www.heraldextra.com Open in urlscan Pro
18.66.112.33 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldext...
Effective URL:
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Submission: On January 17 via manual (January 17th 2022, 4:12:18 pm UTC) from DE — Scanned from DE

Summary HTTP 162 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 29 IPs in 3 countries across 20 domains to perform 162 HTTP transactions. The main IP is 18.66.112.33, located in United States and belongs to AMAZON-02, US. The main domain is www.heraldextra.com.
TLS certificate: Issued by Amazon on November 4th 2021. Valid for: a year.

This is the only time www.heraldextra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	44.198.64.169 44.198.64.169	14618 (AMAZON-AES) (AMAZON-AES)
16	18.66.112.33 18.66.112.33	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
9	172.81.88.251 172.81.88.251	10493 (GCN-AS) (GCN-AS)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
17	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	18.66.127.89 18.66.127.89	16509 (AMAZON-02) (AMAZON-02)
2	52.217.206.240 52.217.206.240	16509 (AMAZON-02) (AMAZON-02)
12	52.217.192.129 52.217.192.129	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
8	18.66.109.174 18.66.109.174	16509 (AMAZON-02) (AMAZON-02)
2	35.190.62.199 35.190.62.199	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1 1	50.31.163.12 50.31.163.12	10493 (GCN-AS) (GCN-AS)
2	2600:9000:223... 2600:9000:223f:7400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
162	29

1 44.198.64.169 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-198-64-169.compute-1.amazonaws.com

click.icptrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 18.66.112.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-33.fra56.r.cloudfront.net

www.heraldextra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.81.88.251 (United States)

ASN10493 (GCN-AS, US)
PTR: ocvalidate.onecount.net

validate.onecount.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.127.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-127-89.fra60.r.cloudfront.net

cdn-images.mailchimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.217.206.240 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.217.192.129 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ogden_images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.109.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-109-174.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.62.199 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 199.62.190.35.bc.googleusercontent.com

detectdiscovery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.163.12 (United States) 1 redirects

ASN10493 (GCN-AS, US)
PTR: chi-reg.onecount.net

on-reg.onecount.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:7400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.98.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

butterbulb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 124 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com	409 KB
22	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	409 KB
16	heraldextra.com www.heraldextra.com	99 KB
14	amazonaws.com s3.amazonaws.com ogden_images.s3.amazonaws.com	806 KB
10	google.com www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	2 KB
10	onecount.net 1 redirects validate.onecount.net — Cisco Umbrella Rank: 39639 on-reg.onecount.net — Cisco Umbrella Rank: 338771	46 KB
8	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 281	80 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	223 KB
6	gstatic.com fonts.gstatic.com	134 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	40 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293 fonts.googleapis.com — Cisco Umbrella Rank: 47	63 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	143 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5557 adservice.google.de — Cisco Umbrella Rank: 8028	1 KB
2	butterbulb.com butterbulb.com — Cisco Umbrella Rank: 261153	901 B
2	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 533	965 B
2	detectdiscovery.com detectdiscovery.com — Cisco Umbrella Rank: 917536	52 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 440	5 KB
2	mailchimp.com cdn-images.mailchimp.com — Cisco Umbrella Rank: 5534	3 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 255	27 KB
1	icptrack.com 1 redirects click.icptrack.com — Cisco Umbrella Rank: 36545	322 B
162	20

	Domain	Requested by
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com googleads.g.doubleclick.net
17	securepubads.g.doubleclick.net	www.heraldextra.com securepubads.g.doubleclick.net www.googletagservices.com
16	www.heraldextra.com	www.heraldextra.com validate.onecount.net ajax.googleapis.com
15	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	ogden_images.s3.amazonaws.com	www.heraldextra.com
9	validate.onecount.net	www.heraldextra.com validate.onecount.net
8	www.google.com	tpc.googlesyndication.com securepubads.g.doubleclick.net 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
8	c.amazon-adsystem.com	www.heraldextra.com c.amazon-adsystem.com
6	www.googletagservices.com	securepubads.g.doubleclick.net 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
6	fonts.gstatic.com	fonts.googleapis.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.heraldextra.com
4	www.googletagmanager.com	www.heraldextra.com www.googletagmanager.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	googleads.g.doubleclick.net	1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com www.heraldextra.com
2	1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	butterbulb.com	detectdiscovery.com
2	static.adsafeprotected.com	www.heraldextra.com
2	detectdiscovery.com	www.heraldextra.com
2	fonts.googleapis.com	www.heraldextra.com
2	cdn.jsdelivr.net	www.heraldextra.com
2	s3.amazonaws.com	www.heraldextra.com
2	cdn-images.mailchimp.com	www.heraldextra.com
2	ajax.googleapis.com	www.heraldextra.com
1	s0.2mdn.net	1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
1	49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de
1	stats.g.doubleclick.net	www.google-analytics.com
1	on-reg.onecount.net	1 redirects
1	click.icptrack.com	1 redirects
162	31

This site contains links to these domains. Also see Links.

Domain
www.mynewsonthego.com
www.facebook.com
www.twitter.com
www.pinterest.com
www.instagram.com
deals.heraldextra.com
twitter.com
www.ogdennews.com
www.nuttingcompany.com

Subject Issuer	Validity	Valid
*.ogdennews.com Amazon	`2021-11-04` - `2022-12-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.onecount.net Network Solutions OV Server CA 2	`2021-11-09` - `2022-12-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
cdn-images.mailchimp.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
detectdiscovery.com R3	`2021-12-13` - `2022-03-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
butterbulb.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Frame ID: 39F57560009953E06E3F2927ADE37E40
Requests: 95 HTTP requests in this frame

Frame: https://49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0F22F98F293CBFA24BCF6C57F0172F41
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EDFA5B4FBC27CC3AB04E5366681DD9B8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 990AD3C4482FE068E50C3AEF4EA36FEF
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss987Aj8L0On9la2O8gIrglHaN3KezIEyVgbYdwsD2-KZrIZhkjtX9DLivawaIGv6Yjo2X72x_5FeXnsCgwxLq4A4_0uNfHFZy_8JtYqJrcc9o8VDlDMF4VnUelZ9HAAR_iQZIze75XRMT4TahqWormHNgdCEbohM0rWNyxjwVdcosjMmaK6RHWvWMt-0bHqPUL50-QB9H18zN_XZ2h2HivSXJlvgCUPZORGQTBdnWT34_Px0Uqe1Fd6l1boNKfUQ3gb8kpD2uhFFwnegZY1IGeR5UwRo3ZmuIjRnA1tBUvDRXvu_0gBwK9C5DBTeHOgg&sai=AMfl-YRcnAxzm4zT2bXXfkQrPZRGHenA2xX044T4nnLNlp3YzyLj3x6EJeuvFktWdFW3XGAATjlxTYov8RSnfxQYHe9LfWgji12ALyPt22urWxhvBUAWNkUo_zSMBWRAO4s&sig=Cg0ArKJSzK-8SONIFTVrEAE&uach_m=[UACH]&adurl=
Frame ID: 9CDDCF7263F2D374C3F6525DEB8080E7
Requests: 8 HTTP requests in this frame

Frame: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 31975E0444DD85AF82BE2E7997052460
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7EF66F977C65510114361197EA03C536
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7393F1A9D1D5F805CBF12B7E776D133C
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteBeNkV-iVeFeoWbgPVULD_WiAHhVTqSYpMiNKuXOz74QsTDQuOf3sNmvB6N6bvYzzHVMpoyIxKfzLIg3jZl9dBEo4fqAQoNUvq80ZKyy5sjgqq3EArx1jyAME1zkx8D9Xez-JrmMl4MQCUvoTc5cH3G-T6msIPGF5jgUBSEcx3SYQerEtMOuWUaBhhJL6h1MpLlLqAGp6438YT8WBExh6hQXqjQABNGBTAAZPDlBHrHSTzwwKqGkyU6ri3nlgpslxvQFbV9A_OslZRxgiTEi-dzStPYJHEZWt6agDbCbNo84ImSHH2OFrdVkpAtzpeg&sig=Cg0ArKJSzJsKLibKj1r2EAE&uach_m=[UACH]&adurl=
Frame ID: A011F1256B7DA4077F61F0C9A5EE064E
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZdGWU-4qsdDsqioqzGG7FadE5qRBiSln0UiIhdNvW__tavL7RbjX4M9gJi90Gc3Yd_1qQ1X8U0LybyvqLIVl9T_mJPecUiOwZNG5R-fdY2jm9DTZoQ3wtcF2O3TOyK1Oz4k5dBgTFVTi3dDs8QS8T-ZIMaFu3Uzy87gsl-eipPLWJBeW4iorDthvMi_D7mv2-NXW5tZEJiD2-G3uyZlaSt_ydBhr7MSYucBQQLJQBW_JZMqmOk099XW9HCNaLtAKX1Q5BB3P-kBLZqMLAsowWz5qJWT18HaxHcH1QQ5a6N9WErjaTeOGt37BX5n3UfIuv-Q&sig=Cg0ArKJSzOYGUV9elDrzEAE&uach_m=[UACH]&adurl=
Frame ID: 5F02B4C57A0505C3DFEA4873588C1F06
Requests: 7 HTTP requests in this frame

Frame: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6EA44E0DBED512F5B009EEB969326060
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssHLLryujjwkB-eOjMvKreA3-fbT0SA_I3Ow5kjz4A71tsVvTNTVifWZ_YjVpYpddDxFRQKR2S7Hj-rkt6wCR0DlegFKF687rHLNFHrdKBYgIjl9jSx_Yjj-bMnPdnM1MVEuOcLQ4XobFeQkUBZIlHTvHxp6LX-OdyEgRRMOsSlf4UBZ49cSjC9eX5JNaDWX6P9JcF9aicoWYXSRpUhow5VPs-JlWbSwo3focEcA90bqHo4i6drnBmjag-VdCqwjPI4THpZyykBGEYhyLAYtcPIU0pBlpSYIa2kFRpUwNwZUZKUyYZLJ4KXLPcaXpn-75d8jWG9EeE&sig=Cg0ArKJSzFZV2biNqATGEAE&uach_m=[UACH]&adurl=
Frame ID: 80A4CDE69AED6B1C1EBDB45E1D8CF77D
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsud8st3zaCn5im4-IX-pxcEcnOdGfhOgPOV8XAue9ujdE6UFMRhNXkbNV535-YXt-tlue49I9QWBmLogf5o02WpXOGz1N-LSG6vG8qaQj1jWyqCvAv6_7qIYdf6jjqaMFJvxACGCkYxTzV3qzRwtVvZ7rU5vLGfHRgb4OepYXVAa5gp_C4R7cpw0kKiQnOTlvji9hw5OhPuanAVXGn7aIhyYbQQe8m4XZXCW3I3KDySJJyA3dGbMnPFNiswExFzO2PKMJ-UvQoHZu1B6Xh--gYrqgCvDQFAtITZjJSMrqMq3rbj0tjPA0O-_n5W3uxyYplMISeKnEUf&sig=Cg0ArKJSzJ59Nx8pY-0dEAE&uach_m=[UACH]&adurl=
Frame ID: 7B968560500A5BF52C1EA5B98A6E17E6
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNW1dIkD1TwEFj_sCsuydqrZZb0Cti1v6upB1H6Vft94fst9qAF1SgPMCv-vC-KJ-zzy_pv7kRIMPF3S-DalUpdtr7Esdw
Frame ID: C7EDA080493C74E57CD1A2600B18B211
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CB78C8F1767561F36CDEFA69F93CCAAA
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nu Skin becomes first sensory certified company worldwide | News, Sports, Jobs - Daily Herald

Page URL History Show full URLs

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3... HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldw... Page URL
https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%... HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldw... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

s3\.amazonaws\.com/downloads\.mailchimp\.com/js/mc-validate\.js
cdn-images\.mailchimp\.com/[^>]*\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

162
Requests

95 %
HTTPS

60 %
IPv6

20
Domains

31
Subdomains

29
IPs

3
Countries

2543 kB
Transfer

5392 kB
Size

17
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://www.mynewsonthego.com/provo/free/getpubfront.aspx?freeid=990ff282-8e70-4476-bd8a-da63641757ab
Title: Today’s Paper

Search URL Search Domain Scan URL

URL: https://www.facebook.com/UtahValleyDailyHerald/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/heraldextra
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/dailyherald
Title: Pinterest

Search URL Search Domain Scan URL

URL: http://www.instagram.com/dailyheraldutah
Title: Instagram

Search URL Search Domain Scan URL

URL: https://deals.heraldextra.com/
Title: Deals

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Search URL Search Domain Scan URL

URL: https://twitter.com/heraldextra
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.ogdennews.com/
Title: Ogden Newspapers

Search URL Search Domain Scan URL

URL: https://www.nuttingcompany.com/
Title: The Nutting Company

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&cf=11300&v=f09640331078a84c309e19d4582f303a32e4962202364f67738e403a89aacaa5 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/ Page URL
https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&sid=recrbgqtrlr2lqki3nsflrjbd2 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&cf=11300&v=f09640331078a84c309e19d4582f303a32e4962202364f67738e403a89aacaa5 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

162 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Redirect Chain

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-cer...
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

51 KB
13 KB

1844ms
1707ms

Document
text/html

18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 / PHP/7.4.21
Resource Hash: 79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
content-length: 12911
date: Mon, 17 Jan 2022 16:12:09 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-powered-by: PHP/7.4.21
expires: Mon, 17 Jan 2022 15:29:54 GMT
cache-control: max-age=600, s-maxage=86400
link: <https://www.heraldextra.com/?p=1586117>; rel=shortlink
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: _-3GfVrwzJ-oZhsJsYWKzMExoixFUjoHg5C3pT16_M3EnPZhkXV8qg==

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Mon, 17 Jan 2022 16:12:07 GMT
Location: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Server: Apache
X-Cnection: close
X-FORWARDED-FOR: (null)
Content-Length: 0
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 133ms
48ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7c54a44fc3d28a30632b40cc987c838744ef32a8504247685bae514187263938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36509
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:12:09 GMT

GET
H2 200 layout.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 63 KB
11 KB 9ms
8ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 15:05:44 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185773
etag: "fb68-5d4c2f8a7a7fe-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 10900
x-amz-cf-id: JEHzevrTJDxPKTgUqgzn7G1LLJHBrClWf1nk5aujDDCmir39Sjc1vA==

GET
H/1.1 200
OK all.min.js Show response
validate.onecount.net/js/ 61 KB
21 KB 524ms
168ms Script
application/javascript 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/all.min.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: 7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:10 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 Oct 2021 22:53:57 GMT
Server: nginx
ETag: W/"61734105-f323"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=86400, public, private
Transfer-Encoding: chunked
Expires: Tue, 18 Jan 2022 16:12:10 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 14:58:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350041
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 14:58:08 GMT

GET
H2 200 gpt.js
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 255ms
124ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1104 / 960 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 17 Jan 2022 16:12:10 GMT

GET
H2 200 style.min.css
www.heraldextra.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 9ms
9ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185773
etag: "13abe-5c921eaf59ce9-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 10523
x-amz-cf-id: SfswDIqRPGMPyMRu5FGa29B42dnh3_3acsUrT9NtVFYnClEaLoPsYg==

GET
H2 200 daily_herald_logo.svg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 5 KB
3 KB 11ms
8ms Image
image/svg+xml 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/daily_herald_logo.svg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:09:49 GMT
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 18:15:38 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 57741
etag: "142f-5c9b13029e680-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 2262
x-amz-cf-id: Z8xbJqQmXxLnNGsy7v9_LvknKLEwnvZSPOgSdJuGDdfpQoWjg86U5Q==

GET
H/1.1 200
OK classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 60ms
7ms Stylesheet
text/css 18.66.127.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.127.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-127-89.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 16 Jan 2022 17:06:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Dec 2015 16:52:30 GMT
Server: AmazonS3
Age: 83148
ETag: W/"ae0fc9b84c30cada1784022044962394"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P2
X-Amz-Cf-Id: acA367DeaTTubLJQFPeuS8K0iXdX5gPrBX_cPOW8YnaRTshYpankLw==

GET
H/1.1 200
OK mc-validate.js
s3.amazonaws.com/downloads.mailchimp.com/js/ 33 KB
0 419ms
124ms Script
application/javascript 52.217.206.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.206.240 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:38 GMT
Server: AmazonS3
x-amz-request-id: BN4BY4GNGX2QM1NA
ETag: "6465dd4a8331265e6629cd069e03504c"
Content-Type: application/javascript
Cache-Control: public,max-age=2592000
Accept-Ranges: bytes
Content-Length: 143249
x-amz-id-2: JuWOPuqTUsdZWwWk0ARFPptgikN+1EmruJZOBQ4oV+6XjWBpHmBEVOhuXWh76IL+5vz0kMhoaPQ=

GET
H/1.1 200
OK Quinoa-thumbnail-3-460x259.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/ 36 KB
37 KB 495ms
111ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/Quinoa-thumbnail-3-460x259.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Fri, 14 Jan 2022 00:34:21 GMT
Server: AmazonS3
x-amz-request-id: BN484DK5VX9HDYJV
ETag: "2d38b9eaf6f6273148e436e607b9f110"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 37101
x-amz-id-2: Wv4WdvnryZcG6u/hJudDuOw5xMtJAPvv1yLnfsFuyyMG9Qc12kjyZ0EsT94IZp2YmRtUIpp6uVU=
Expires: Sat, 14 Jan 2023 00:34:20 GMT

GET
H/1.1 200
OK 82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/ 47 KB
48 KB 501ms
117ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Fri, 20 Aug 2021 01:32:16 GMT
Server: AmazonS3
x-amz-request-id: BN43MKX4TKYEZXSY
ETag: "8e3dd6598f15c0cc13fb0048c61ae89b"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 48353
x-amz-id-2: MaelwCfhaynUThz3vQjFObCSqRfMiLPhhtw69W3B5ZZBd43Nuht042y9+MGVUAunT4LxRgpYEHc=
Expires: Sat, 20 Aug 2022 01:32:15 GMT

GET
H/1.1 200
OK image002-365x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/ 19 KB
20 KB 502ms
117ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/image002-365x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Fri, 14 Jan 2022 23:21:35 GMT
Server: AmazonS3
x-amz-request-id: BN48VH3TBJD6DJZT
ETag: "ddc5b26bf25db189bd42b94354a4a7e9"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19918
x-amz-id-2: PGRkVwfuk7KdhcfjDERR+xqe5EjY7XdQC4PNgBdGOF3fTyrcV+Eox5kDYNEWk5QmSruciCfh9n0=
Expires: Sat, 14 Jan 2023 23:21:34 GMT

GET
H2 200 wp-embed.min.js Show response
www.heraldextra.com/wp-includes/js/ 1 KB
1 KB 8ms
8ms Script
application/javascript 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:06:45 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 187525
etag: "592-5c921eaf648ca-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 765
x-amz-cf-id: Nbo-QmonJ9bdGitxQkLeNWq_grn1y0HIaY_RmkBtQpVYfaktQjPEHw==

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/ 5 KB
3 KB 51ms
23ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/lazyload.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 943740
x-jsd-version: 11.0.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19137-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1499-chVA5Lq8JbbyRbkq7vcOmT5AjYA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6cf0dd15fa17695d-FRA

GET
H2 200 print.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 1 KB
849 B 10ms
8ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/print.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185773
etag: "4ce-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 457
x-amz-cf-id: ZK6nOgQQwyqz0RO23ZPWffMHRDUqs_CuHD0A5bMOvZzyDo_U0fZqBA==

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
975 B 133ms
49ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 14:30:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 16:12:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 16:12:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 65ms
62ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4be9738f9441c3ac7b010b9ff72c62aa0d3f6459ca5fcacabc5e050a303929

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36537
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:12:10 GMT

GET
H/1.1 200
OK index.php Show response
validate.onecount.net/onecount/api/public/ 706 B
887 B 137ms
134ms Script
application/json 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/api/public/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&cookie=&sid=&js=1&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&referrer=
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: 6f691920557484b78bd6d4125ec9425167d72801fd6d56b1faf4c8e25455985f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 16:12:10 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Access-Control-Allow-Orgin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK index.php
validate.onecount.net/js/custom/ 63 B
369 B 218ms
80ms Script
application/javascript 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/custom/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:10 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: nginx
Cache-control: private
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK a.php Show response
validate.onecount.net/onecount/automation/ 2 B
544 B 92ms
92ms Script
application/json 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 16:12:10 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Access-Control-Allow-Orgin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 apstag.js
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 133ms
8ms Script
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: SKwQUYZY6s9wJPymt5_yhNbSVWOe2iBW
content-encoding: gzip
etag: 8d3665a9b316600491247ca6d78c204c
age: 144
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1QV3WZJF4G0HTNHDFX4A
date: Mon, 17 Jan 2022 16:10:27 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: qrYKS9R7TjFCiiG9yawDv4k7aTI3fpu4nvbokfky_UTEgd1zZGsgkg==

GET
H2 200 85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed
detectdiscovery.com/ 88 KB
26 KB 137ms
26ms Script
text/javascript 35.190.62.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.62.199 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

199.62.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "df69efcef919ee2c064fb083e7fd86ca1407adf46a7faf9074f87763ce494f5a"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-kh86
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 17 Jan 2022 16:12:10 GMT
timing-allow-origin: *

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 220ms
77ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 04:27:49 GMT
x-content-type-options: nosniff
age: 301461
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 04:27:49 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 237ms
94ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:26:28 GMT
x-content-type-options: nosniff
age: 585942
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:26:28 GMT

GET
H2 200 fontello.woff2
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/ 3 KB
4 KB 8ms
8ms Font
application/octet-stream 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/fontello.woff2?63277023
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40

Request headers

Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185773
etag: "cd8-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 3311
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-id: HIhrNZ0qE4Ds3Phs7JuwC4yUtBuHBeF9F9h8I0hgf_ZCt2EtXuBfOA==

GET
H2 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v20/ 21 KB
22 KB 155ms
41ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 09:44:04 GMT
x-content-type-options: nosniff
age: 455286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 09:44:04 GMT

GET
H/1.1 200
OK Nu-Sking-emoployees-making-gifts.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/ 67 KB
68 KB 478ms
141ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/Nu-Sking-emoployees-making-gifts.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Wed, 15 Dec 2021 19:38:31 GMT
Server: AmazonS3
x-amz-request-id: BN474HV5D5DGXP86
ETag: "dfc331a37bb524e43715946f8c0ca62c"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68723
x-amz-id-2: NG46ft3l00WsL/ahJ7uEV7Ul+7p7EZquvD9zwJvrpZVFLODscYTuD+9bLEK9K3EzVBR13zF184Y=
Expires: Thu, 15 Dec 2022 19:38:30 GMT

GET
H/1.1 200
OK Nu-Skin-semsoory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/ 63 KB
64 KB 431ms
125ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/Nu-Skin-semsoory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:11 GMT
Last-Modified: Wed, 15 Dec 2021 19:40:23 GMT
Server: AmazonS3
x-amz-request-id: BN4CR3NGK9KZR9ED
ETag: "e26adcaa611ac6adb8476d4bae87f699"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 64984
x-amz-id-2: A69u1QunAx/DPUzPNBnZXSC2N62x93tBSP+C+M+Rb/UMV7w4sPdP5vR2r4ThuZagAJPfSMt1aP4=
Expires: Thu, 15 Dec 2022 19:40:22 GMT

GET
H/1.1 200
OK Nu-Skin-employees-listen-to-sensory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/ 97 KB
97 KB 474ms
173ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/Nu-Skin-employees-listen-to-sensory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:12 GMT
Last-Modified: Wed, 15 Dec 2021 19:42:07 GMT
Server: AmazonS3
x-amz-request-id: DF9QPH8F5CWT2ED6
ETag: "75aceb828165c1b994e2d00df9fae4f7"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 99305
x-amz-id-2: Gcznp3rTyA68yEfwgH+0mNA5owu1gYtbC/LUwTChkWIzUyzK9XsiOMT0SLibPIUBJv5jpWVAWtA=
Expires: Thu, 15 Dec 2022 19:42:06 GMT

GET
H2 200 analytics.js
www.google-analytics.com/ 49 KB
20 KB 127ms
40ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4264
date: Mon, 17 Jan 2022 15:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 17 Jan 2022 17:01:06 GMT

GET
H2

200

Primary Request / Show response
www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Redirect Chain

https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certifi...
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

51 KB
13 KB

9ms
8ms

Document
text/html

18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 / PHP/7.4.21
Resource Hash: 79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Response headers

content-type: text/html; charset=UTF-8
content-length: 12911
date: Mon, 17 Jan 2022 16:12:09 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-powered-by: PHP/7.4.21
expires: Mon, 17 Jan 2022 15:29:54 GMT
cache-control: max-age=600, s-maxage=86400
link: <https://www.heraldextra.com/?p=1586117>; rel=shortlink
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: SUtIO1gg_SOvOQ-ieJ36l-w6FWyL6RKfk2e8UNCG88sFI5ghoAz3YQ==
age: 3

Redirect headers

server: nginx
date: Mon, 17 Jan 2022 16:24:37 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
strict-transport-security: max-age=16000000; includeSubDomains; preload;

GET
H2 204 config
c.amazon-adsystem.com/cdn/prod/ 0
314 B 10ms
10ms XHR
text/plain 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.heraldextra.com&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 13:56:52 GMT
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
server: Server
age: 8117
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.heraldextra.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 48IpGhO5OdApjzQUGPO84JQsCb_NCG4DuydKKOg8hJED-9NemuQPdQ==

GET
H2 200 aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 26ms
11ms XHR
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
x-amz-cf-pop: FRA56-P5
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 17 Jan 2022 16:12:10 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-id: dHCP7dJC8MQR8Onwir-upVOpjJk6MCrUae9MTZp3-80R5GAs4A5Lew==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 58ms
7ms Image
image/gif 2600:9000:223f:7400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:7400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
age: 14169456
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: YzgF_l6PzngeSAYUZWY2V8RNJav7cEWz12sDMUJrqGU0EqXWomRIdg==

GET
H3 200 pubads_impl_2022011002.js
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 87ms
39ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 15:47:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 15:47:08 GMT

GET
H3 200 ppub_config
securepubads.g.doubleclick.net/pagead/ 160 B
135 B 97ms
49ms XHR
application/json 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0
expires: Mon, 17 Jan 2022 16:12:10 GMT

POST
H3 200 collect
www.google-analytics.com/j/ 2 B
22 B 93ms
46ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=448111543&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ul=en-us&de=UTF-8&dt=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=262975213&gjid=387720857&cid=652881321.1642435931&tid=UA-92804485-1&_gid=1741311163.1642435931&_r=1&gtm=2ou1c0&z=1270988503

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
445 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-92804485-1&cid=652881321.1642435931&jid=262975213&gjid=387720857&_gid=1741311163.1642435931&_u=YEBAAUAAAAAAAC~&z=593049119

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 Jan 2022 16:12:10 GMT
content-type: text/plain
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 213ms
75ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92804485-1&cid=652881321.1642435931&jid=262975213&_u=YEBAAUAAAAAAAC~&z=1114377196

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 212ms
74ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92804485-1&cid=652881321.1642435931&jid=262975213&_u=YEBAAUAAAAAAAC~&z=1114377196

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid
c.amazon-adsystem.com/e/dtb/ 23 B
494 B 123ms
123ms XHR
text/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&pid=wxy9WVutjdOUa&cb=0&ws=1600x1200&v=7.72.0&t=3000&slots=%5B%7B%22sd%22%3A%22DHPU_Top_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Top_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Right_300x600%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Right_300x600%22%7D%2C%7B%22sd%22%3A%22DHPU_Bottom_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Bottom_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Article_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Article2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_FloatBar_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_FloatBar_1x1%22%7D%2C%7B%22sd%22%3A%22DHPU_PAW_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_PAW_1x1%22%7D%5D&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.109.174 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-109-174.fra56.r.cloudfront.net

Software

Server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:11 GMT
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P5
x-amz-rid: 1MJ8J1PNQPS3WSN2HA0P
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 5M1QlxND02xTXcRTTXSa2-9IaaT5_t_ehlBoO4Ct8pN5irXeDHfV7Q==

POST
H2 200 v2zsffzkg1BZKOqy0AlcGXNf3ttrswz_7seG2kCNmXN85VTWS-HJzLG8AxHVBfT3EkXKIpY4F
butterbulb.com/ 209 B
628 B 65ms
20ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2zsffzkg1BZKOqy0AlcGXNf3ttrswz_7seG2kCNmXN85VTWS-HJzLG8AxHVBfT3EkXKIpY4F

Requested by

Host: detectdiscovery.com
URL: https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 17 Jan 2022 16:12:11 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-kh86
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Mon, 17 Jan 2022 16:12:10 GMT

GET
H2 200 integrator.js
adservice.google.de/adsid/ 107 B
792 B 134ms
47ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ 107 B
549 B 136ms
49ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads
securepubads.g.doubleclick.net/gampad/ 273 KB
56 KB 782ms
782ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2442542206190256&correlator=2072611972729843&output=ldjh&impl=fifs&eid=31063823%2C31064029%2C21064372&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220117&iu_parts=1032081%2CDHPU_Top_728x90%2CDHPU_Right_300x600%2CDHPU_Bottom_728x90%2CDHPU_Article_300x250%2CDHPU_Article2_300x250%2CDHPU_Middle_300x250%2CDHPU_Middle2_300x250%2CDHPU_FloatBar_1x1%2CDHPU_PAW_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=970x250%7C728x90%7C452x250%2C300x600%2C970x250%7C728x90%7C452x250%2C300x250%2C300x250%2C300x250%2C300x250%2C1x1%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=SiteID%3DDHPU%26MSection%3DBusiness%26SubSection%3DBusiness%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1642435931&dt=1642435931157&dlt=1642435929864&idt=1138&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C800%2C800&adys=141%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C141%2C84&adks=1409385974%2C3131396195%2C2709727305%2C2112290363%2C2787689133%2C1942493593%2C409150159%2C2600185601%2C3918076839&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1600x4153%7C1600x4153&msz=970x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1600x0%7C1600x0&ga_vid=652881321.1642435931&ga_sid=1642435931&ga_hid=448111543&ga_fc=true&fws=0%2C2%2C2%2C2%2C2%2C2%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:11 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57426
x-xss-protection: 0
google-lineitem-id: 5886385675,5874600175,-1,5743463997,-1,5880969062,-1,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138378448438,138377009178,-1,138357060775,-1,138377944162,-1,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 139ms
53ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8716
x-xss-protection: 0

GET
H2 200 container.html
49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0F22 6 KB
4 KB 172ms
74ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 17 Jan 2022 16:12:11 GMT
expires: Tue, 17 Jan 2023 16:12:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 232ms
140ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:11 GMT

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EDFA 13 KB
5 KB 90ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 15:44:51 GMT
expires: Tue, 17 Jan 2023 15:44:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1640
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 990A 783 B
535 B 94ms
47ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-n5eS9jTwOihtC2H3Sszz3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 17 Jan 2022 16:12:11 GMT
date: Mon, 17 Jan 2022 16:12:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-n5eS9jTwOihtC2H3Sszz3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9CDD 0
0 75ms
75ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss987Aj8L0On9la2O8gIrglHaN3KezIEyVgbYdwsD2-KZrIZhkjtX9DLivawaIGv6Yjo2X72x_5FeXnsCgwxLq4A4_0uNfHFZy_8JtYqJrcc9o8VDlDMF4VnUelZ9HAAR_iQZIze75XRMT4TahqWormHNgdCEbohM0rWNyxjwVdcosjMmaK6RHWvWMt-0bHqPUL50-QB9H18zN_XZ2h2HivSXJlvgCUPZORGQTBdnWT34_Px0Uqe1Fd6l1boNKfUQ3gb8kpD2uhFFwnegZY1IGeR5UwRo3ZmuIjRnA1tBUvDRXvu_0gBwK9C5DBTeHOgg&sai=AMfl-YRcnAxzm4zT2bXXfkQrPZRGHenA2xX044T4nnLNlp3YzyLj3x6EJeuvFktWdFW3XGAATjlxTYov8RSnfxQYHe9LfWgji12ALyPt22urWxhvBUAWNkUo_zSMBWRAO4s&sig=Cg0ArKJSzK-8SONIFTVrEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:12:11 GMT

GET
H3 200 window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 9CDD 2 KB
1 KB 84ms
71ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H2 200 rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9CDD 121 KB
38 KB 227ms
129ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9CDD 0
0 54ms
44ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRWDPIuR-PSWozAYbFcc0a4U6cTbyLNe-Yyu-N1MKDcvw771efa52OyIjVllQOqzfC7zyus
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 11314167604452702423
tpc.googlesyndication.com/simgad/ Frame 9CDD 32 KB
32 KB 55ms
43ms Image
image/gif 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11314167604452702423

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 10:04:19 GMT
x-content-type-options: nosniff
age: 194872
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32967
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:14:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 10:04:19 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js
pagead2.googlesyndication.com/bg/ Frame EDFA 35 KB
13 KB 81ms
36ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 15:43:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 15:43:08 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 990A 0
0 114ms
75ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2442542206190256&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EDFA 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5XX6_g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET view
securepubads.g.doubleclick.net/pcs/ Frame 9CDD 0
0

GET
DATA 200
OK truncated
/ Frame 9CDD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 9CDD 0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be03d977558d77feac4755ca74e5d8cccbe6f7f7c1b83c8e8a13ea5d067af2a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36511
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H2 200 layout.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 63 KB
11 KB 14ms
10ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 15:05:44 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185776
etag: "fb68-5d4c2f8a7a7fe-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 10900
x-amz-cf-id: 69yOqwZgCGGio-23NmzJihWWxpFFAufu_jbZMaYIgxzSitaEaaDcww==

GET
H/1.1 200
OK all.min.js Show response
validate.onecount.net/js/ 61 KB
21 KB 86ms
83ms Script
application/javascript 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/all.min.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: 7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 Oct 2021 22:53:57 GMT
Server: nginx
ETag: W/"61734105-f323"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=86400, public, private
Transfer-Encoding: chunked
Expires: Tue, 18 Jan 2022 16:12:12 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
30 KB 86ms
37ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 14:58:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 14:58:08 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
26 KB 112ms
111ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1104 / 419 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H2 200 style.min.css
www.heraldextra.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 13ms
10ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185776
etag: "13abe-5c921eaf59ce9-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 10523
x-amz-cf-id: q3xGMKQ0Pf-x8rZ3x9ZKt8D3gWknvIh4YncQhnZMdIgLBD75LMLe-w==

GET
H2 200 daily_herald_logo.svg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 5 KB
3 KB 16ms
13ms Image
image/svg+xml 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/daily_herald_logo.svg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:09:49 GMT
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 18:15:38 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 57743
etag: "142f-5c9b13029e680-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 2262
x-amz-cf-id: TRKwncl0MzGmtOUTPfVV638DBLCqqr2k3C9g2A-tgbt9AbuE-KDh-w==

GET
H/1.1 200
OK classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 7ms
7ms Stylesheet
text/css 18.66.127.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.127.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-127-89.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 16 Jan 2022 17:06:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Dec 2015 16:52:30 GMT
Server: AmazonS3
Age: 83150
ETag: W/"ae0fc9b84c30cada1784022044962394"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P2
X-Amz-Cf-Id: lb3p1GJjAc9bTd_eJQ4Ye9PCRj7s2v4JlNj7CCVLsy1knm4z3m-WSQ==

GET
H/1.1 200
OK mc-validate.js Show response
s3.amazonaws.com/downloads.mailchimp.com/js/ 140 KB
140 KB 402ms
111ms Script
application/javascript 52.217.206.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.206.240 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:38 GMT
Server: AmazonS3
x-amz-request-id: VV45JPYVE4G1DBRB
ETag: "6465dd4a8331265e6629cd069e03504c"
Content-Type: application/javascript
Cache-Control: public,max-age=2592000
Accept-Ranges: bytes
Content-Length: 143249
x-amz-id-2: lsVJYHoBousEF6NgurwUxUPtrH5+YShG7d/mPUv4uG22vsBJtXk+he3WChROlib82jQaWs79kJw=

GET
H/1.1 200
OK Quinoa-thumbnail-3-460x259.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/ 36 KB
37 KB 115ms
113ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/Quinoa-thumbnail-3-460x259.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9add41b34d28dd25695af28d7d87aaf8e4e3612aaa5b0d5d58d2df7bc000a6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Fri, 14 Jan 2022 00:34:21 GMT
Server: AmazonS3
x-amz-request-id: VV416QTKH79J8F9M
ETag: "2d38b9eaf6f6273148e436e607b9f110"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 37101
x-amz-id-2: uX0jR01JwUp1O6liaBRRZITq4SCHe4wqackPkirDNk8xbAunC0S3Rvk4iVrHfWbMJNtpsHOgKOA=
Expires: Sat, 14 Jan 2023 00:34:20 GMT

GET
H/1.1 200
OK 82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/ 47 KB
48 KB 115ms
113ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 40110f7498faa8c9394743de0ac8ec779c19c6085ae35dd954e52d6bb26a17a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Fri, 20 Aug 2021 01:32:16 GMT
Server: AmazonS3
x-amz-request-id: VV4D7ESHKFJF79F7
ETag: "8e3dd6598f15c0cc13fb0048c61ae89b"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 48353
x-amz-id-2: 56S4YKj04d9+ZU3aI5bLtW/awTuhapUaNJlXIQ4nbFj69CKAV+LMf5BT5tVbQItnZprCvZPF3Ug=
Expires: Sat, 20 Aug 2022 01:32:15 GMT

GET
H/1.1 200
OK image002-365x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/ 19 KB
20 KB 114ms
112ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/image002-365x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7a537efc2ae5b8c92d1106ff5c3a0142d9119c440044e007438abb2074235015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Fri, 14 Jan 2022 23:21:35 GMT
Server: AmazonS3
x-amz-request-id: VV458MZTBYH81TMC
ETag: "ddc5b26bf25db189bd42b94354a4a7e9"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19918
x-amz-id-2: Vq/O3+yBVVwrU806V04059PUKJqJugNZc0Fr29eSTe7hlO12aLnqTPKtC/l+k5/jGGoF/oRcLuI=
Expires: Sat, 14 Jan 2023 23:21:34 GMT

GET
H2 200 wp-embed.min.js Show response
www.heraldextra.com/wp-includes/js/ 1 KB
1 KB 9ms
9ms Script
application/javascript 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:06:45 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 187527
etag: "592-5c921eaf648ca-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 765
x-amz-cf-id: 9J81cXrGAvw9cM8IVV4unq4yxiy9Op400Uya4x8CTkT0GM0PhNdtpg==

GET
H3 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/ 5 KB
3 KB 47ms
32ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/lazyload.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 943742
x-jsd-version: 11.0.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19137-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1499-chVA5Lq8JbbyRbkq7vcOmT5AjYA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6cf0dd2309ba5c5c-FRA

GET
H2 200 print.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 1 KB
847 B 14ms
13ms Stylesheet
text/css 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/print.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185775
etag: "4ce-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 457
x-amz-cf-id: 0d-dKlvIjjafGaE4J5EIRCbl912ArOTHcqdoFvc2eG6ajUOuCIasjw==

GET
H3 200 css2
fonts.googleapis.com/ 3 KB
473 B 88ms
44ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 16:08:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 16:12:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 65ms
63ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1af9e632f6159358b4dc36f111a13192473cf00dc71d6b4d622eade022c30ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36539
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H/1.1 200
OK index.php Show response
validate.onecount.net/onecount/api/public/ 648 B
943 B 168ms
166ms Script
application/json 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/api/public/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&cookie=_gcna%3D0.0.1642435930.1%3B%20_gcnb%3D1642435930.1%3B%20_gcnz%3D%3B%20oc-js-session%3Drecrbgqtrlr2lqki3nsflrjbd2%3B%20_ga%3DGA1.2.652881321.1642435931%3B%20_gid%3DGA1.2.1741311163.1642435931%3B%20_gat_gtag_UA_92804485_1%3D1%3B%20_awl%3D2.1642435931.0.5-d137b2fd582aa9b16c0b3e9429fafe73-6763652d6575726f70652d7765737431-0%3B%20__gads%3DID%3D53f14dbe55b75408-225e3a5522cd0087%3AT%3D1642435931%3AS%3DALNI_Mba37gIXsasF6pC1y8Q7iCUCwmKuA&sid=recrbgqtrlr2lqki3nsflrjbd2&js=1&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&referrer=https://www.heraldextra.com/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: aeeff160edb90f5ae2c9af125ff24b84963f9696f2746e8457fff99f0c580818

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 16:12:12 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Access-Control-Allow-Orgin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK index.php Show response
validate.onecount.net/js/custom/ 63 B
369 B 82ms
81ms Script
application/javascript 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/custom/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: bff25bb684e20763177fc1204c049d141b44fdcbcbf6b1f7f3599bb1862b8100

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:12 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: nginx
Cache-control: private
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK a.php Show response
validate.onecount.net/onecount/automation/ 2 B
464 B 92ms
92ms Script
application/json 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 172.81.88.251 , United States, ASN10493 (GCN-AS, US),
Reverse DNS: ocvalidate.onecount.net
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 16:12:12 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Access-Control-Allow-Orgin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 10ms
8ms Script
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: SKwQUYZY6s9wJPymt5_yhNbSVWOe2iBW
content-encoding: gzip
etag: 8d3665a9b316600491247ca6d78c204c
age: 146
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1QV3WZJF4G0HTNHDFX4A
date: Mon, 17 Jan 2022 16:10:27 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7oOdkj9hfP82TjORiPjNxbsb11H1G6FaEw7VAtLrgyGU0qYbc3-mzw==

GET
H2 200 85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed Show response
detectdiscovery.com/ 88 KB
26 KB 24ms
22ms Script
text/javascript 35.190.62.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.62.199 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

199.62.190.35.bc.googleusercontent.com

Software

Resource Hash

dcd40d7ea51a4f2d21ee87b2f2cd27d05d186490424b6bbd7f67788446b8c13e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "df69efcef919ee2c064fb083e7fd86ca1407adf46a7faf9074f87763ce494f5a"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-kh86
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 17 Jan 2022 16:12:12 GMT
timing-allow-origin: *

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 86ms
39ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 04:27:49 GMT
x-content-type-options: nosniff
age: 301463
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 04:27:49 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 88ms
41ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:26:28 GMT
x-content-type-options: nosniff
age: 585944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:26:28 GMT

GET
H2 200 fontello.woff2
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/ 3 KB
4 KB 14ms
12ms Font
application/octet-stream 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/fontello.woff2?63277023
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40

Request headers

Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185775
etag: "cd8-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: max-age=2628000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 3311
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-id: JkNiOJAt0tW46Z94kzrrnr3c41jerqX0HTjyNU_E2H8zy5TIffHhdA==

GET
H3 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v20/ 21 KB
21 KB 113ms
72ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 09:44:04 GMT
x-content-type-options: nosniff
age: 455288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 09:44:04 GMT

GET
H/1.1 200
OK Nu-Sking-emoployees-making-gifts.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/ 67 KB
68 KB 114ms
113ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/Nu-Sking-emoployees-making-gifts.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: a6f36fa8e2fe4a6a07456cfeaca03da4b09e7ab4d8ce52558e50b35f3a98d8d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Wed, 15 Dec 2021 19:38:31 GMT
Server: AmazonS3
x-amz-request-id: VV4AYGGS9N79FMZJ
ETag: "dfc331a37bb524e43715946f8c0ca62c"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68723
x-amz-id-2: /0h/yh/oJYh46a/6KLnzWGdYJ3Fof0BWSfnG3zyv/GqbtuC+igot1JPNQtq2wg5UozlXX9WO0LM=
Expires: Thu, 15 Dec 2022 19:38:30 GMT

GET
H/1.1 200
OK Nu-Skin-semsoory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/ 63 KB
64 KB 115ms
114ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/Nu-Skin-semsoory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 1118028f6efb56ef44a489c471c961d4651ed5b8ec57bad974b267ee9aadd395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Wed, 15 Dec 2021 19:40:23 GMT
Server: AmazonS3
x-amz-request-id: VV422YJ3BJS95YXT
ETag: "e26adcaa611ac6adb8476d4bae87f699"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 64984
x-amz-id-2: uuzyNveEOZtKnWmjctvzprWERSaMTcXUt/AKO1Mh5CA8z7M5oIe91MBHR+9eUu8Wa6nw9Z5197w=
Expires: Thu, 15 Dec 2022 19:40:22 GMT

GET
H/1.1 200
OK Nu-Skin-employees-listen-to-sensory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/ 97 KB
97 KB 127ms
126ms Image
image/jpeg 52.217.192.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/Nu-Skin-employees-listen-to-sensory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.192.129 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9ce077008495bf3b42de08f6e6a63ab802693be717238b211d51864b7afa5c3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:12:13 GMT
Last-Modified: Wed, 15 Dec 2021 19:42:07 GMT
Server: AmazonS3
x-amz-request-id: VV44Q1G16T7ZFGBB
ETag: "75aceb828165c1b994e2d00df9fae4f7"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 99305
x-amz-id-2: CE+jKizPX0+BaIcq/PA2yI9OPnDDUQP5rh3W1nRUnu8yt25I2/stibpPqSI6b+z0J78A/08d5wU=
Expires: Thu, 15 Dec 2022 19:42:06 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
312 B 12ms
12ms XHR
text/plain 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.heraldextra.com&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 13:56:52 GMT
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
server: Server
age: 8119
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.heraldextra.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: fdBsFEGXlpJr1xSUvvVMlXsirtTiH7d0oN0Ks-eqvk_PeiE5uCWxeQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 9ms
8ms XHR
application/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-109-174.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 38554
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 17 Jan 2022 16:12:10 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: Q_Nn605NNKxJCiWOt-HEBgR8AU0ubjgbSBd6rm_FeuATAZID3Oe-pw==

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4266
date: Mon, 17 Jan 2022 15:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 17 Jan 2022 17:01:06 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 39ms
39ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 15:47:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1504
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 15:47:08 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 176 B
147 B 50ms
49ms XHR
application/json 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

1a5d105cf2f2c04277319754d5926f2c056e1d0285b3862418887a5826652551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122
x-xss-protection: 0
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 40ms
39ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1927993357&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ul=en-us&de=UTF-8&dt=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=652881321.1642435931&tid=UA-92804485-1&_gid=1741311163.1642435931&gtm=2ou1c0&z=368870623

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 06:39:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34338
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tracker.php
validate.onecount.net/onecount/oc_track/ 42 B
488 B 227ms
227ms Image
image/gif 172.81.88.251
GCN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://validate.onecount.net/onecount/oc_track/tracker.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&_c=1&_d=0&_h=www.heraldextra.com&_l=en-US&_p=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&_pf=Linux%20x86_64&_r=https%3A%2F%2Fwww.heraldextra.com%2F&_s=1600x1200&_t=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&_u=1290871015&_us=ubPahINmp9&_v=5.0&_k=Business,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideLocal%20Business,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideLocal%20News,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideNews,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide&_cv=&_ds=746826627~en-US~24~1200x1600~0~1~1~true~undefined~undefined~undefined~Linux%20x86_64~~2281715471~2386483247~0~1~Not%20Installed~Not%20Installed~24%7C1600%7C1200%7C1600%7C1200~3852541374~3888339597&_ca=9a7b4b941320deef326eb399925cf291dd1ebdad&_gcna=0.4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43.1642435933.1&_gcnb=1642435933.1&_gcno=0&_gcnt=4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43&_gcnz=https%3A%2F%2Fwww.heraldextra.com%2F&_nvstr=1&_rvstr=0&_pctr=1&_vctr=1&_ts=1642435933

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.81.88.251 , United States, ASN10493 (GCN-AS, US),

Reverse DNS

ocvalidate.onecount.net

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 17 Jan 2022 16:12:13 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Jan 2002 00:00:00 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
496 B 52ms
52ms XHR
text/javascript 18.66.109.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&pr=https%3A%2F%2Fwww.heraldextra.com%2F&pid=pb8tAgHREeUgQ&cb=0&ws=1600x1200&v=7.72.0&t=3000&slots=%5B%7B%22sd%22%3A%22DHPU_Top_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Top_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Right_300x600%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Right_300x600%22%7D%2C%7B%22sd%22%3A%22DHPU_Bottom_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Bottom_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Article_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Article2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_FloatBar_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_FloatBar_1x1%22%7D%2C%7B%22sd%22%3A%22DHPU_PAW_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_PAW_1x1%22%7D%5D&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.109.174 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-109-174.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:13 GMT
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P5
x-amz-rid: NNYPC1AR7E0YG3KA2HKJ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: w_sLrBVD1BIKFqVUVPLKlR34_xePxon05XOHyWNqB3XV10osye3hPw==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 97ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 100ms
51ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 221 KB
34 KB 758ms
758ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1095902140597682&correlator=1199587836138542&output=ldjh&impl=fifs&eid=31063377%2C31063821%2C44757100%2C31063247%2C44755509&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220117&iu_parts=1032081%2CDHPU_Top_728x90%2CDHPU_Right_300x600%2CDHPU_Bottom_728x90%2CDHPU_Article_300x250%2CDHPU_Article2_300x250%2CDHPU_Middle_300x250%2CDHPU_Middle2_300x250%2CDHPU_FloatBar_1x1%2CDHPU_PAW_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=970x250%7C728x90%7C452x250%2C300x600%2C970x250%7C728x90%7C452x250%2C300x250%2C300x250%2C300x250%2C300x250%2C1x1%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=SiteID%3DDHPU%26MSection%3DBusiness%26SubSection%3DBusiness%26amznbid%3D0%26amznp%3D0&cookie=ID%3D53f14dbe55b75408-225e3a5522cd0087%3AT%3D1642435931%3AS%3DALNI_Mba37gIXsasF6pC1y8Q7iCUCwmKuA&bc=31&abxe=1&lmt=1642435933&dt=1642435933157&dlt=1642435932348&idt=741&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C800%2C800&adys=141%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C141%2C84&adks=1409385974%2C3131396195%2C2709727305%2C2112290363%2C2787689133%2C1942493593%2C409150159%2C2600185601%2C3918076839&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ref=https%3A%2F%2Fwww.heraldextra.com%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1600x4153%7C1600x4153&msz=970x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1600x0%7C1600x0&ga_vid=652881321.1642435931&ga_sid=1642435933&ga_hid=1927993357&ga_fc=true&fws=0%2C2%2C2%2C2%2C2%2C2%2C2%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

a3f17ba2bc114760b340474cc46aa4550be7d8c3e570e679807be30ad2dc53ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34534
x-xss-protection: 0
google-lineitem-id: 5886385675,5874600175,-1,5743463997,-1,5880969062,5886916928,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138378448438,138377009178,-1,138357060775,-1,138377944162,138378440521,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3197 6 KB
3 KB 107ms
69ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 17 Jan 2022 16:12:13 GMT
expires: Tue, 17 Jan 2023 16:12:13 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 blur_image.jpg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 12 KB
13 KB 12ms
12ms Image
image/jpeg 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/blur_image.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: eb66a3807316801bcea37697d7af86a86345dfe48f335e7f804f73df1a85fc5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:13 GMT
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-amz-cf-pop: FRA56-P5
etag: "30a7-5c7050ee1db80"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2628000
accept-ranges: bytes
content-length: 12455
x-amz-cf-id: w9Btc-Ups9rcAfdbeOQ8W9qYAb8LfIz73mAkHRLwD_Y16_CYkossPA==

GET
H2 200 inc_breakingNews.js Show response
www.heraldextra.com/_breakingNews/ 216 B
511 B 303ms
303ms XHR
application/javascript 18.66.112.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/_breakingNews/inc_breakingNews.js?_=1642435932632
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-33.fra56.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: c32feb0b2794d622e7fcd8fe31922ec811d1aff3265d1b438f4d8ce093549750

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 11:10:53 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-amz-cf-pop: FRA56-P5
etag: "d8-5d05929acf861-gzip"
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
cache-control: max-age=2628000
accept-ranges: bytes
content-length: 111
x-amz-cf-id: wdXEYfmaZ-w_oneaOYMHTo1rgqlo0Z0JDrOVXGxjjKx5i256uUgWiA==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 7ms
7ms Image
image/gif 2600:9000:223f:7400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:7400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
age: 14169459
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: 1AoJchYZWA8C1-avXzv5MJSrh_jdxzRAJ3nPdakis_zr4DkDN8Liqg==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 55ms
55ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcdc3bcc6ec977b7b45e115e0d3eabec8728b3d67c22ed1ebbcda29a8d4a7b63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8659
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 128ms
127ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7EF6 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 15:44:51 GMT
expires: Tue, 17 Jan 2023 15:44:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1642
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7393 783 B
536 B 47ms
46ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3238455dfdc898c2379d47d4294f194456ab0328d94835ba0ecba233fbf7f2fe

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ewkUr/GNKAh64Z5SgWtBbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 17 Jan 2022 16:12:13 GMT
date: Mon, 17 Jan 2022 16:12:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ewkUr/GNKAh64Z5SgWtBbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7393 0
0 76ms
76ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1095902140597682&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 7EF6 35 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 15:43:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 15:43:08 GMT

POST
H2 200 v2hwagglRUFAz1B5rhTlAJRIcWs_K4Kl3_Ioke20cBgv8H_vGRSH6XRCwS7EV1tGP66V-Mbhp Show response
butterbulb.com/ 191 B
273 B 20ms
19ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2hwagglRUFAz1B5rhTlAJRIcWs_K4Kl3_Ioke20cBgv8H_vGRSH6XRCwS7EV1tGP66V-Mbhp

Requested by

Host: detectdiscovery.com
URL: https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

c5e84c4c35343122397c6982786da5fada176a884521c9afc2a6292572474917

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 17 Jan 2022 16:12:13 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-kh86
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 191
expires: Mon, 17 Jan 2022 16:12:12 GMT

GET generate_204
tpc.googlesyndication.com/ Frame 7EF6 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1095902140597682&bg=!y8ilyIzNAAaocxMpqHM7ACkAdvg8WqMCJpubaGA-E-Ik3po7MIVPWHzCd9nRaXFxzkvX0OQaxLJ30wIAAABEUgAAAANoAQeZAr51ajP3JBVWjMJPZaMthzWsEfB1pR67ksBFJXYq5g6ojMbXXGsoD2qvt4uYgtk--fNd2juAhg97XSf1g6E55XITjVcmi2gYFoPKet3n7fBvi2qgfqYa0UI2h8B744JbMa5ALu9gxZLaI9ZCBeSI_OCc8jV659oit_ZS9uVAJFq5DeUmTm_Ce8kj092aWRyADwYzTViln3674ovMvRFXmFLEp3OHNkLbbIB7nSSqqHQlGXiHK2YwpjFgHGLrqgdMSy17X3AceZcNg3YI0e-vYiXigfZcQT-ADS102ywzJhca8UZlrD7T2cqBY1CUU7YXb-tLt7_KR4ZskcWQcgtLiOhSluvS_MFgy0wq_qTFs8nW1mPKNj1f3jqQb5AU2lbeFNEv_Z4wV7FnAVB27c8HSvkyaiZNXnFMeD4kDtvzKo4dO4btvQCgoVMUuWljGp2liCQJ7lS50xOEOABZamIZNbdVtKR2t9rrgSYsm3GGz4pvk4rBbfXczGJhAiFX6PFDnS9GLTNJKtcno6D1GLbDwyoIES_SlSsHpRVACCPctmJETzT88dZycLRTEgsuGy6od6CQ0hTluWDRkaox4cOeOCybVJIHwWJUKGXNG3q-n6m03DhPQrSZ3ss5HnSQZfoyVGk85X7GkaCvYHYmKrM3XCcPDQWcgN-YdOPZ1wYszhyIhjSGuBMonpeQWTC2N23Od_uyJSUvz-txDqBC7Fo9qb0pPAbcgYoqkwSYsaEOkov1M3HqVt9JC4iIUXx43Ton9t6D_xcTYG6oNRsIyW87dzUya3y00nn7DcJx_jQaU-AolFf5r7R7drt76LbGsdk_avi3BA545PGd-Gh_qjA10mPwME8U39V0H6aYfFGNeIj-OTyewGGx0qB1KslssaragPyjf4PiF01TNjjCkK9nhFT4CKJyPgYwC6WPEyUez-s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A011 0
0 74ms
74ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteBeNkV-iVeFeoWbgPVULD_WiAHhVTqSYpMiNKuXOz74QsTDQuOf3sNmvB6N6bvYzzHVMpoyIxKfzLIg3jZl9dBEo4fqAQoNUvq80ZKyy5sjgqq3EArx1jyAME1zkx8D9Xez-JrmMl4MQCUvoTc5cH3G-T6msIPGF5jgUBSEcx3SYQerEtMOuWUaBhhJL6h1MpLlLqAGp6438YT8WBExh6hQXqjQABNGBTAAZPDlBHrHSTzwwKqGkyU6ri3nlgpslxvQFbV9A_OslZRxgiTEi-dzStPYJHEZWt6agDbCbNo84ImSHH2OFrdVkpAtzpeg&sig=Cg0ArKJSzJsKLibKj1r2EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame A011 2 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A011 121 KB
37 KB 323ms
277ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A011 0
0 46ms
45ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSggh-T7vR6udNeiRSPBBeO7IqwQ3o_nP7K7yUX6K2ZWg7GztcY70oUUfaaSR8U-OYl7Ne-
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 11314167604452702423
tpc.googlesyndication.com/simgad/ Frame A011 32 KB
32 KB 40ms
40ms Image
image/gif 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11314167604452702423

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f57bfdc4a5ae7b75e3f29fb96aa86f701b137627c376b8a2759367433b15d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 10:04:19 GMT
x-content-type-options: nosniff
age: 194874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32967
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:14:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 10:04:19 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5F02 0
0 75ms
74ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZdGWU-4qsdDsqioqzGG7FadE5qRBiSln0UiIhdNvW__tavL7RbjX4M9gJi90Gc3Yd_1qQ1X8U0LybyvqLIVl9T_mJPecUiOwZNG5R-fdY2jm9DTZoQ3wtcF2O3TOyK1Oz4k5dBgTFVTi3dDs8QS8T-ZIMaFu3Uzy87gsl-eipPLWJBeW4iorDthvMi_D7mv2-NXW5tZEJiD2-G3uyZlaSt_ydBhr7MSYucBQQLJQBW_JZMqmOk099XW9HCNaLtAKX1Q5BB3P-kBLZqMLAsowWz5qJWT18HaxHcH1QQ5a6N9WErjaTeOGt37BX5n3UfIuv-Q&sig=Cg0ArKJSzOYGUV9elDrzEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 5F02 2 KB
1 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F02 121 KB
37 KB 351ms
309ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
H3 200 2243237536795754934
tpc.googlesyndication.com/simgad/ Frame 5F02 128 KB
128 KB 51ms
51ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2243237536795754934

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae5f15d7eb477a6103ca2f5ff673430d33cf1be71a241f8f1b92e9c6a232fe1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 10:04:19 GMT
x-content-type-options: nosniff
age: 194874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130995
x-xss-protection: 0
last-modified: Mon, 03 Jan 2022 21:56:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 10:04:19 GMT

GET
H3 200 container.html Show response
1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6EA4 6 KB
3 KB 85ms
38ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 16:12:13 GMT
expires: Tue, 17 Jan 2023 16:12:13 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 80A4 0
0 74ms
73ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssHLLryujjwkB-eOjMvKreA3-fbT0SA_I3Ow5kjz4A71tsVvTNTVifWZ_YjVpYpddDxFRQKR2S7Hj-rkt6wCR0DlegFKF687rHLNFHrdKBYgIjl9jSx_Yjj-bMnPdnM1MVEuOcLQ4XobFeQkUBZIlHTvHxp6LX-OdyEgRRMOsSlf4UBZ49cSjC9eX5JNaDWX6P9JcF9aicoWYXSRpUhow5VPs-JlWbSwo3focEcA90bqHo4i6drnBmjag-VdCqwjPI4THpZyykBGEYhyLAYtcPIU0pBlpSYIa2kFRpUwNwZUZKUyYZLJ4KXLPcaXpn-75d8jWG9EeE&sig=Cg0ArKJSzFZV2biNqATGEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 80A4 2 KB
1 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 80A4 121 KB
37 KB 344ms
320ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 80A4 0
0 44ms
44ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTkdArSV8pCl-ft2Tr5YgpuOGZAGgbMLI-BqM-TwqRMa_ndAAoiNQmWS8W763meLVMqWWm
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 4603316293907694925
tpc.googlesyndication.com/simgad/ Frame 80A4 47 KB
47 KB 47ms
46ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4603316293907694925

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5fc5e10e63bd68b052ff25dbd083a87bc83c272473d9a0edc7b1dd9f22cfc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 10:30:13 GMT
x-content-type-options: nosniff
age: 20520
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48524
x-xss-protection: 0
last-modified: Sat, 08 Jan 2022 18:34:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 10:30:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7B96 0
0 74ms
74ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsud8st3zaCn5im4-IX-pxcEcnOdGfhOgPOV8XAue9ujdE6UFMRhNXkbNV535-YXt-tlue49I9QWBmLogf5o02WpXOGz1N-LSG6vG8qaQj1jWyqCvAv6_7qIYdf6jjqaMFJvxACGCkYxTzV3qzRwtVvZ7rU5vLGfHRgb4OepYXVAa5gp_C4R7cpw0kKiQnOTlvji9hw5OhPuanAVXGn7aIhyYbQQe8m4XZXCW3I3KDySJJyA3dGbMnPFNiswExFzO2PKMJ-UvQoHZu1B6Xh--gYrqgCvDQFAtITZjJSMrqMq3rbj0tjPA0O-_n5W3uxyYplMISeKnEUf&sig=Cg0ArKJSzJ59Nx8pY-0dEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 7B96 2 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B96 121 KB
37 KB 163ms
143ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7B96 0
0 44ms
44ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRnq-Pz1PGKW8XdozWfdPUpFjGlvbOUgjEvCF_HtHla2xLKfR_OWvk8f9gOKxDpkPxzLXKw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 17275204542934717056
tpc.googlesyndication.com/simgad/ Frame 7B96 29 KB
29 KB 69ms
68ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17275204542934717056

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afb68f877bf48ad869fb5df4fe8d3efb740f3bddbca610af78ec494dc8372f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 08:05:32 GMT
x-content-type-options: nosniff
age: 202001
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30134
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:11:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 08:05:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C7ED 0
425 B 134ms
48ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNW1dIkD1TwEFj_sCsuydqrZZb0Cti1v6upB1H6Vft94fst9qAF1SgPMCv-vC-KJ-zzy_pv7kRIMPF3S-DalUpdtr7Esdw

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 Jan 2022 16:12:14 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6EA4 54 KB
27 KB 240ms
155ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-VIO-SPyFH8ISN78874-exxTxMbzEZmKHgg7xXNmrqbxZaX9wRA_bF7i_e_M7kM2pSNludTrhUytYGCHW5085AF1e7oxPF8rPtNIV-KERSEVTOjt7ATXmVVMJc_83PvN_FoJmwiCK-cGyW3PiGGAPFDZHvQ&dbm_d=AKAmf-CHmJ8MzcDfe3jIxyPB1MQjZrdPqDgsiEkU2xDW1Il2nG6McLQRwako0KIEnNllh4Xj4SjpGAcWgfbZJUnkzOUXfyPYlrr_MEdZqAQRdL39S2a77HWd5Wa2nw2f9XMT6ACjrNusu5gEn8T3Hl5R0QE6JdZ8LCw70a7UuO6vNUBbB2nTL0ZYhBtDhPuhGmaoK3ACnPhfLKXsuhTtXPAjOFZd4Q7Ez6AR_28z5bLerGtAWknJXhUpek5A0PT7SyU1hjr0qUVGLFdX4gTICU3kVEweD1ogeT_vjVi-gDWMNUoTZnqVFJD_wm8g84oo-_sdDURwdT3Tteq_IJJVh70aWZwS1GBGweZ85RzVENDl6fGpTmpz5kj6IVbk30GknQfHmbXNxtaNVPsxJKbOjvivBiO2vPJcOAMut6np3YZx_2fQyGjl048Ruiz6v3mZxkqIw-GwfOPooZLx3i-SF74tOyF9xzlZSBnX_JqsGNiEYwDV5Yskz8T_zhpAEoCtDU2d7mhGO-8daVdr2PqSQN6gHcniv5x2aYw0BQJAUghO9Qy_2sr-olubmX-6HLACjwTbwaQv6nt4VqRIQoTIlSiHIA-aT0G41UaFFKHD77ceaBbX3U-7sdqLnBjX7FLV4vVJoxVLMBiudeiCWqk7b39SYDScr7caVGYfdEeBGeKyWRobm3Sn_6YwWgQGjw-gEwYvqE8fpTiLCZ9uA-VbJ0k5fxaDWq7YhIXMJ2umFIpIP0i4iy11CnrDLmtpIIQcybJScZbs4EIprt3dI60xb-IwWjeuOT7JjBTzg_gqJJSzrBw0ttxtrvkBFvLI9s0EeI0c-qnXgu2fNv9yqhOKk7-HsNb_qHo3JLdceFQfYmHnyFe0t3rE6LLHHl39IJDi2fCXtKorTFCdO7P6JS_SvSE9JCKqrA42UL0MlUrxPfQC7BNgogl5JUUgVI_HWDrhJ1MZp-L4KAABZRGLk5LrH7VBzAiJufEAcz9jsbqyzPQR_zyQWxl4VfkVr6SAmVHCSY-i46Hvs0QlmWfVKnPx_yu1rk1FrfT4DP3XTF3_JSkWJDcpaKSoqwJzW3jF7Yb-RTFf7aZ1-u5mj7wmoSregAkZyFTYVhVGty1XlwH9M6xufEIuDpNV4qrXwUPFHbTXefN07dplh2KUqY4XsddijTX2sYa3Q2TgMpDfFf65tSkJgKTfLtNjHyGQAL1YUM4EefCvd5g4LeuWSIOKJtDpx_sSlp_uM9IjFL88DUyVPD4TsBjFo2WXv418FLsRREIZbezbdDS1xpYJ6i08doIICyf5I5eBZaXzdcPD_CjveenUiC8dGyuFu4fmZ4v0uBo_PxR7mBQ3Ej-CWZL8ez_mK6QsesHm2BPu1WleCXUiCeex09NzrEv-Ju71L5B4B9s6I7gdcFF8rIlI61FchyKIQmYEzJLdnettUHMye-ERyQynN5gx6uKvvu-AqzVtJpbFSc50l8pv3UU-LOg-IUvv04xkhlE4y3L9gZuXJ8WTrr6YqO3OXbeoXYNHbe-Q8l1c8nNmjJxMpzpqiXDQ9J63EtCDVJe1-vNCqmW7I8yE0fNbLD8vpifzFmh7pvAMYo0PVQm7i6UTxr0RbzqMWmAqcFPs4dCtF1fK86MZPzIANZmcWlzE6fUkQ1w6OTRBE5aucsNi9XJm2ayggO_WQVUDNwlpms7Lg0bj2MWoVai78OgUC6M37g9-L_mPB7fX395WvjFNzJhfp4xMFJxfjmIrpibAHBuTPLderTlBJCfid-ZD4S6TeymRb5qDGbXewDAHLA_QNcRghuQQgfyWva8uFCGsS6ArhyKG9XDxN0PVOSNYM6H84f5CxCG9JUnhkuVJXE0noMvmaxczvmGH6XE6rQzJ0rHbowvfEEi_N9ArnRBgO5A0QCz2gVHvCASKFtm8GtAZwC3IKUmD7cM5u88CTxvESJEoDu91BMYcq-XMLbE624bSPcFXZVT08zhOEW-Pn7WjNxMv4CKAelDf-yPXf9el6of3QLN7EcRSXkXLo6zKxbD4w5iLg33OCSWcej3eawckOasswP6xVWwCQxGQT8h1RwROJod6exqCTsvb8aLA8xs94Q6sGptwswG5uX4rr1VuAaHkYoM8G6qx-qrLVy-5DS2OzQTozcS7W0X6vSHjj5zZuBGTvMU9APgYx8gqNX8uSTLUuQpvv8k-hm-WiJKSv20UqAlUX9t9OJkwl1P4qo9pgWmrs3BqHf7zclwaJFfFpgTzPl1ncHQJcLBgNe72errgyJlIYwAkBvgnTnyp9gx9lFIY7BJm42rM5zIxxSp1ttrbToO_IkLopj_l_1wWvzvalwQn-dQH55RLJBk9WRsX9cpBXbKFDyhlHYzD7pVzNNebloZmG45NGROy9aNfrFJkVEKwH-tYyoKYXNm4C6LAL0fUUIzIkrCabOqP2LPRmroJ-He1Ms_nXIe8UzOmeGwrowGItNW0mdfDXifuFZQpFhCicIjRfyI5J_3MIG0fPvQXQ176cr5j0S1KB-RJLABSaGnTWVRv63Q9jX65PTsUHoYwGU0V79_aJCXtPJEyqxNWRUSqN0iXxF2YpLU5ka5AdZ5aecRfNINwwtHJJkLobMgOEiZFswdluOWdcgnLrWV78JhemDObEKvznMuFEWGnF02D691Sf4qetPx0MOs8Qj8kX1mhVBQRDVUgA943y-qlX0QHWFlBsJ_v5WX8PTWIqAeDod0qNJNrSDxxcuJEfd4PmEQein7sY99JBGGh3L-oTFQ9yQFKZHdpi7W797hxUdW6cAhtXdSuuo2ucEVuXFMKWRu6u8yeECpVulDmiCTCqN8QS6e2bKEgTzWeDsBr_33NBvFoVDZ3LPwRYeOcMF80Q8P2Z8nykbHZwefHZZ7uzDUzBhtRrjlqykNJL9crm76wQrgn6XCq2wy7I77BWWwjYS-Gf87YoEOdtGFang66dHlrJhSeb7OBu200pBacRU_BWsvrnVLgrhHBBMRJjr0rq7YxaPTqa5A6D-FIyoEYHjKTn_FEDYZ7rizgnc3cT2SXO1HUgvffu50QUb-i3Cxkbb-L3hZXfhVhQcTGFmvbZ_a-&cid=CAASPeRokjNixDZMqvEAZ1pU86Kc9zRvj6Tw0zZ5ZI0axTRTNvX4vnRkMY75dHHznxfiGL_e1kqKr1MNPsHJXyU&rfl=1%2Chttps%253A%252F%252Fwww.heraldextra.com%252F%240

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e34273b1e42b6691f9ad914ea5d00997cea6f2695b8871c576372c50d128adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27657
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EA4 42 B
63 B 69ms
69ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dn_kr7FIToQzFtJBdIQBseOfMHJ4AKzheWIF-rW_9tf-uEN4d48UNtc_bGQ5UblFytBOfFoqnSgsPCnEOtZ_emwV7ll3SkoJKE6O31yVYHahpyXKs

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 6EA4 2 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6EA4 121 KB
37 KB 220ms
220ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 6EA4 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:06:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:06:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6EA4 0
0 45ms
44ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7-4VOspGgA5QEIzDvTo1O0zK7wZ0fbFOtWKd03_tcdAT-J1RSZXzj_sUROdemXibLTWk-
Requested by: Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7B96 0
0 74ms
73ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKpFZ1ljQ8wTEghtIWiYogvNCiKIj7zENEkyNDvtDWUcVsmyjK6VVDp6ssFoZ7A45WGp9cv3GrGvgYgLBTghcQkPZSr1CS_7xg9a2cYjfSg41nDEc-yZiVkHpPnwsbt7O2ENdeKR-28Pu5T7Q_Pz-TonyudYBtWiWuMzk0mqMPWR_iKPf-nU6BPKxXbFh5eGADHQUZpsXS4c_ME147hdWDnvaV3XdUPmmcdBh9yMMYRd6zQvcaDIiV5cXKyFjQUmINrpNFhZ33si36noq8GDyEEEiihbbcAEbLLxUS_i_M-fi0kIjmbNe48_FGU77ww9DqoeMc3IA5qiM&sig=Cg0ArKJSzFtlp7IMGqApEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
DATA 200
OK truncated
/ Frame 7B96 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29d16ed7093f4ddc6476c6cfa724b9bfd6716ce93d6c592a8649c6a88f7992c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A011 0
0 75ms
75ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEeW0aotgSKYvfaixwIwtD5JTyQ7h0vs88guGMdFTOIgZBW5Se78EpUEsYAUzI-WXQzsh8Yzysdn375Pki-7POoaTJBW0udSjOCBqAlcZbnICANYR7183d7pYiUH8rR5bGi5Jn_cOw8WrRAXAk3bwqhNULGNiqr_dmSpJLfSAbbsl-yrNJyIvXvz-RJ5_FMyc0r6L334GMqsORbOAlX7V8Bf1stbLH9JqB-ZhMRKHgMVYltiRonL8JgukXVGZQYAXqC5rcb1rnSzzyuAK7zj9FuuaCzcthrdyrzGEknD_d71EUYC_GccoJYt45NTDS6eBs&sig=Cg0ArKJSzDFnSRUKWWOIEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
DATA 200
OK truncated
/ Frame A011 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62a803eb1240b5260b1cb3ab33c641823a866ce5b67e38bb09ee9ddee627cede

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 6EA4 24 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-VIO-SPyFH8ISN78874-exxTxMbzEZmKHgg7xXNmrqbxZaX9wRA_bF7i_e_M7kM2pSNludTrhUytYGCHW5085AF1e7oxPF8rPtNIV-KERSEVTOjt7ATXmVVMJc_83PvN_FoJmwiCK-cGyW3PiGGAPFDZHvQ&dbm_d=AKAmf-CHmJ8MzcDfe3jIxyPB1MQjZrdPqDgsiEkU2xDW1Il2nG6McLQRwako0KIEnNllh4Xj4SjpGAcWgfbZJUnkzOUXfyPYlrr_MEdZqAQRdL39S2a77HWd5Wa2nw2f9XMT6ACjrNusu5gEn8T3Hl5R0QE6JdZ8LCw70a7UuO6vNUBbB2nTL0ZYhBtDhPuhGmaoK3ACnPhfLKXsuhTtXPAjOFZd4Q7Ez6AR_28z5bLerGtAWknJXhUpek5A0PT7SyU1hjr0qUVGLFdX4gTICU3kVEweD1ogeT_vjVi-gDWMNUoTZnqVFJD_wm8g84oo-_sdDURwdT3Tteq_IJJVh70aWZwS1GBGweZ85RzVENDl6fGpTmpz5kj6IVbk30GknQfHmbXNxtaNVPsxJKbOjvivBiO2vPJcOAMut6np3YZx_2fQyGjl048Ruiz6v3mZxkqIw-GwfOPooZLx3i-SF74tOyF9xzlZSBnX_JqsGNiEYwDV5Yskz8T_zhpAEoCtDU2d7mhGO-8daVdr2PqSQN6gHcniv5x2aYw0BQJAUghO9Qy_2sr-olubmX-6HLACjwTbwaQv6nt4VqRIQoTIlSiHIA-aT0G41UaFFKHD77ceaBbX3U-7sdqLnBjX7FLV4vVJoxVLMBiudeiCWqk7b39SYDScr7caVGYfdEeBGeKyWRobm3Sn_6YwWgQGjw-gEwYvqE8fpTiLCZ9uA-VbJ0k5fxaDWq7YhIXMJ2umFIpIP0i4iy11CnrDLmtpIIQcybJScZbs4EIprt3dI60xb-IwWjeuOT7JjBTzg_gqJJSzrBw0ttxtrvkBFvLI9s0EeI0c-qnXgu2fNv9yqhOKk7-HsNb_qHo3JLdceFQfYmHnyFe0t3rE6LLHHl39IJDi2fCXtKorTFCdO7P6JS_SvSE9JCKqrA42UL0MlUrxPfQC7BNgogl5JUUgVI_HWDrhJ1MZp-L4KAABZRGLk5LrH7VBzAiJufEAcz9jsbqyzPQR_zyQWxl4VfkVr6SAmVHCSY-i46Hvs0QlmWfVKnPx_yu1rk1FrfT4DP3XTF3_JSkWJDcpaKSoqwJzW3jF7Yb-RTFf7aZ1-u5mj7wmoSregAkZyFTYVhVGty1XlwH9M6xufEIuDpNV4qrXwUPFHbTXefN07dplh2KUqY4XsddijTX2sYa3Q2TgMpDfFf65tSkJgKTfLtNjHyGQAL1YUM4EefCvd5g4LeuWSIOKJtDpx_sSlp_uM9IjFL88DUyVPD4TsBjFo2WXv418FLsRREIZbezbdDS1xpYJ6i08doIICyf5I5eBZaXzdcPD_CjveenUiC8dGyuFu4fmZ4v0uBo_PxR7mBQ3Ej-CWZL8ez_mK6QsesHm2BPu1WleCXUiCeex09NzrEv-Ju71L5B4B9s6I7gdcFF8rIlI61FchyKIQmYEzJLdnettUHMye-ERyQynN5gx6uKvvu-AqzVtJpbFSc50l8pv3UU-LOg-IUvv04xkhlE4y3L9gZuXJ8WTrr6YqO3OXbeoXYNHbe-Q8l1c8nNmjJxMpzpqiXDQ9J63EtCDVJe1-vNCqmW7I8yE0fNbLD8vpifzFmh7pvAMYo0PVQm7i6UTxr0RbzqMWmAqcFPs4dCtF1fK86MZPzIANZmcWlzE6fUkQ1w6OTRBE5aucsNi9XJm2ayggO_WQVUDNwlpms7Lg0bj2MWoVai78OgUC6M37g9-L_mPB7fX395WvjFNzJhfp4xMFJxfjmIrpibAHBuTPLderTlBJCfid-ZD4S6TeymRb5qDGbXewDAHLA_QNcRghuQQgfyWva8uFCGsS6ArhyKG9XDxN0PVOSNYM6H84f5CxCG9JUnhkuVJXE0noMvmaxczvmGH6XE6rQzJ0rHbowvfEEi_N9ArnRBgO5A0QCz2gVHvCASKFtm8GtAZwC3IKUmD7cM5u88CTxvESJEoDu91BMYcq-XMLbE624bSPcFXZVT08zhOEW-Pn7WjNxMv4CKAelDf-yPXf9el6of3QLN7EcRSXkXLo6zKxbD4w5iLg33OCSWcej3eawckOasswP6xVWwCQxGQT8h1RwROJod6exqCTsvb8aLA8xs94Q6sGptwswG5uX4rr1VuAaHkYoM8G6qx-qrLVy-5DS2OzQTozcS7W0X6vSHjj5zZuBGTvMU9APgYx8gqNX8uSTLUuQpvv8k-hm-WiJKSv20UqAlUX9t9OJkwl1P4qo9pgWmrs3BqHf7zclwaJFfFpgTzPl1ncHQJcLBgNe72errgyJlIYwAkBvgnTnyp9gx9lFIY7BJm42rM5zIxxSp1ttrbToO_IkLopj_l_1wWvzvalwQn-dQH55RLJBk9WRsX9cpBXbKFDyhlHYzD7pVzNNebloZmG45NGROy9aNfrFJkVEKwH-tYyoKYXNm4C6LAL0fUUIzIkrCabOqP2LPRmroJ-He1Ms_nXIe8UzOmeGwrowGItNW0mdfDXifuFZQpFhCicIjRfyI5J_3MIG0fPvQXQ176cr5j0S1KB-RJLABSaGnTWVRv63Q9jX65PTsUHoYwGU0V79_aJCXtPJEyqxNWRUSqN0iXxF2YpLU5ka5AdZ5aecRfNINwwtHJJkLobMgOEiZFswdluOWdcgnLrWV78JhemDObEKvznMuFEWGnF02D691Sf4qetPx0MOs8Qj8kX1mhVBQRDVUgA943y-qlX0QHWFlBsJ_v5WX8PTWIqAeDod0qNJNrSDxxcuJEfd4PmEQein7sY99JBGGh3L-oTFQ9yQFKZHdpi7W797hxUdW6cAhtXdSuuo2ucEVuXFMKWRu6u8yeECpVulDmiCTCqN8QS6e2bKEgTzWeDsBr_33NBvFoVDZ3LPwRYeOcMF80Q8P2Z8nykbHZwefHZZ7uzDUzBhtRrjlqykNJL9crm76wQrgn6XCq2wy7I77BWWwjYS-Gf87YoEOdtGFang66dHlrJhSeb7OBu200pBacRU_BWsvrnVLgrhHBBMRJjr0rq7YxaPTqa5A6D-FIyoEYHjKTn_FEDYZ7rizgnc3cT2SXO1HUgvffu50QUb-i3Cxkbb-L3hZXfhVhQcTGFmvbZ_a-&cid=CAASPeRokjNixDZMqvEAZ1pU86Kc9zRvj6Tw0zZ5ZI0axTRTNvX4vnRkMY75dHHznxfiGL_e1kqKr1MNPsHJXyU&rfl=1%2Chttps%253A%252F%252Fwww.heraldextra.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:32 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/ Frame 6EA4 8 KB
3 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:08:54 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6EA4 0
571 B 178ms
83ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2fqEBtyOP7_WnyyNPjmi-1GOAI5CCuiAkro-qcXPK-wUT_qX9ZDKleUPK9vAEPgTscigV6Jvv7ZaFwio5Whf3mtUOFa91pyBjM23_7vu67lYzBtFzQToQKKtfRO_8RBdmHDrJqKopXPUiltQi7JBJXdLmxa4Jqs6vt1yYSOZnR0pU2CaWlxeixEDpkovO2hxCdR8ykZ5SO0pLO-m-hN6Bdld1O3BIYQnUnukISIlUmbbC7Yy7OiRKrqPA-6O8gH2HzsomMbOe1ZcKMjdoXJiIWhLxzCNKD9SyAUcI0Y6r5eKKNvNlMEPXmrhmtOivFH8wWnyiRE678upOhihsGYouKw3N7-YPdcD6Dqt-Z4kCxZLQYheG7xOKpTb2uWX7lp_fJnUAYFVB2v7c8fy7E0UWs7hCx7ieH4bmvWwEfgmLiFAjGpSTIlE3MkT9yzsNTr1WIfPA9Hfu_O-2ZxZ3DVahGg-nREslHaA7bCMr6HbzGMf8djr0WjRYhARn9TEBxKkOqQgJQItnbu2gOnIB5_MGZ3BIBfvMkX4m7A_UI-6uGt_ELoEpNqXpMjloKRg0ftWwe1NGA60g6U0TMdDgIyIVJf1YRs3yRmLZIXpH77FXcpeo_7YYERiLJugy7u9LjY2yC2hVShhu2pk8tpd7F-2VN6RiwVVT8-XJGMhoWfPuoUFoFzVa7QGtAI10HXW-gSMXE0ixIiCzpgltGVvjqFSlEGHZVajUEierz-7PhflHHWjhUTbuZv6NBXIcfnFtVIecFVJIY-9jQA8LP-LEPuDctFZa7fdPA3SQQoeXBe-7q4X-Htt21GQVjGwB4gzT0fhuczJ3lxEs8DByJKMNn3NZOOlH0KVRj0V6D4zImbwhlhZDLkTRgN2lz0P9kYjZYZoNt5LG-x3EsH7eI_dYVX5M5oqjb7hWiNyUhlrrgYkAb9Nh5g49-GHNLUFFRTRAbcfI_CWFJtsqUaHjT1MeSLueAXvdd3iR9KKaToRqp_0cxjLMTu9qNa5D83hwCN6OmHVZDA5k7kRoiSSBkgpXEfnIkspNJHs6au9C3TtJBsor90JQAdFuZbhyoCfUhQvm_7MS312ChtnZ8EuVnk1eVZ28DeEoAMYMyS8mp-qDPR_vgkzyEmz092tnCoZzYglLMzKP5t1beQYPkXAKljpNolu03-RLosHvnySf2IKSpkMCF07tdHsW1KuxjOZbDE5RbQ_lSZ0JtNDQAvHzXVfrrjYjodbcJmAOYedBc3Tt85W2Kj81QbIJN5mVl2cnEoC-uh_duQvFzzVang-zSM45xzKXKJFkH92Jbyd-fz7ON3E&sai=AMfl-YRAilyndj1VI9FJx7qq6Z_EbVWtEpjVWFZJE1tvjz6sDyL-KklS6AZYeXgx6I52a_XtRAmsl16eurT82wZv-BQjY6gX0zRbpG7yL5NxQhO_up2qstUd6UnPnb8whWrLlCKJ9D1wZijGMTWLUndgjF42-z1b-faPIQ0wIGfh1DDK_TK6g8pRFctdV9v3UJryRCU1HB0TCOE0EFiwC6WeC-ghy2U6thTY-P-eKASWsMAiPCrpu1yJMzxu9qk6-g&sig=Cg0ArKJSzPGOOJVdy3YOEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220112.41533&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 17 Jan 2022 16:12:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6EA4 41 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 14:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6036
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Jan 2023 14:31:38 GMT

GET
H2 200 1591498100084333180
s0.2mdn.net/simgad/ Frame 6EA4 26 KB
27 KB 126ms
43ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1591498100084333180

Requested by

Host: 1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
URL: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f044e7343af1bdd69a9e370507745e72befb81609ac56c43f7ba4121d570fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 23:58:16 GMT
x-content-type-options: nosniff
age: 490438
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26590
x-xss-protection: 0
last-modified: Fri, 21 May 2021 21:58:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Jan 2023 23:58:16 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5F02 0
0 75ms
75ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssR-nwDJ_qwJV_7IgxI01cvPgOH-_k1Mhs65Febjl4XRsTk06URCL4YES8Te6Nr3WNeNI1RuDuSWujvrk3AfSr8Q__aujfAOGpIK-gHIbhF7U_N5kcGp0_YH6iJfZdJPlwqw16Bpu3LGKgE6Bp2cEv8xDXyR2Ho5Nkcs2mmRRPJG_orW4OjfApSCRN7RlsnQUS2G4XewmsRN4gpRdD5cPx3EglUUsDI46xzDte2f2K7VOKUqd8WCSbkHxZFju3iig450EcCaZfeAP7ZJBWCKSj0b0YL5dDSaUhxHLpJDONcf-CSvzDioMM0qWKVTx6NbWhEzG8r&sig=Cg0ArKJSzNGf9jrk6b5OEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
DATA 200
OK truncated
/ Frame 5F02 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 934014959d1c17c6d545a1d4f996c3abfb3614eb030ac44309802858976aa8c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 80A4 0
0 77ms
76ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuokhsVVukJ0EgXF7020spjDXiIY2K4BRdCXr2LJvwZZRslVLYk2Nb7adEHIs1C8yO3Njw5V1bqopaT1RtoFbHkgilRGhJ-6RwOsFMlRkWQwlcfXn9DgPgOdx7oaN4wYwOU5Bf8x519-u9-synzLtGYMtfQ2OCo7GotSNwVZ66rze9dBxMwA9s2mMHlCxVzFvVqBjrsV3iCZB0P2vOSUJ22kCz14Qlf2Ro4vpMbjFfHnvIv4lxPiCPeAJur3wvhIfNoZzp41L5i-Pyhl9dBJwNjPYDWkJsDuSc2mJrygKGg6O6C7lejlRycyazup1tGDb2HTKyFdvD9QQ&sig=Cg0ArKJSzHKOXj6iwOUREAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:12:14 GMT

GET
DATA 200
OK truncated
/ Frame 80A4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2061ffda18e481b644019e358dee22ac82f4544265677b5dc0eb1d2e62d26fb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6EA4 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8295e984ca075ff9edb9ad231b76057c8495f1f335fc19e3f7e8089269d41a92

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CB78 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 14:31:40 GMT
expires: Tue, 17 Jan 2023 14:31:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 6034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame CB78 35 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 15:43:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Jan 2023 15:43:08 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6EA4 0
60 B 75ms
75ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB78 0
20 B 71ms
71ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bvt2-XpXlYaPqCtiR7_UP1qOoyA8AAAAAOAHgBAI&bg=!j4yljMjNAAaocxMpqHM7ACkAdvg8Wm1oTLGLT8JAVK0Z5UfmpW7bPFQgGas5z9e7VoXZTidIEAmBsQIAAABAUgAAAAJoAQeZAzhPPQPy20KieptGyx3EgxrgAa0utXz5tpMklD5jXbtQQnayb77xHbUHfJZ4gCdSn5Zh4mxwuo93s7fNwoZUQcG9cibGtQKlP02bUpxNQ4fTBJUO0w6NQDO6oL-4GzBX3uEEIzpPTT6uOZc_1SXfwmETrNDXc2I-HxZxyrnU9JEHOil2lWp0ZLfaUlcS4ZcbDNkGlX7Ir6ZLjxEtA6eirC_sLg37ne9zEXhHXzTl_wyqpqjwPquOXcbr7tprFcmjhKOCQK-WZwFheCRYh1EwTIrNCtk9xqDmn0GOdF2JH7zEyNQlmXnajgPa_ac7qqSFRNGfdhmWV0x47pJDbIhKJDsmbp-DWfbVL_bzVKo7qzLcZdnKBRGWO4u05PUfA9DRJgavDX953KEuFPzSoABZJo3WxDG-SGeRLzinPZWSE6nIBCShuQD4_GAAX9aLceoXMs-lmOU0L2a0VjP6KyyF0uzIXHAuN76Bg1o7lANj6N2OzrKdOkc4Ew_NT2cLb8O8Hpp_8laWq9BTHM-odYkTmMOKzseDFhq19ORQRLztD8W__gQYYzrmApPZ8fukBiPWH6Valzlqcojq3-CtOfIh-vFftutM65lQ9aBZQ649BVgjl0IWaQn2rKy3UVNFgKLO0MtbNViUehG2Qp--YWX9enTWjMFrnYztGJ3Ok7n3LPCpAE4BlFWiyoMSPGJKo1SWZjPL8ovpL3WroVWRndcdDOf6AO4TOKGymQy9mOzW64XCfGrSYXPgh7NdOEU2sJrOvU83leBHZUxloaniOInfeBvrtetW8CZtABToKo4M5uyQxO3iHvtXcfMuwgcRHTqnU7GqaKWqYhv9nnWwixcAl-LSArS4W8RaQe6QtOe4urH0TlrXZFSwHS2vojd1RpYNCtrfr4oQUgHIltGacjXHvTpemqnfJ2V3mx8JLDbWJq4AP7eqN1LFDlUZC5Ww0IdSh_lFdnjqgZET9gW8jxl4_FVB_KozefWB2PlAtENxSaeJmOOUNefNB7iFRCh3N6qfIkBuBp2ILArHhRqYaHGy7upkDVeSu_7puHu9ennRFK-1umWS1Nc28jjE362ugM57xYgj4hW03-JI3w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A011 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssl6XVkqBa5mUli6dzqsWyGPcFIsKMWcZxRI3yW8tnY8qW8V1nKDIkLbDvwZmDPVaVVF8M5QUDIBhZ7FOU1ZCvUk6W4Uii8G7wgpKUhW2BC440PBUUI&sig=Cg0ArKJSzIRAEmHKfy36EAE&id=lidar2&mcvt=1000&p=141,436,231,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1409385974&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642435933925&rpt=401&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 80A4 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0tE8PKkWTTiTCsAU3TOtwsbSsoJvFBK8ORIIR_fVuu_LQzuPVdCWI1HsIdNtkPY_Ci4YdlDx6teqoaYtoHbKjey4WZy02P6mGtHGOl7mdrAxxLE2v&sig=Cg0ArKJSzJ9N3t1ccRgDEAE&id=lidar2&mcvt=1000&p=968,1170,1218,1470&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=0.93&app=0&itpl=3&adk=1942493593&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642435933949&rpt=412&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5F02 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvY5aXOnabwMHfSjNXoPKuqy4PkoKm251BZOegODapo3L4tDYQoUDt0Hdj1aSIYN7iXzkkzyAvAc86pba5c3NxZK4q9Yj8_bF9DZreNX42JplBkE4nh&sig=Cg0ArKJSzOoD7CagRfemEAE&id=lidar2&mcvt=1002&p=307,1170,907,1470&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=3131396195&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642435933930&rpt=417&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:12:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstHw7PjZEznmRKxzF1BpBuzO8FCDMfjBSB9SZ2nh9so2parRAq4EgOqpTm7I2x4sQr_M961IBoW4HhK4Z-AZ0Q_uGlPFhZUUveCKZLK18pA8ffLPgNvRIhXBggOdwCBRBelmwYpIIfhzElJeJofhPVhG_Y7h3bYgpQjAjjj-qiKqf3hBRbRFVbch9qFTp0bLEU4KY1oTnc8Goz5WiE80yojRGU6bjXvri8LI_p_WBZjt24EGgs7aBxr4C_KS9eZgUXnDCAxH5M142GwR0fooA-XxKaikfH-mm685-PdbNxFcCvrLmafPEXyJQqFztgL-4rm&sai=AMfl-YS22ehdT7JPj5kmATn3iRcsorU38PNs09m-4AHAEOEg4cmZ3pCQo--2BVRZuO7NsHrmbrNiKR0wzmFnsxIocHTacSxhkYVHUSLSzs-0GMAhMIapB7eAPnGKddXXGwg&sig=Cg0ArKJSzMoORokNNqUCEAE&uach_m=[UACH]&adurl=

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrbYrgA9wJxyBO6en13TQknGiiaYQqEeKFtqxOz9EGNyHzXrHcfNUZnw7_p86mGXE4_N-GxVOS3OxA8qDiG-OQ1-WzljfxZNFGHNBE6nKmpS6lZI9r&sig=Cg0ArKJSzGNy2IhRvMbdEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=0&app=0&itpl=3&adk=1409385974&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=3&r=u&rst=1642435931961&rpt=375&ec=0&met=mue&wmsd=0

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?1ULsHA

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
validate.onecount.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: recrbgqtrlr2lqki3nsflrjbd2
www.heraldextra.com/	1969-12-31 23:59:59	Name: oc-js-session Value: recrbgqtrlr2lqki3nsflrjbd2
.heraldextra.com/	1970-01-20 17:45:07	Name: _ga Value: GA1.2.652881321.1642435931
.heraldextra.com/	1970-01-20 00:15:22	Name: _gid Value: GA1.2.1741311163.1642435931
.heraldextra.com/	1970-01-20 00:13:55	Name: _gat_gtag_UA_92804485_1 Value: 1
.doubleclick.net/	1970-01-20 09:35:31	Name: IDE Value: AHWqTUmq98woKdrbnuDRiQ3H5tMSBx2VS-FtR5HB98B1uLCiBCc9ryqcRWM-45j7CrE
on-reg.onecount.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: recrbgqtrlr2lqki3nsflrjbd2
.onecount.net/	1970-01-23 15:53:31	Name: __ocgt Value: 4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43
.onecount.net/	1970-01-23 15:53:31	Name: __ocgt-243 Value: 4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43
on-reg.onecount.net/	1969-12-31 23:59:59	Name: SERVERID Value: chi-felb-chi-web03-cl01
.heraldextra.com/	1970-01-23 15:53:31	Name: __tempcookie Value: 4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43
.heraldextra.com/	1970-01-23 15:53:31	Name: realReferer Value: https%3A%2F%2Fwww.heraldextra.com%2F
.heraldextra.com/	1970-01-23 15:49:55	Name: _gcna Value: 0.4d49bef9f07e772e367a7607a51efac3de2703528c485c24d6ba5218b302ff43.1642435933.1
.heraldextra.com/	1970-01-20 00:13:57	Name: _gcnb Value: 1642435933.1
.heraldextra.com/	1970-01-20 00:13:57	Name: _gcnz Value: https%253A%252F%252Fwww.heraldextra.com%252F
.heraldextra.com/	1970-01-21 02:30:43	Name: _awl Value: 2.1642435933.0.5-d137b2fd582aa9b16c0b3e9429fafe73-6763652d6575726f70652d7765737431-0
.heraldextra.com/	1970-01-20 09:35:31	Name: __gads Value: ID=53f14dbe55b75408:T=1642435931:S=ALNI_MYIqKRJKqQnO8ESVVVLi0eu5ZCiig

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1a7bca0520beda65fce666988388005e.safeframe.googlesyndication.com
49361e4fcc210dc47a8ccc8b650d922c.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
butterbulb.com
c.amazon-adsystem.com
cdn-images.mailchimp.com
cdn.jsdelivr.net
click.icptrack.com
detectdiscovery.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ogden_images.s3.amazonaws.com
on-reg.onecount.net
pagead2.googlesyndication.com
s0.2mdn.net
s3.amazonaws.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
stats.g.doubleclick.net
tpc.googlesyndication.com
validate.onecount.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.heraldextra.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
142.250.186.34
142.250.186.66
172.81.88.251
18.66.109.174
18.66.112.33
18.66.127.89
2600:9000:223f:7400:8:48e:53c0:93a1
2606:4700::6810:5914
2a00:1450:4001:801::2006
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:808::2003
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9d
35.190.62.199
35.201.98.64
44.198.64.169
50.31.163.12
52.217.192.129
52.217.206.240
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
1118028f6efb56ef44a489c471c961d4651ed5b8ec57bad974b267ee9aadd395
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1a5d105cf2f2c04277319754d5926f2c056e1d0285b3862418887a5826652551
1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40
2061ffda18e481b644019e358dee22ac82f4544265677b5dc0eb1d2e62d26fb0
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29d16ed7093f4ddc6476c6cfa724b9bfd6716ce93d6c592a8649c6a88f7992c4
2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d
2e34273b1e42b6691f9ad914ea5d00997cea6f2695b8871c576372c50d128adf
2f044e7343af1bdd69a9e370507745e72befb81609ac56c43f7ba4121d570fb7
3238455dfdc898c2379d47d4294f194456ab0328d94835ba0ecba233fbf7f2fe
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
40110f7498faa8c9394743de0ac8ec779c19c6085ae35dd954e52d6bb26a17a0
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a803eb1240b5260b1cb3ab33c641823a866ce5b67e38bb09ee9ddee627cede
6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155
6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398
6f691920557484b78bd6d4125ec9425167d72801fd6d56b1faf4c8e25455985f
722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36
7a537efc2ae5b8c92d1106ff5c3a0142d9119c440044e007438abb2074235015
7c54a44fc3d28a30632b40cc987c838744ef32a8504247685bae514187263938
7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8
8295e984ca075ff9edb9ad231b76057c8495f1f335fc19e3f7e8089269d41a92
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8f57bfdc4a5ae7b75e3f29fb96aa86f701b137627c376b8a2759367433b15d2a
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
934014959d1c17c6d545a1d4f996c3abfb3614eb030ac44309802858976aa8c7
9ce077008495bf3b42de08f6e6a63ab802693be717238b211d51864b7afa5c3c
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3f17ba2bc114760b340474cc46aa4550be7d8c3e570e679807be30ad2dc53ed
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f36fa8e2fe4a6a07456cfeaca03da4b09e7ab4d8ce52558e50b35f3a98d8d3
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ae5f15d7eb477a6103ca2f5ff673430d33cf1be71a241f8f1b92e9c6a232fe1d
aeeff160edb90f5ae2c9af125ff24b84963f9696f2746e8457fff99f0c580818
afb68f877bf48ad869fb5df4fe8d3efb740f3bddbca610af78ec494dc8372f45
b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1
bb5fc5e10e63bd68b052ff25dbd083a87bc83c272473d9a0edc7b1dd9f22cfc6
bcdc3bcc6ec977b7b45e115e0d3eabec8728b3d67c22ed1ebbcda29a8d4a7b63
be03d977558d77feac4755ca74e5d8cccbe6f7f7c1b83c8e8a13ea5d067af2a3
be4be9738f9441c3ac7b010b9ff72c62aa0d3f6459ca5fcacabc5e050a303929
bff25bb684e20763177fc1204c049d141b44fdcbcbf6b1f7f3599bb1862b8100
c32feb0b2794d622e7fcd8fe31922ec811d1aff3265d1b438f4d8ce093549750
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544
c5e84c4c35343122397c6982786da5fada176a884521c9afc2a6292572474917
d1af9e632f6159358b4dc36f111a13192473cf00dc71d6b4d622eade022c30ec
dcd40d7ea51a4f2d21ee87b2f2cd27d05d186490424b6bbd7f67788446b8c13e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
eb66a3807316801bcea37697d7af86a86345dfe48f335e7f804f73df1a85fc5e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41
f9add41b34d28dd25695af28d7d87aaf8e4e3612aaa5b0d5d58d2df7bc000a6c
fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

www.heraldextra.com Open in urlscan Pro 18.66.112.33 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

162 Requests

95 %HTTPS

60 %IPv6

20 Domains

31 Subdomains

29 IPs

3 Countries

2543 kBTransfer

5392 kBSize

17 Cookies

11 Outgoing links

Page URL History

Redirected requests

162 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heraldextra.com Open in urlscan Pro
18.66.112.33 Public Scan

Screenshot
Live screenshot

Full Image

162
Requests

95 %
HTTPS

60 %
IPv6

20
Domains

31
Subdomains

29
IPs

3
Countries

2543 kB
Transfer

5392 kB
Size

17
Cookies

162 HTTP transactions
1 data transactions