
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/x-binary
content-length: 420
last-modified: Tue, 26 Oct 2021 06:01:40 GMT
server: cloudflare
etag: "7dd2be6b423b477ba6b9d7c3afd788d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=lYlIDQ==, md5=fdK+a0I7R3umudfDr9eI1A==
x-goog-generation: 1635228100850406
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300, no-transform
x-goog-stored-content-length: 420
accept-ranges: bytes
cf-ray: 6a48c069cfab4126-PRG
expires: Wed, 27 Oct 2021 03:13:59 GMT

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 266 B
438 B 312ms
27ms XHR
application/json 34.107.254.252

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: b5ec27c3b1d5b0b96efbbb058c20bc71764dc670e8da287ede2cf408822ed1f9

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 184
via: 1.1 google

GET
BLOB 200
OK f24f3485-a959-4566-9a05-d2c0e08294a1
https://observer.com/ 69 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/f24f3485-a959-4566-9a05-d2c0e08294a1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ea1a648f3861513f9ce468edbe49f978c08bd6711d22b9137f5d23e0ef11a49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length: 70590

GET
BLOB 200
OK b884afe4-7564-4b78-b06e-2c976d11c4d1
https://observer.com/ 22 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/b884afe4-7564-4b78-b06e-2c976d11c4d1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f40e71d73e1fdf15791bd064a51225dab2b5da9afbbde55b592539a91cd04dae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length: 22401

POST
H3 200 / Show response
www.facebook.com/tr/ Frame AC05 0
18 B 50ms
21ms Document
text/plain 157.240.20.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.20.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-frt3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 3770
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://observer.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://observer.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
date: Wed, 27 Oct 2021 03:13:59 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/ 73 KB
13 KB 53ms
42ms Fetch
application/x-javascript 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: EBsOpg7Elu1REC0UgglQbw==
age: 9300
vary: Accept-Encoding
content-length: 12888
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:33 GMT
server: cloudflare
etag: 0x8D8872AA6D573E5
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8a4bba8c-e01e-00b2-2756-b2239c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c06a7fbc4108-PRG
expires: Wed, 27 Oct 2021 07:13:59 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 133 KB
36 KB 116ms
49ms Script
application/javascript 99.84.152.64

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.152.64 -, , ASN (),
Reverse DNS
Software: Server /
Resource Hash: da263eff6489f28a35d328a1a5895db9adb14c22c40cd35d0afce85414cac701

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: PBfT87Jypy1l_3XKxwEwol.gybzOM7El
content-encoding: gzip
etag: e2b905aea413c4d7479fb2bb9cbc6c65
age: 391
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0M67JEF8PW0ARFTCMKHE
date: Wed, 27 Oct 2021 03:07:31 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 969e7c67b62bdfae78f727a06e4512c3.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: rSF-Dm-KRmm-Oz57tyL8sdgsi1OzQUZ2RqRN-oaSOpTr2hWCeC3hJw==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 89ms
26ms Script
text/javascript 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f3732a2e63630899d49b5dfc4e8664335886400b66dba1d5fbc653dd5661d6f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1025 / 882 of 1000 / last-modified: 1635286009"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27289
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Oct 2021 03:13:59 GMT

POST
H2 200 identify Show response
api.permutive.com/v2.0/ 50 B
324 B 74ms
47ms XHR
application/json 34.107.254.252

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: 9ad0ceac0063ab4e5593b64cf74092be0e526423ab59e6915e6926b0574fa646

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 70
via: 1.1 google

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
427 B 113ms
101ms Image
image/gif 54.146.124.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=47&ntv_ui=95e80a5c-1b22-4303-9bfc-02d7176dcb7e&ntv_a=-fYGAND5PA96kQA&ntv_fl=CF4se3gYGjAPzQcMJoAeWTLunWOKm480ihA5hwo2yCcrfSoC8_RbX2LAExRU3oyGm7E2GpwJjyAsgUJXzUoD7mYXQiOS2IORPYBh99LNS82QKqCh7mMeR4uoaw7TNgmuP7DIUvGl1Nbur7M0XIW_LiJqBS9Yo2trV1l8Yk9SBqEQU_3mEVnwDtnM8mFb0c2yt2ihWt70iK0zFxY_KPTKZHD8owHcC5Xjv_VfaGUWlUY=&ord=-624653498&ntv_ht=9sN4YQA&ntv_tad=16&ntv_ift=0&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.124.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-124-230.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:13:59 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 13 KB
4 KB 55ms
19ms Fetch
application/json 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: nLr4hEi4fuLY/p0DQsLcMA==
age: 706772
vary: Accept-Encoding
content-length: 3343
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D721792550E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 87563241-c01e-00ea-7d73-c427e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c06bb8494108-PRG
expires: Thu, 04 Nov 2021 03:13:59 GMT

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 62 KB
15 KB 35ms
20ms Fetch
application/json 104.16.148.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.148.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ue/MTNcIjSCNWtleQfbrzg==
age: 706772
vary: Accept-Encoding
content-length: 14986
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D7217E98574
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 79ca464b-101e-012b-4073-c4ea0b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6a48c06bc84e4108-PRG
expires: Thu, 04 Nov 2021 03:13:59 GMT

GET
H3 200 pubads_impl_2021102101.js Show response
securepubads.g.doubleclick.net/gpt/ 356 KB
120 KB 51ms
24ms Script
text/javascript 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7746c1c5183c0461a0296140659b9c16d75cc4b274861ff009585bc1a0fc7142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 122596
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 08:35:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Oct 2021 03:13:59 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 144 B
128 B 78ms
49ms XHR
application/json 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=observer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

65c970e246e7bcd955322221130818561ce265f44cfbdc49d7957a7c1885c2d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 103
x-xss-protection: 0
expires: Wed, 27 Oct 2021 03:13:59 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 119ms
29ms XHR
application/javascript 99.84.152.64

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.152.64 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: c91ZTIbLZrDqT0mloV_AD7.LNsTlhW69
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
x-amz-cf-pop: TXL52-C1
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 01:02:33 GMT
server: AmazonS3
date: Wed, 27 Oct 2021 03:13:59 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 fa133af2508a341e1ff6bfff526ba095.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-id: McZWBttEnE_huEV_Eexen3kGXdoEXeTPS-YpYb6ul4E_DH8oXtY7XQ==

POST
H2 200 tpd Show response
api.permutive.com/v2.0/ 2 B
96 B 24ms
22ms XHR
application/json 34.107.254.252

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/tpd?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 22
via: 1.1 google

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 montserrat-v15-latin-600.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 19 KB
19 KB 34ms
12ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-600.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

sec-fetch-mode: cors
origin: https://observer.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: hcpermutive_uuid=091fecd1-1eda-453d-bcdc-b857f969b402; sailthru_pageviews=1; _gid=GA1.2.1886347526.1635304436; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}; sailthru_visitor=aea3794b-e92b-4307-9439-ef13af029418; _ga=GA1.2.1141453447.1635304436; _dc_gtm_UA-1212249-1=1; ntvSession={"id":5619837,"placementID":1092087,"lastInteraction":1635304438374,"sessionStart":1635304438374,"sessionEndDate":1635379200000,"experiment":""}; __qca=P0-1044573503-1635304438486; _fbp=fb.1.1635304438668.484358679; _ga_T9PLB60R8S=GS1.1.1635304436.1.1.1635304438.0; _cb_ls=1; _cb=Brv6XxCtSUVvC9x3O8; _chartbeat2=.1635304439034.1635304439034.1.DGeoyQDtPvlVDsX3QU4I4gwDqBS9Z.1; _cb_svref=null; permutive-id=54bbcdc0-496b-481b-bdbd-c55cedadc892; permutive-session=%7B%22session_id%22%3A%2246c21adb-df73-4506-8709-1d2eab84f364%22%2C%22last_updated%22%3A%222021-10-27T03%3A13%3A59.222Z%22%7D; OptanonConsent=isIABGlobal=false&datestamp=Wed+Oct+27+2021+03%3A13%3A59+GMT%2B0000+(GMT)&version=6.9.0&hosts=&landingPath=https%3A%2F%2Fobserver.com%2F
:path: /wp-content/themes/newyorkobserver-2014/dist/fonts/montserrat-v15-latin-600.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: observer.com
referer: https://observer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://observer.com/
Origin: https://observer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:13:59 GMT
vary: X-Mobile-Class, Accept-Encoding
age: 20
x-cache: hit
content-length: 19264
x-rq: hhn2 0 4 9980
last-modified: Tue, 26 Oct 2021 18:24:10 GMT
server: nginx
etag: "617847ca-4b40"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Oct 2022 03:13:59 GMT

GET
H/1.1 200
OK 1x1-pixel.png
ams-pageview-public.s3.amazonaws.com/ 68 B
448 B 533ms
120ms Image
image/png 52.216.179.27

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=1e511584efcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.179.27 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 03:14:01 GMT
Last-Modified: Mon, 26 Oct 2020 16:52:19 GMT
Server: AmazonS3
x-amz-request-id: K5SNKM2P33R3TMSR
ETag: "91e42db1c66c0b276abf6234dc50b2eb"
Content-Type: image/png
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 68
x-amz-id-2: DTYnPIwkZ9FjfDIxOdRyZIrpmNJoqsQc7fssSCHViP4i6VX29HNKsb8oCAANSmaRhiasSjHAC8M=

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
179 B 19ms
19ms XHR
application/json 34.107.254.252

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: 87c7b9cada7db442df077370aea44822c15cd96244f045fae8ca775d32e01ce1

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:14:00 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 111
via: 1.1 google

GET config
c.amazon-adsystem.com/cdn/prod/ 0
0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
491 B 60ms
60ms XHR
text/javascript 99.84.152.64

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fobserver.com%2F&pid=SD79IlNPIurLw&cb=0&ws=1600x1200&v=7.69.01&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22133348250%2Fobserver_leaderboard_atf%22%7D%5D&schain=1.0%2C1!hashtag-labs.com%2C1010%2C1%2C%2C%2C&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.152.64 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:00 GMT
via: 1.1 969e7c67b62bdfae78f727a06e4512c3.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: TXL52-C1
x-amz-rid: RBZ6AZ2XCC2N7CNP0Y41
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: NNe935Gqvbd5OdWOAskB6MXXm7QoMVeA661dILoCH6_5XCRT3XgIKA==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
520 B 51ms
16ms Script
application/javascript 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=observer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 03:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 99 KB
29 KB 314ms
314ms XHR
text/plain 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2653300684343493&correlator=3768009387459280&output=ldjh&impl=fifs&eid=31063136%2C31063272%2C31062524%2C31063140&vrg=2021102101&ptt=17&sc=1&sfv=1-0-38&ecs=20211027&iu_parts=22133348250%2Cobserver_leaderboard_atf%2Cobserver_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%7C970x90%7C970x250%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7C&eri=1&cust_params=permutive%3D28393%252Crts%26is_testing%3Dno%26is_home%3Dyes%26pagetype%3Dhome%26url%3Dhttps%253A%252F%252Fobserver.com%26tag%3D%26author%3D%26articleID%3Dsection_home%26brandsafe%3Dyes%26section%3Dsection_home%26servead%3Dyes%26htlbidid%3D7190&cookie_enabled=1&bc=31&abxe=1&lmt=1635304440&dt=1635304440891&dlt=1635304435790&idt=4346&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C-12245933&adys=215%2C-12245933&adks=456377231%2C3018060230&ucis=1%7C2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fobserver.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x0%7C0x0&msz=728x0%7C0x0&ga_vid=1141453447.1635304436&ga_sid=1635304441&ga_hid=1552079825&ga_fc=true&ga_cid=1886347526.1635304436&fws=4%2C132&ohw=1600%2C1600&btvi=0%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3b8c571c254686307c5b825058ab215885ba80e7367602f40fb4ba0f1694a200

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29165
x-xss-protection: 0
google-lineitem-id: -1,5658459797
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,138344978924
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C6E5 6 KB
4 KB 74ms
13ms Document
text/html 142.250.186.65

General

Check archive.org

Show headers Download Go to

Full URL

https://e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 03:14:00 GMT
expires: Thu, 27 Oct 2022 03:14:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 state Show response
api.permutive.com/v1.0/ 0
87 B 38ms
35ms XHR
text/plain 34.107.254.252

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 -, , ASN (),
Reverse DNS
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
content-encoding: gzip
server: Permutive
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
access-control-allow-origin: https://observer.com
access-control-max-age: 86400
access-control-allow-credentials: true
alt-svc: clear
content-length: 20
via: 1.1 google
access-control-expose-headers: *

GET
H3 200 container.html
e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CFCC 0
0 38ms
16ms Document
text/html 142.250.186.65

General

Check archive.org

Show headers Download Go to

Full URL

https://e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.65 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 03:14:00 GMT
expires: Thu, 27 Oct 2022 03:14:00 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 26ms
25ms Fetch
image/gif 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss904InVe9wWlfyJAlKAxgyHpx8BC2i-pO24K1fZXuwkFWAmVYJ-PzeYb_RkN745vID-e4IKx5wNzumolFCgIqAK8XncnilF6EYgK4SKlZhXfagkiMoVzqoECMCJwpcO9KoCeiPhh_9NbLNHo5-SQDs4w3Wz3au8Wm2jOY3dqeKRiUFBfZ3RM_Lk7ApqOTb8Z8osh7YJX51ofO5cAugls6Wv7hZxDYJomga-frDZuTT37Nt22jBgZFbnzHziHghyv0bhbjbHPmbnfdFEYGLxjreW_bxzjvoG4-2yQftSc1Tj08xVEuOdg&sai=AMfl-YTq6tER7cpfkFjux7D80lNnx0xpL590upPK5nnKi2Gm1hp7wUVD17xpaGK1yx87FotNwQ2c4Y87BNF0LVT3WE6HE4T5-03ccIKT3-MMnHI_N3jSUZxwH_VkFkLVwX3j&sig=Cg0ArKJSzMyLpk_ZWWWOEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 03:14:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 27 Oct 2021 03:14:01 GMT

GET
H2 200 iframebuster.js Show response
assets.bounceexchange.com/assets/bounce/ 1 KB
1 KB 66ms
17ms Script
text/javascript 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/iframebuster.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 10079154e527bdf6a403e0b5ad9ac73e95ac886c5caf47e8b37b5c9147cd7d76

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 27 Oct 2021 03:10:27 GMT
content-encoding: gzip
age: 214
x-guploader-uploadid: ADPycdshRn3c_Q4JkqpvtCimFciuPDC9mOVWSBYBafQy81Wk-BDF4Np0zL5KfQ-ByIAA2D8XXwVoJykfj-z_QTqutW16UB9miA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 539
last-modified: Thu, 25 Jul 2019 15:10:59 GMT
server: UploadServer
etag: "0cfef24c569b42826ee2e88465d4bfb6"
vary: Accept-Encoding
x-goog-hash: crc32c=DjYwig==, md5=DP7yTFabQoJu4uiEZdS/tg==
x-goog-generation: 1564067459897939
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public, max-age=1800
x-goog-stored-content-length: 539
accept-ranges: bytes
content-type: text/javascript
expires: Wed, 27 Oct 2021 03:40:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 120 KB
37 KB 73ms
39ms Script
text/javascript 216.58.212.162

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Oct 2021 03:14:01 GMT

GET
H2 200 i.js Show response
tag.bounceexchange.com/4256/ 3 KB
2 KB 101ms
10ms Script
text/plain 34.120.253.250

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/4256/i.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/iframebuster.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 -, , ASN (),
Reverse DNS
Software: fasthttp /
Resource Hash: 9ad14af24ab8e3320212130a697dc78898c4ca901c4da623ce75a82a8f50e6fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 02:27:59 GMT
content-encoding: gzip
server: fasthttp
age: 2762
etag: 91f7e668aa8a76
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public,max-age=60
x-region: us-central1
timing-allow-origin: *
alt-svc: clear
content-length: 1380
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect

GET
DATA 200
OK truncated
/ 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e49f0d2316329b18569fad86bfcf597b4a77f32b6aafe81cbd3ad333cb64428f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 512 KB
122 KB 24ms
21ms Script
text/javascript 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/4256/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 0e46267ac9b01d2c091d7b36d16c7fe43d52287fe8ed0a65175315429177d70a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 14:16:10 GMT
content-encoding: gzip
age: 133071
x-guploader-uploadid: ADPycdsuqe7wprQPBpLYz6m3aVAHOLFU-cdGZy9HlByRiFQvf6cQWXcLvM7lfoWGo9wMW2ERJf492YER-qmHM_dXsac
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 124417
last-modified: Mon, 25 Oct 2021 14:16:03 GMT
server: UploadServer
etag: "7e9e7bc92882ea5fd3477edc63094871"
vary: Accept-Encoding
x-goog-hash: crc32c=xBYxRA==, md5=fp57ySiC6l/TR37cYwlIcQ==
x-goog-generation: 1635171363788995
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 124417
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 25 Oct 2022 14:16:10 GMT

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 266ms
22ms XHR
application/json 172.217.16.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 03:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8722
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 30ms
29ms Fetch
image/gif 142.250.184.194

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstP5h51wC_UARP43fklH_2BnWGefcatMN6xdCCGbBZ0gkLN8q1jKszxqZ3fBPURBwa_PhCawl4ojNR4m-fkAOHSvue58OWV6WTWemo_vWPlFYPLLeJKSz9KuHRgDI8E-BpRa4L2V4pykILRp8WlwKBNJc764CS6g8QQAi6tofoeVtV-gC0piPhUdfPMsBLHyc5jr28buKxPJkxv6F8At-HfvoJbb1VhaebWzuCFJK892Roi7168aV6WSjzfJHlFJmT9PiV47y8qC_GowoabXr-ym2_A6SH3B5PZ9tpO0DaRKT_qMUCzxq3c&sai=AMfl-YTuxPsIHKKo-vWSY6s6vsJc4zA2ji_IQ1V1QcYWKp8o_w_0_u0NmkRRnS_d7d7RayxRCCoxLrH5g8ZR3cpFNJytVV7aTXIh7mgN-XfDSh3-wsbrh8Slx0nr4CSLU2L5&sig=Cg0ArKJSzH3TPYOdH8jvEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 03:14:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 27 Oct 2021 03:14:01 GMT

GET
H2 200 local_storage_frame16.min.html
assets.bounceexchange.com/assets/bounce/ Frame ED5A 2 KB
1 KB 40ms
17ms Document
text/html 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

:method: GET
:authority: assets.bounceexchange.com
:scheme: https
:path: /assets/bounce/local_storage_frame16.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

x-guploader-uploadid: ADPycds3iultl-OiXiXVjTmx2d9aEWqX5XYJ6BkSKFJlH8yrtRz49Yq8DcJgBuLZ_78MpNEojhu2vzh83a8IlYVtorQ
date: Mon, 11 Oct 2021 10:19:02 GMT
expires: Tue, 11 Oct 2022 10:19:02 GMT
last-modified: Wed, 06 Oct 2021 17:27:00 GMT
etag: "09a83cb549c69e99ab7c839954a5c305"
x-goog-generation: 1633541220332868
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-goog-hash: crc32c=tDM32Q== md5=Cag8tUnGnpmrfIOZVKXDBQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1055
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
server: UploadServer
cache-control: public,max-age=31536000
age: 1356899
alt-svc: clear

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 321ms
44ms Script
text/javascript 142.250.184.193

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 27 Oct 2021 03:14:02 GMT

GET
H2 200 init1.js
api.bounceexchange.com/bounce/ 14 KB
4 KB 130ms
37ms Script
text/javascript 34.117.4.53

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBmAVmIAYAWGgJnwHYAOTYALxCgswHcBTAEY5UwPgH1UAEyhVapQpgBOfHCAA2cNBgKEKFAB75aepXxh9FyxVGwBDNWtQIA5mLiK1UABbBgABxwAUmIAQUDaADFwiJAhCwA3CwA6JBAAW2jMeNRhYDFUkABrVD4oQIYAIXDaNT9q4LDaWh9-ILlQ8NJIzsjYnATk1Iy5bqbwgGFqxXqOsbGGABFsECKSssrypYLi8VAQMTVbRWdSmHt+zAE-Lkw+fygAbQBdTD9gPGW0v0dbZHEYQ7OGzxLy2KBAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:02 GMT
content-encoding: gzip
last-modified: Wed, 27 Oct 2021 03:14:02 GMT
server: istio-envoy
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 10
content-type: text/javascript;charset=UTF-8
alt-svc: clear
via: 1.1 google
expires: 0

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0F3D 14 KB
5 KB 397ms
4ms Document
text/html 2.18.233.180

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=156512
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=62803
expires: Wed, 27 Oct 2021 20:40:45 GMT
date: Wed, 27 Oct 2021 03:14:02 GMT
vary: Accept-Encoding

GET
H2 200 2132780726321204327
dfp.bouncex.net/pub/segment/4256/ 2 B
175 B 406ms
27ms XHR
application/json 34.117.4.53

General

Check archive.org

Show headers Download Go to

Full URL: https://dfp.bouncex.net/pub/segment/4256/2132780726321204327
Requested by: Host: observer.com
URL: https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Referer: https://observer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
via: 1.1 google
server: istio-envoy
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
alt-svc: clear
content-length: 2

GET
H2 200 creatives-base-styles.d63dbc50.min.css
assets.bounceexchange.com/tag/css/ 37 KB
37 KB 21ms
21ms Stylesheet
text/css 34.98.72.95

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/tag/css/creatives-base-styles.d63dbc50.min.css
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_6fdbcb40b8be3562f767391dc1644ec2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 04:08:16 GMT
age: 428746
x-guploader-uploadid: ADPycdvVaSwR7wtjSu4Abkc3K5exZYwOVjspHzq3R-tRJwz_pEta7UAnjjPx4jXntwtjHPjoR-QeJmUVefc_UrZzhxVNC3EptQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 37591
last-modified: Thu, 29 Apr 2021 19:42:40 GMT
server: UploadServer
etag: "b79200767ce874ab5c16c317f730a7c6"
x-goog-hash: crc32c=dfY1Tg==, md5=t5IAdnzodKtcFsMX9zCnxg==
x-goog-generation: 1619725360267850
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 37591
accept-ranges: bytes
content-type: text/css
expires: Sat, 22 Oct 2022 04:08:16 GMT

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
176 B 126ms
113ms Image
image/gif 34.117.4.53

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLoATjkWRnV6FzdVOTYAZRQAMxQkECd6V3dVADJQCBgkBFrkXqQcTvAoaAo+HjRTdARYJFIcNMhIU2FqFuMaejptugIbRCRgZEZ47L3aEe7oXrACUlhIEAJMXRxJVWZma7G7h6eL0wAE8Pjofl0xvF4JBssAGiAUDZLGAcJQXEoXAARX4wc4ECIgBBojE0ai1YCQMnyYyfOQtZjqJnUEJk0C8alyWkVBlM9TUah5VSSIWsgUoAic4ysaihAWkUxSsnLVbrTaXS4HI4nJBnC4bXYCsXUFDrFlcmVy6jAUzAKWSY0co1cslOlmyslIJVGn1W+KU+08uSM5nGiBumkAWgdHoFaHiXudxg2xqyUstrpAEZdAuokjk1BcAA5mC5qBU8zp1AWXNTY9RSAGk3TeaH6-EUFkZiA0JgzTT0do88H6OpmDHzVtSQLgHakxn5U3Jy3g3yWdj0VjjXPJ4PN5v2vBkLNsNAbJkhMgcOlMjlD0cTzAdRBXjgCkUSmVGBV78eMKeLBQSBagIJAshwFR+CEKQfiPVB-xgXgEFAeIEEgYFTGJJCwAiWFTHaaEwFhHIkGgNJTXOTAdUgBBeBwH4MAIaBzlgbAkGBc4kJwABVKp2kY5iCFYyB2M4hA5B4qpjH4hAmJYtjgUwTtiW4zAoFo6pICAhAwBkuTXmeTAsEgMScBEaSsgILifgEWxugQLMcH5egOkhZ46JXEN+UFYUhXaJCUIcujh0LEsywrSQqxrdoZgwUAEAERzJHaRAAEdYCwVDHJ+eJwmM54ciIztTA+IMvOoORJCLAi8uwFBTBAZ8gRwLS0DkfzkJAVCcF4FKhKQbrbJsdpHxwOCgA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:02 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 83
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
105 B 126ms
114ms Image
image/gif 34.117.4.53

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1NA9gEaESpRsB0AxgwLb0AZKEiwEibskK5+UEKhggm6CIUzEA7ACFNAEWHhocJLwYBrOIRgAvCJioBWAAwHRxxCAB23bA1SIAMwZkTwATRABGUicHABYnCMwXPgZQuxd4CBYYXAgYUMxYxwA2QVgrXHzMCOLSB2jYxqoqAE5iiLbBNNhuPIKqKKoNAA4nDSpagaonWNIh1yMEKojBVgBHZAhvPurBbnQ4T3wYPlVcED5gatr6maa50j2DrfPgGA5UKwZPTHOwR+6MF6mFCq2CqGBmSYgkMR0wUjYQA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:01 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 83
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET push_sync
ssp.behave.com/ 0
0

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7D3A 12 KB
5 KB 84ms
15ms Document
text/html 142.250.184.193

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 26 Oct 2021 20:01:15 GMT
expires: Wed, 26 Oct 2022 20:01:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25967
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame A7A6 783 B
536 B 130ms
51ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YWHNCJniIqIqVLZN61pWfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://observer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 27 Oct 2021 03:14:02 GMT
date: Wed, 27 Oct 2021 03:14:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-YWHNCJniIqIqVLZN61pWfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 PugMaster
image6.pubmatic.com/AdServer/ Frame 0F3D 5 KB
6 KB 95ms
13ms Script
text/html 198.47.127.19

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=1843221&p=156512&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:00 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A7A6 0
0 72ms
41ms Image
text/html 172.217.16.130

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102101&jk=2653300684343493&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
pagead2.googlesyndication.com/bg/ Frame 7D3A 35 KB
13 KB 57ms
28ms Script
text/javascript 172.217.16.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 19:45:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 19:45:57 GMT

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 74AE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50

35 B
467 B

32ms
29ms

Document
image/gif

37.157.6.241

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=6686825970200002063; expires=Sun, 26 Dec 2021 03:14:03 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Wed, 27 Oct 2021 03:14:02 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F7AEC76D-98C6-4EB2-B610-364F869FFB50
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Sat, 27 Nov 2021 03:14:02 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 85C7
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543

42 B
209 B

47ms
41ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=F7AEC76D-98C6-4EB2-B610-364F869FFB50; chkChromeAb67Sec=1; pi=156512:2; DPSync3=1636502400%3A201_197_219%7C1635379200%3A174; SyncRTB3=1636502400%3A230_165_7_222_56_54_88_99_176_161_3_22_234_231_220_55_189_81_13_8_71_166_21_204%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1635897600%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-726654913720295543; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:03 GMT; path=/ PugT=1635304443; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:03 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 03:14:03 GMT; path=/
x-lat: lhrpug001:0:464
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=726654913720295543
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E5AF 43 B
334 B 75ms
22ms Document
image/gif 178.250.0.163

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Wed, 27 Oct 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 317021

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2603
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796

42 B
365 B

97ms
39ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=F7AEC76D-98C6-4EB2-B610-364F869FFB50; chkChromeAb67Sec=1; pi=156512:2; DPSync3=1636502400%3A201_197_219%7C1635379200%3A174; SyncRTB3=1636502400%3A230_165_7_222_56_54_88_99_176_161_3_22_234_231_220_55_189_81_13_8_71_166_21_204%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1635897600%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-7023579097403291796; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:02 GMT; path=/ PugT=1635304442; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 03:14:02 GMT; path=/
x-lat: amspug005:0:395
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Wed, 27 Oct 2021 03:14:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7023579097403291796; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023579097403291796

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame 9B13
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIMGprN0M4WWdBQURUNUd5M0tUQQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH0jk7C8YgAADT5Gy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...

43 B
163 B

87ms
20ms

Document
image/gif

185.86.137.131

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH0jk7C8YgAADT5Gy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.131 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Wed, 27 Oct 2021 03:14:03 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAH0jk7C8YgAADT5Gy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4BCD
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
243 B

84ms
26ms

Document
text/html

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=F7AEC76D-98C6-4EB2-B610-364F869FFB50; chkChromeAb67Sec=1; pi=156512:2; DPSync3=1636502400%3A201_197_219%7C1635379200%3A174; SyncRTB3=1636502400%3A230_165_7_222_56_54_88_99_176_161_3_22_234_231_220_55_189_81_13_8_71_166_21_204%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1635897600%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:02 GMT
content-type: text/html; charset=utf-8
x-lat: amspug007:2:226
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=0fd6c4c0-4753-4895-a741-1d9808722e09; path=/; domain=csync.loopme.me; Expires=Sat, 27-Nov-2021 03:14:02 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Wed, 27 Oct 2021 03:14:02 GMT
server: _

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame C29F
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=845455356
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=845455356
https://sync.1rx.io/usersync/tradedesk/b0901b5a-2084-4bbe-a3c2-95b63caf36f5
https://sync.targeting.unrulymedia.com/csync/RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003

42 B
228 B

23ms
16ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=F7AEC76D-98C6-4EB2-B610-364F869FFB50; chkChromeAb67Sec=1; pi=156512:2; DPSync3=1636502400%3A201_197_219%7C1635379200%3A174; SyncRTB3=1636502400%3A230_165_7_222_56_54_88_99_176_161_3_22_234_231_220_55_189_81_13_8_71_166_21_204%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1635897600%3A223_15_2; KRTBCOOKIE_27=16735-uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&KRTB&16736-uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&KRTB&23019-uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&KRTB&23114-uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79; PUBMDCID=3; KRTBCOOKIE_391=22924-9082289130176231131&KRTB&23263-9082289130176231131; KRTBCOOKIE_1101=23040-7023579097403291796; KRTBCOOKIE_57=22776-300325025199577992; KRTBCOOKIE_336=5844-726654913720295543; KRTBCOOKIE_80=22987-CAESEDC5fhopxGDvHxBlnGABpIE&KRTB&16514-CAESEDC5fhopxGDvHxBlnGABpIE&KRTB&23025-CAESEDC5fhopxGDvHxBlnGABpIE; SPugT=1635304441; KRTBCOOKIE_153=19420-yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h&KRTB&22979-yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h; KRTBCOOKIE_22=14911-3042841183873246856; PugT=1635304442; KRTBCOOKIE_377=6810-b0901b5a-2084-4bbe-a3c2-95b63caf36f5&KRTB&22918-b0901b5a-2084-4bbe-a3c2-95b63caf36f5&KRTB&23031-b0901b5a-2084-4bbe-a3c2-95b63caf36f5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17107-RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:02 GMT; path=/ PugT=1635304442; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 03:14:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 03:14:02 GMT; path=/
x-lat: amspug010:0:403
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003%22%7D; path=/; expires=Thu, 27 Oct 2022 03:14:03 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-c53869dd-eb1a-4562-a9f6-b874d9e99139-003
etag: RXc53869ddeb1a4562a9f6b874d9e99139003

GET
H2 404 dpe
ad4m.at/ad/ Frame 9179 15 B
915 B 75ms
33ms Document
text/plain 104.26.11.209

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.11.209 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a48c080bf152798-PRG

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8C4B
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi

42 B
110 B

99ms
36ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=F7AEC76D-98C6-4EB2-B610-364F869FFB50; chkChromeAb67Sec=1; pi=156512:2; DPSync3=1636502400%3A201_197_219%7C1635379200%3A174; SyncRTB3=1636502400%3A230_165_7_222_56_54_88_99_176_161_3_22_234_231_220_55_189_81_13_8_71_166_21_204%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1635897600%3A223_15_2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 03:14:03 GMT; path=/
x-lat: lhrpug002:0:405
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Wed, 27 Oct 2021 03:14:02 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=yG3XowaBOtRecLja63o4Xtvi; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=yG3XowaBOtRecLja63o4Xtvi
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame D60D 43 B
408 B 107ms
30ms Document
image/gif 173.231.180.197

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Wed, 27 Oct 2021 03:14:03 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-1
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 76F9
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
411 B

192ms
186ms

Document
image/gif

104.18.13.5

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.13.5 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: ANON_ID=a6noeUMZaACmpqGpU8If1rR3FZakYG6PQcKj7B3Han
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aBnseFqZbaOE6iPq6fHjgdAYVBsG5ybhx1NUV64fqodl7MsOcMtiqVSt2Lre33rwTKr2prmTuSWWrnjlHEIGZb; path=/; domain=.tribalfusion.com; expires=Tue, 25-Jan-2022 03:14:03 GMT; SameSite=None; Secure; ANON_ID_old=aBnseFqZbaOE6iPq6fHjgdAYVBsG5ybhx1NUV64fqodl7MsOcMtiqVSt2Lre33rwTKr2prmTuSWWrnjlHEIGZb; path=/; domain=.tribalfusion.com; expires=Tue, 25-Jan-2022 03:14:03 GMT;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a48c0821fad4137-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 137
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=a6noeUMZaACmpqGpU8If1rR3FZakYG6PQcKj7B3Han; path=/; domain=.tribalfusion.com; expires=Tue, 25-Jan-2022 03:14:03 GMT; SameSite=None; Secure; ANON_ID_old=a6noeUMZaACmpqGpU8If1rR3FZakYG6PQcKj7B3Han; path=/; domain=.tribalfusion.com; expires=Tue, 25-Jan-2022 03:14:03 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a48c080befb4137-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 141
match.deepintent.com/usersync/ Frame 6E1F 0
44 B 368ms
110ms Document
text/plain 38.91.45.7

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 -, , ASN (),
Reverse DNS
Software: c /
Resource Hash

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Wed, 27 Oct 2021 03:14:02 GMT
server: c

GET
H2

200

rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame EFF3
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
76 B

35ms
26ms

Document
text/plain

151.101.129.44

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: t_gid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Wed, 27 Oct 2021 03:14:03 GMT
via: 1.1 varnish
x-served-by: cache-hhn4041-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1635304443.042890,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 27-Oct-2022 03:14:02 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=eb3619e1-7a7e-4d46-b38a-0772a59ddd01-tuct872497a&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Wed, 27 Oct 2021 03:14:02 GMT
via: 1.1 varnish
x-served-by: cache-hhn4041-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1635304443.986522,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0F3D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=967HbZjGTrK2EDZPhp_7UA%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

12ms
11ms

Image
text/html

2.18.233.180

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=62802
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Wed, 27 Oct 2021 20:40:45 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=801a6178-c3fa-4300-a53d-daf72be4ef3e

0
260 B

75ms
14ms

Image
text/plain

198.47.127.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=801a6178-c3fa-4300-a53d-daf72be4ef3e
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 03:14:03 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=801a6178-c3fa-4300-a53d-daf72be4ef3e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 03:14:02 GMT

GET

match
d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/ Frame 0F3D
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=F7AEC76D-98C6-4EB2-B610-364F869FFB50
https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m
https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1d4d5d6d15bd2c7c
https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1d4d5d6d15bd2c7c
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MlJmODd4bk1kYnU2TF80MHc2SUJTUkZKbHJEWGVlX1dmdHg5d1YyR25sUFE&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&...
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_gid=CAESEO5k_N8aV02kTVsRDMNSSqo&google_cver=1
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90

0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjdBRUM3NkQtOThDNi00RUIyLUI2MTAtMzY0Rjg2OUZGQjUw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
341 B

42ms
36ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug006:0:405
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDC5fhopxGDvHxBlnGABpIE&google_cver=1

42 B
283 B

48ms
42ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDC5fhopxGDvHxBlnGABpIE&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug007:0:461
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDC5fhopxGDvHxBlnGABpIE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 0F3D 43 B
610 B 92ms
25ms Image
image/gif 159.253.128.183

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 26 Oct 2021 03:14:03 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&gdpr=0&gdpr_consent=

42 B
513 B

35ms
35ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug004:0:392
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 03:14:03 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x25 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:5b726178-c3fa-4500-aa6e-2ed8b3fcbe79&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 03:14:02 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=9082289130176231131

42 B
232 B

39ms
38ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=9082289130176231131
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug006:0:444
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=9082289130176231131
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b0901b5a-2084-4bbe-a3c2-95b63caf36f5

42 B
293 B

14ms
14ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b0901b5a-2084-4bbe-a3c2-95b63caf36f5
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug008:0:386
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b0901b5a-2084-4bbe-a3c2-95b63caf36f5
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=300325025199577992&gdpr=0&gdpr_consent=

42 B
289 B

42ms
37ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=300325025199577992&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug008:0:448
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 03:14:03 GMT
X-Proxy-Origin: 216.131.114.37; 216.131.114.37; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 63d95174-200a-4a0c-a64b-45d05546082d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=300325025199577992&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h

42 B
350 B

28ms
26ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug015:0:414
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yPER-Z3zQPfT90fwmqYL9M6mRKfT9kD2n6O3BH8h
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F7AEC76D-98C6-4EB2-B610-364F869FFB50&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F7AEC76D-98C6-4EB2-B610-364F869FFB50&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fo.59IhE2uWDOnVvq9vaa311ICrFMV0-~A&gdpr=0&gdpr_consent=

0
48 B

14ms
13ms

Image
text/plain

198.47.127.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fo.59IhE2uWDOnVvq9vaa311ICrFMV0-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:01 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 03:14:03 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fo.59IhE2uWDOnVvq9vaa311ICrFMV0-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 F7AEC76D-98C6-4EB2-B610-364F869FFB50
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 0F3D 43 B
839 B 147ms
44ms Image
image/gif 212.82.100.176

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/F7AEC76D-98C6-4EB2-B610-364F869FFB50?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.176 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

bidswitch
event.clientgear.com/cookie/ Frame 0F3D
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=59da657b-5f16-44e0-8b78-6e706103df7c

0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjD_wAMOQdvuwA6&gdpr=0&gdpr_consent=&_test=YXjD_wAMOQdvuwA6

1 B
394 B

16ms
14ms

Image
text/html

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjD_wAMOQdvuwA6&gdpr=0&gdpr_consent=&_test=YXjD_wAMOQdvuwA6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: amspug017:0:403
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1635304443.300963,VS0,VE0
x-served-by: cache-hhn4034-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjD_wAMOQdvuwA6&gdpr=0&gdpr_consent=&_test=YXjD_wAMOQdvuwA6
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 0F3D 0
104 B 98ms
22ms Image
text/plain 89.207.16.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=F7AEC76D-98C6-4EB2-B610-364F869FFB50&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.207.16.201 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3042841183873246856&gdpr=0&gdpr_consent=&us_privacy=

1 B
167 B

13ms
12ms

Image
text/html

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3042841183873246856&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug002:0:398
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3042841183873246856&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 27 Oct 2021 03:14:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=71047368-f923-4ecd-8890-08f0d600715c-6178c3fb-5553&gdpr=0&gdpr_consent=

42 B
232 B

25ms
24ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=71047368-f923-4ecd-8890-08f0d600715c-6178c3fb-5553&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug022:0:426
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:02 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=71047368-f923-4ecd-8890-08f0d600715c-6178c3fb-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET pubmaticmatch
match.adsby.bidtheatre.com/ Frame 0F3D 0
0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0F3D
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=300325025199577992

42 B
110 B

24ms
24ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=300325025199577992
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:14:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug001:0:439
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 03:14:03 GMT
X-Proxy-Origin: 216.131.114.37; 216.131.114.37; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f40557c7-af2f-428a-9086-2b5488613221
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=300325025199577992
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame 0F3D 35 B
238 B 105ms
35ms Image
image/gif 34.254.122.11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.122.11 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 28ms
27ms Image
image/gif 172.217.16.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102101&jk=2653300684343493&bg=!3d6l3prNAAbUs_yW1LM7ACkAdvg8WhX8MOM5bRbmOyNxycOF9VeHlTynnPuV-oW4Xwej1gdaQt6YPgIAAAGgUgAAAA1oAQcKANTqxfqCWgdTYaptLaksNwROyNr03emIw9fp9BMx5Q7oEPiNiSq5OFRZr2fKZHdnbhLrtbJyNni7mSwFccmBd3cjrKCy-ZRqB4ftJkrjHaTcGxLW2J8j8rERqRt5-x3jYFfp8Zr4K6hMp6y1GSih7xJWt-NTdg5WAOfOaJuDPxrpGref7b9H9TAtkFjS1H79bVVUKStXTN9wtIrlI1_jieTLG5kpuPbQs6tnZ4rKwwKv8betL4GyvbZcYSsUB54ncN-zg8-VFWVyoHVUSJrQRCAi2UskPJkCq-ERzP6igH8TKm8FpoG6N9Wnp4B0Pd4xKhUvtYc0dX6WkC4cMnhjeM-IILG22sSgapM19XygMz8xtRcPSgPrNgOjJaZ_tydVdTppuSzrZ_AmqD4kv_KhXRhPsdhn0s1MuIJ1qoMdkZD8jR5Ec0UhgKNgKfMmyaL-Rekzi_2uyz-JknlCj0VAS2m5y56Wqc5x4xBRh--Cb2sntRfo4jiV1QOUDoCMBxSATn8bKym3rgx4R3JiM4_wDJHK5mROzCigJeIROO9_8IE-SY6L0nr4BWCC99BaBDu3d48EgepN6N2cpvGJo9154c3JaeRGBls3b2ljgD9p_o86xdHE6fuy-oGk8qDlNj5KGfYBciMyVfVkOgm3m3AdBYkubNwPT8YznKiANPH_z7VYS131eCK926aG-KZ0_fNjUWhDcYsFPk-1jo5zd3ETCAKq0nGqgpG_CDAc43qWXtmMqAJw0UmMnX0dnhibEcpg1gch_9HaAl0vfiuvlaPOOKKnkidOc-SzaDcjmqXMC1f0EkF2U12S5eQJq-oarVoACYDTCBicIQa-3Ta4OUnRcGNEZ3-dkgrs-qCGDNv-bNSiuTJ6cDLVOHJhors5D4tGxqAxTn_zBY7ENIjunJGh06DFVcMe5TsJ3eImVOAHmL6GYsI-KFv1xm2WEmgjSpnSqniBVM-i_Ivqu0J7uFGoey6uZJlpcj5iEwxJg1L3BtqtobvO5ZZc85HIjpyl3kHxfdbGmJgdulY9EAeTumvmR4tQRxvbs3JMSB-3UkVcYYDkZ33aTty1N2zaJOcOK_cD1MctcQtZsiI_6dxrBR78g9LTuI-e597RPHIdom9ec2N3UgPf4CswhcaxKiXEVNBjGySDfh5-tZs595zlsYk4MXvrOs6RKm32RmD0eV3VvVCH3brZ

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 03:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com%2F&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d

Domain: ssp.behave.com
URL: https://ssp.behave.com/push_sync

Domain: d.turn.com
URL: https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90

Domain: event.clientgear.com
URL: https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=59da657b-5f16-44e0-8b78-6e706103df7c

Domain: match.adsby.bidtheatre.com
URL: https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
observer.com/	1970-01-21 18:03:04	Name: hcpermutive_uuid Value: 091fecd1-1eda-453d-bcdc-b857f969b402
observer.com/	1970-01-19 22:15:06	Name: sailthru_pageviews Value: 1
.observer.com/	1970-01-19 22:16:30	Name: _gid Value: GA1.2.1886347526.1635304436
.observer.com/	1970-01-19 22:15:06	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1635304436178%2C%22slts%22:0}
.observer.com/	1970-01-20 07:44:28	Name: _parsely_visitor Value: {%22id%22:%22pid=4706b444f3f5f94a2220b7c2758af476%22%2C%22session_count%22:1%2C%22last_session_ts%22:1635304436178}
observer.com/	1970-01-20 07:00:40	Name: sailthru_visitor Value: aea3794b-e92b-4307-9439-ef13af029418
.observer.com/	1970-01-20 15:46:16	Name: _ga Value: GA1.2.1141453447.1635304436
.postrelease.com/	1970-01-20 07:00:40	Name: opt_out Value: 1
.observer.com/	1970-01-19 22:15:04	Name: _dc_gtm_UA-1212249-1 Value: 1
observer.com/	1969-12-31 23:59:59	Name: ntvSession Value: {"id":5619837,"placementID":1092087,"lastInteraction":1635304438374,"sessionStart":1635304438374,"sessionEndDate":1635379200000,"experiment":""}
.scorecardresearch.com/	1970-01-20 15:31:52	Name: UID Value: 1GF2GT6IQUD40WQTRZ2M5Jg1635304438
.quantserve.com/	1970-01-20 07:45:18	Name: mc Value: 6178c3f6-7a1df-50fbf-6f7ac
.observer.com/	1970-01-20 07:39:33	Name: __qca Value: P0-1044573503-1635304438486
.observer.com/	1970-01-20 00:24:40	Name: _fbp Value: fb.1.1635304438668.484358679
.observer.com/	1970-01-20 15:46:16	Name: _ga_T9PLB60R8S Value: GS1.1.1635304436.1.1.1635304438.0
observer.com/	1970-01-20 07:43:52	Name: _cb_ls Value: 1
observer.com/	1970-01-20 07:43:52	Name: _cb Value: Brv6XxCtSUVvC9x3O8
observer.com/	1970-01-20 07:43:52	Name: _chartbeat2 Value: .1635304439034.1635304439034.1.DGeoyQDtPvlVDsX3QU4I4gwDqBS9Z.1
observer.com/	1970-01-19 22:15:06	Name: _cb_svref Value: null
.observer.com/	1970-01-21 00:33:18	Name: permutive-id Value: 54bbcdc0-496b-481b-bdbd-c55cedadc892
.observer.com/	1970-01-21 00:33:18	Name: permutive-session Value: %7B%22session_id%22%3A%2246c21adb-df73-4506-8709-1d2eab84f364%22%2C%22last_updated%22%3A%222021-10-27T03%3A13%3A59.222Z%22%7D
.3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/	1970-01-20 00:27:33	Name: pxid Value: baa169ab-b09a-4e88-b4da-e9e855f808cd
.observer.com/	1970-01-20 07:00:40	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Oct+27+2021+03%3A14%3A00+GMT%2B0000+(GMT)&version=6.9.0&hosts=&landingPath=https%3A%2F%2Fobserver.com%2F&groups=C0003%3A1%2CC0001%3A1%2CC0002%3A1%2CC0004%3A1

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://observer.com/ Message: The resource https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	error	URL: https://observer.com/ Message: Access to XMLHttpRequest at 'https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com%2F&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d' from origin 'https://observer.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com%2F&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d Message: Failed to load resource: net::ERR_FAILED
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.bounceexchange.com/assets/bounce/iframebuster.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.bounceexchange.com/assets/bounce/iframebuster.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102101.js?31063272(Line 5) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://observer.com/ Message: The resource https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co
a.tribalfusion.com
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
adservice.google.com
ak.sail-horizon.com
ams-pageview-public.s3.amazonaws.com
api.bounceexchange.com
api.permutive.com
api.sail-personalize.com
assets.bounceexchange.com
c.amazon-adsystem.com
c1.adform.net
cdn.cookielaw.org
cdn.parsely.com
cdn.permutive.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
csync.loopme.me
d.turn.com
d5p.de17a.com
dfp.bouncex.net
dis.criteo.com
dsp.adfarm1.adition.com
e4ddf0d18ea888fa1071644b746751c4.safeframe.googlesyndication.com
event.clientgear.com
events.bouncex.net
geolocation.onetrust.com
green.erne.co
htlbid.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
jadserve.postrelease.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
ntvcld-a.akamaihd.net
observer.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.wp.com
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s-jsonp.moatads.com
s.ntv.io
s.tribalfusion.com
sb.scorecardresearch.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
srv-2021-10-27-03.pixel.parsely.com
ssp.behave.com
static.chartbeat.com
stats.g.doubleclick.net
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
tag.bounceexchange.com
tpc.googlesyndication.com
trc.taboola.com
um.simpli.fi
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
c.amazon-adsystem.com
d.turn.com
event.clientgear.com
match.adsby.bidtheatre.com
ssp.behave.com
104.16.148.64
104.18.13.5
104.19.150.54
104.20.185.68
104.26.11.209
142.250.184.193
142.250.184.194
142.250.185.130
142.250.185.196
142.250.186.65
142.250.186.78
151.101.129.44
151.101.2.49
157.240.20.19
157.240.20.35
159.253.128.183
162.55.6.210
172.217.16.130
172.217.23.104
172.217.23.98
173.231.180.197
178.250.0.163
18.156.0.31
185.29.132.245
185.33.220.243
185.33.221.91
185.64.189.110
185.64.190.80
185.86.137.131
192.0.66.160
192.0.76.3
198.47.127.19
198.47.127.20
2.16.107.122
2.18.233.180
2.18.234.163
2.18.235.40
212.82.100.176
213.155.156.182
213.19.147.45
216.58.212.162
23.22.200.199
3.33.220.150
34.107.254.252
34.117.4.53
34.120.253.250
34.231.207.29
34.254.122.11
34.98.107.212
34.98.72.95
35.241.9.51
37.157.6.241
38.91.45.7
46.228.164.11
52.16.214.249
52.216.179.27
54.146.124.230
66.155.71.150
74.125.133.155
75.2.40.13
85.114.159.93
87.98.242.60
89.207.16.201
91.228.74.198
99.84.152.64
99.84.156.173
99.84.156.2
99.84.156.67
99.84.156.73
99.84.156.80
99.84.159.109
0088fe12f5d431f21a930ddc7605f11cdd05411121cb89cce1dba2dfacd3fe0b
02d4b5c09660a6caa583ac18d57c2b9ef4733d3db40538a161103bf07671c4b6
03e2ef46ab60facfd5553f87f519f673c7e60368da58e74fa505102347da7779
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0c2dddb5f4b2ec5c23f6af02ddf7154ddb2926ce37d46366829010098c255314
0e46267ac9b01d2c091d7b36d16c7fe43d52287fe8ed0a65175315429177d70a
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10079154e527bdf6a403e0b5ad9ac73e95ac886c5caf47e8b37b5c9147cd7d76
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681
124caf6cc75e9844669d94a8bdc903c55cdde0aff16a60aa42ec08149e3ddcd5
1714ada8ee5a721f6bf04a8f3635fde6c72dc2f6e77bfec80e74835c111378fa
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e
2890470f2b0be06395234095f949c4ec1c06a5306d3bbac08b7ff57b14289f3e
28d574c373356c91c889e09ba74e8de0088ec81b21b172aeba6d4edc5b08fbdc
28e8719cfd2ede354c19d22bd98ee30310470b9eebb2b7e254265a16315e0986
2c209f8785c931051f77a66eb051ca14d4be0354da6c5b29bd09a374d3a4b743
2dd20b5ae5d38e849ee491ff38409bfa925eab1da662cef639d6a2de5ab7843a
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e600ffd74855a94cf1300522e79f2b5ad0b784d914e2f80b63e87397dcabe73
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b
3877ffb9461eb878a47993ddca6152bda7c884f4a8eea272499c547b305a9fc5
3b8c571c254686307c5b825058ab215885ba80e7367602f40fb4ba0f1694a200
3d79d7309cfa98a0ce059d9acfa54b666159874f5ed51f7e8694e5fed05d0ead
3f26621a90831f9a8158752e0fcde1a48200bbb8b5cbec205db00ff343479213
41b60d2262cffca90f6cd644983a2d813336dc959558bdd6ae54b35ef06dd9fb
4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
4b5e988359c30afd1d84b7a5118296f1fc33f4527d530b096ca27aa7fbfef99a
4d0923902fe43fb9b663f70eb6df067dfe70b51c575abd648c87da470527662c
4ea1a648f3861513f9ce468edbe49f978c08bd6711d22b9137f5d23e0ef11a49
5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
60756645bbed6ad3cc3e8be0a057dff15132f22b5b60cbe14e48250980043653
612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5
62893d653961fcd5b137b0a5cb8358f6bd2c0e2d94e16b9165fefc9ae768b3d8
634303d6427df14400395dff1ac7e11b992fc9957d58edf4b09c283bf176e160
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
65c970e246e7bcd955322221130818561ce265f44cfbdc49d7957a7c1885c2d6
6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc
6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05
6dc99f0099433be16452505b2efdedfafaf6dca016be5e4446777d018f218bfc
6dcbd9aa3265194d3306dd54a3db815f9c9c0c1ae5f61dfbd5ee0c69dae7f038
6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6
6f6fb4a5ed73890ce881e4b94a3e971684a44fdead6c1c2a45b31e96ab32de4a
702d7bc763ab7b6becf9c59da5b158b5995c860438fadd91d54c1ef01a7cb369
72d43d4ff0adb982ce42d41ef08e5f88c1854e4c8ea6455771ace93761a067c4
734c9bc8d2376785fecf89760d0711ff420b67e72f9cedf61c3c01041b4a9b09
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0
7746c1c5183c0461a0296140659b9c16d75cc4b274861ff009585bc1a0fc7142
7ab4b1896de91e0599270d4a551a6c40694735d53ba0097b7228fafec969fa9f
7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e
7ffd9ded54779f779de2be92f0f1eb04a48113d5981d1814f41c06d7603a4d95
8089c60121d4ccdfcb08d828b5cbeb5758f57804ed814aa730453457a8942550
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
87c7b9cada7db442df077370aea44822c15cd96244f045fae8ca775d32e01ce1
8c0aab7bc1a479eb609e17700950454cb8b05a24647227587fb789e6b24b7545
8e41a8e6b02e146fe25fa71262a12a24c80ee7e0debfcae0757a4fe6c67de5a9
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
962c8a69b5aa4b1fd6a66b7cf284c08fae36858811b310a876f57a2e95828777
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89
9ad0ceac0063ab4e5593b64cf74092be0e526423ab59e6915e6926b0574fa646
9ad14af24ab8e3320212130a697dc78898c4ca901c4da623ce75a82a8f50e6fc
9cd51c031ae0e26daae376011b70ea9daf2b1c921b122ce93f30769c1427ef45
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a968362fb540700e2f49426fe5b0f0a6cb04c249356f82e19e1e2112a4741665
b17c92dab911dc411afb4fc07040d41ab97374894275b8e213c8af4c1761bd69
b4aced5f9b322c7d7992a40ea8ed5a9cb2d375f9ca109885dd3b26712583c790
b5ec27c3b1d5b0b96efbbb058c20bc71764dc670e8da287ede2cf408822ed1f9
b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813
c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975
c494f73f06208ad9fa331b73a95c5d6e381ec82a06ee31c50ba85f2fc65ea11a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87
d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3
da263eff6489f28a35d328a1a5895db9adb14c22c40cd35d0afce85414cac701
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
db36765bcbd94bfcb454e9796be7317d22613ea0708994207f38a1b067e08fb0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4503431038f190f2d13551529fea120f9e6e44df46109550fa03b893cd6338a
e49f0d2316329b18569fad86bfcf597b4a77f32b6aafe81cbd3ad333cb64428f
eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829
ead189cbd293c28b092697ab4e45a921efb6058f679defb0e61e2ec6fcd4f27a
eb000da68e316ff3df5f83db3a212b3e2cd124ae1f1240d2c5e0d088c6d76871
ee2214a948aa510978878e09453b21c85f1bcfe78a7c55412268ad85a5fb147d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840
f3732a2e63630899d49b5dfc4e8664335886400b66dba1d5fbc653dd5661d6f8
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f40e71d73e1fdf15791bd064a51225dab2b5da9afbbde55b592539a91cd04dae
f433395d73f0f4c86fdcb3d64d2ef849f768181303b8e5b693d62309c7fd02f7
f4b3853b7e792cec8a88f9da8a31d2b29ee09d6a77aabc45979c9ab2937f0962
f5474d1ea76f97e96a990f4031d413a2574c6755447b67cad386cd9d68b069b0
f8c75a1076576464dd8faee80f57812b9a20f9d53977c896824ec1bd58614aa2
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3
ff676cae8092ac570c372375a3037760eee4e052e228feec312fb499acc39fb8

observer.com Open in urlscan Pro 192.0.66.160 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

180 Requests

96 %HTTPS

0 %IPv6

61 Domains

83 Subdomains

57 IPs

3 Countries

2007 kBTransfer

5945 kBSize

23 Cookies

14 Outgoing links

Page URL History

Redirected requests

180 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Screenshot
Live screenshot

Full Image

180
Requests

96 %
HTTPS

0 %
IPv6

61
Domains

83
Subdomains

57
IPs

3
Countries

2007 kB
Transfer

5945 kB
Size

23
Cookies

180 HTTP transactions
3 data transactions