Submitted URL: http://wwwproxy.uscho.com/
Effective URL: https://wwwproxy.uscho.com/
Submission: On November 16 via api from US — Scanned from DE

Summary

This website contacted 101 IPs in 10 countries across 69 domains to perform 516 HTTP transactions. The main IP is 104.248.50.245, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is wwwproxy.uscho.com.
TLS certificate: Issued by R3 on October 27th 2023. Valid for: 3 months.
This is the only time wwwproxy.uscho.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 60 104.248.50.245 14061 (DIGITALOC...)
5 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
4 2600:9000:211... 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
16 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 3.225.50.168 14618 (AMAZON-AES)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 167.172.136.17 14061 (DIGITALOC...)
15 2a00:1450:400... 15169 (GOOGLE)
1 3 2620:116:800d... 16509 (AMAZON-02)
5 12 2a00:1450:400... 15169 (GOOGLE)
3 130.211.23.194 396982 (GOOGLE-CL...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 142.250.185.230 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
1 2600:9000:230... 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 104.18.35.167 13335 (CLOUDFLAR...)
37 2a02:2638:3::3 44788 (ASN-CRITE...)
1 13.32.110.83 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 14 2606:4700:10:... 13335 (CLOUDFLAR...)
2 63.34.72.49 16509 (AMAZON-02)
3 8 172.64.151.101 13335 (CLOUDFLAR...)
2 6 145.40.97.67 54825 (PACKET)
6 216.52.2.48 30282 (AS-INAPCD...)
7 34.98.64.218 396982 (GOOGLE-CL...)
2 185.64.189.112 62713 (AS-PUBMATIC)
2 2a02:fa8:8806... 41041 (VCLK-EU-SE)
3 9 185.89.211.116 29990 (ASN-APPNEX)
2 2a02:2638:3::7 44788 (ASN-CRITE...)
2 34.149.20.76 396982 (GOOGLE-CL...)
2 2602:803:c003... 26667 (RUBICONPR...)
2 69.166.1.64 27630 (AS-XFERNET)
6 28 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
3 3.208.172.61 14618 (AMAZON-AES)
3 2600:9000:261... 16509 (AMAZON-02)
3 141.95.98.65 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 34.120.107.143 396982 (GOOGLE-CL...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 6 2a02:2638:3::c 44788 (ASN-CRITE...)
2 3.75.62.37 16509 (AMAZON-02)
2 34.249.27.149 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 48 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
3 2a02:2638:3::12 44788 (ASN-CRITE...)
5 17 142.250.185.66 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
3 178.250.1.6 44788 (ASN-CRITE...)
33 2a02:2638:3::10 44788 (ASN-CRITE...)
5 2a02:2638:3::1a 44788 (ASN-CRITE...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:401... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:d::c 44788 (ASN-CRITE...)
1 2a02:2638:3::9 44788 (ASN-CRITE...)
1 34.120.133.55 396982 (GOOGLE-CL...)
3 35.71.131.137 16509 (AMAZON-02)
2 18.195.212.171 16509 (AMAZON-02)
2 151.101.129.108 54113 (FASTLY)
2 2 35.214.220.3 15169 (GOOGLE)
6 2.20.65.233 16625 (AKAMAI-AS)
4 2.19.228.187 16625 (AKAMAI-AS)
4 104.18.38.76 13335 (CLOUDFLAR...)
1 67.202.105.23 32748 (STEADFAST)
2 192.96.203.13 30633 (LEASEWEB-...)
2 2 193.0.160.130 54312 (ROCKETFUEL)
5 69.166.1.67 27630 (AS-XFERNET)
1 2 208.93.169.131 46244 (WEBMD-IDC...)
2 67.220.226.238 16509 (AMAZON-02)
1 2001:678:cb4:... 56396 (AMOBEE)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
2 4 18.192.232.229 16509 (AMAZON-02)
1 1 54.165.249.28 14618 (AMAZON-AES)
1 2 52.50.62.11 16509 (AMAZON-02)
1 162.19.138.117 16276 (OVH)
1 185.64.190.78 62713 (AS-PUBMATIC)
15 104.18.36.155 13335 (CLOUDFLAR...)
1 2 209.54.182.161 16509 (AMAZON-02)
12 12 44.212.103.88 14618 (AMAZON-AES)
4 4 178.250.1.9 44788 (ASN-CRITE...)
4 2600:1f18:ed:... 14618 (AMAZON-AES)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2a05:d018:d29... 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (AMOBEE)
2 2a05:d018:cc3... 16509 (AMAZON-02)
1 2607:ae80:4::26 26558 (FREEWHEEL)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2 23.56.202.187 16625 (AKAMAI-AS)
3 69.173.144.165 26667 (RUBICONPR...)
1 34.249.4.179 16509 (AMAZON-02)
1 1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 45.137.176.88 60350 (VP)
1 134.122.57.34 14061 (DIGITALOC...)
1 1 34.96.71.22 396982 (GOOGLE-CL...)
1 98.98.134.242 21859 (ZEN-ECN)
2 2 37.157.2.229 198622 (ADFORM)
1 1 35.186.193.173 15169 (GOOGLE)
5 2600:9000:230... ()
516 101
Apex Domain
Subdomains
Transfer
75 criteo.net
static.criteo.net — Cisco Umbrella Rank: 668
imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986
csm.eu.criteo.net — Cisco Umbrella Rank: 10557
488 KB
66 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
1 MB
64 uscho.com
wwwproxy.uscho.com
json-b.uscho.com — Cisco Umbrella Rank: 763683
www.uscho.com — Cisco Umbrella Rank: 436452
5 MB
44 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
ad.doubleclick.net — Cisco Umbrella Rank: 154
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
479 KB
36 gstatic.com
fonts.gstatic.com
www.gstatic.com
encrypted-tbn3.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
csi.gstatic.com
480 KB
23 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
dsum.casalemedia.com — Cisco Umbrella Rank: 1396
16 KB
21 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 757
gum.criteo.com — Cisco Umbrella Rank: 454
mug.criteo.com — Cisco Umbrella Rank: 2926
ads.eu.criteo.com — Cisco Umbrella Rank: 10450
cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552
rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17732
rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16925
dis.criteo.com — Cisco Umbrella Rank: 597
179 KB
18 google.com
cse.google.com — Cisco Umbrella Rank: 3113
www.google.com — Cisco Umbrella Rank: 2
clients1.google.com — Cisco Umbrella Rank: 453
region1.analytics.google.com — Cisco Umbrella Rank: 3040
177 KB
16 liadm.com
i.liadm.com — Cisco Umbrella Rank: 539
i6.liadm.com — Cisco Umbrella Rank: 2731
9 KB
14 ingage.tech
ex.ingage.tech — Cisco Umbrella Rank: 9601
3 KB
13 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 513
eus.rubiconproject.com — Cisco Umbrella Rank: 602
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969
token.rubiconproject.com — Cisco Umbrella Rank: 458
45 KB
12 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
11 instiengage.com
geoip.instiengage.com — Cisco Umbrella Rank: 23858
auth.instiengage.com — Cisco Umbrella Rank: 19742
product.instiengage.com — Cisco Umbrella Rank: 22790
static.instiengage.com
cms.instiengage.com — Cisco Umbrella Rank: 35673
307 KB
11 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
acdn.adnxs.com — Cisco Umbrella Rank: 609
secure.adnxs.com — Cisco Umbrella Rank: 495
41 KB
9 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 212
576 KB
9 openx.net
insticator-d.openx.net — Cisco Umbrella Rank: 20623
oajs.openx.net — Cisco Umbrella Rank: 1656
google-bidout-d.openx.net — Cisco Umbrella Rank: 1665
u.openx.net — Cisco Umbrella Rank: 659
1 KB
7 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
sync.go.sonobi.com — Cisco Umbrella Rank: 931
5 KB
7 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 502
ads.pubmatic.com — Cisco Umbrella Rank: 534
image6.pubmatic.com — Cisco Umbrella Rank: 823
24 KB
6 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
1006 B
6 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
580 B
6 yahoo.com
connectid.analytics.yahoo.com — Cisco Umbrella Rank: 4351
ups.analytics.yahoo.com — Cisco Umbrella Rank: 327
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
11 KB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
181 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 406
104 KB
5 insticator.com
geoip.insticator.com — Cisco Umbrella Rank: 27186
event.insticator.com — Cisco Umbrella Rank: 20071
401 B
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
6 KB
4 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 351
1 KB
4 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 890
s.amazon-adsystem.com — Cisco Umbrella Rank: 310
2 KB
4 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
cdn.indexww.com — Cisco Umbrella Rank: 1531
3 KB
4 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1383
ssc.33across.com — Cisco Umbrella Rank: 3592
ssc-cms.33across.com — Cisco Umbrella Rank: 923
5 KB
4 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 863
id5-sync.com — Cisco Umbrella Rank: 440
35 KB
4 btloader.com
btloader.com — Cisco Umbrella Rank: 877
api.btloader.com — Cisco Umbrella Rank: 948
24 KB
4 cloudfront.net
d3lcz8vpax4lo2.cloudfront.net
167 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
724 B
3 google.de
www.google.de — Cisco Umbrella Rank: 6862
580 B
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
3 dotomi.com
web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 3773
casale-match.dotomi.com — Cisco Umbrella Rank: 3027
619 B
3 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139
creativecdn.com — Cisco Umbrella Rank: 592
2 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 976
bcp.crwdcntrl.net — Cisco Umbrella Rank: 887
id.crwdcntrl.net — Cisco Umbrella Rank: 2498
12 KB
3 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1245
pixel.quantserve.com — Cisco Umbrella Rank: 964
cms.quantserve.com — Cisco Umbrella Rank: 764
10 KB
2 adform.net
c1.adform.net — Cisco Umbrella Rank: 599
1 KB
2 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1578
562 B
2 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1356
363 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 228
1 KB
2 turn.com
d.turn.com — Cisco Umbrella Rank: 1384
ad.turn.com — Cisco Umbrella Rank: 851
425 B
2 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 547
1 KB
2 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 868
1 KB
2 aralego.com
sync.aralego.com — Cisco Umbrella Rank: 3112
826 B
2 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 940
469 B
2 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 559
2 gvt1.com
redirector.gvt1.com — Cisco Umbrella Rank: 3518
r1---sn-4g5lzner.gvt1.com
1 MB
2 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1591
667 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 946
1 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
109 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
162 KB
1 ctnsnet.com
cm.ctnsnet.com — Cisco Umbrella Rank: 4186
444 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 726
187 B
1 company-target.com
s.company-target.com — Cisco Umbrella Rank: 1489
425 B
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2242
446 B
1 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 573
433 B
1 ad4m.at
ad4m.at — Cisco Umbrella Rank: 12394
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 566
654 B
1 ad.gt
ids.ad.gt — Cisco Umbrella Rank: 1474
189 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 928
278 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 689
1 KB
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 957
257 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1212
642 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
1 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 1762
8 KB
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491
3 KB
516 69
Domain Requested by
60 wwwproxy.uscho.com 1 redirects wwwproxy.uscho.com
48 tpc.googlesyndication.com 2 redirects googleads.g.doubleclick.net
wwwproxy.uscho.com
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
37 static.criteo.net securepubads.g.doubleclick.net
ads.eu.criteo.com
cdnjs.cloudflare.com
static.criteo.net
d3lcz8vpax4lo2.cloudfront.net
33 imageproxy.eu.criteo.net ads.eu.criteo.com
28 googleads.g.doubleclick.net 6 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
wwwproxy.uscho.com
16 pagead2.googlesyndication.com wwwproxy.uscho.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
15 fonts.gstatic.com wwwproxy.uscho.com
fonts.googleapis.com
14 ex.ingage.tech 2 redirects d3lcz8vpax4lo2.cloudfront.net
ssum-sec.casalemedia.com
12 i.liadm.com 12 redirects
12 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
12 www.googleadservices.com googleads.g.doubleclick.net
wwwproxy.uscho.com
12 www.google.com 5 redirects cse.google.com
wwwproxy.uscho.com
tpc.googlesyndication.com
9 www.googletagservices.com googleads.g.doubleclick.net
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
8 ssum-sec.casalemedia.com 2 redirects d3lcz8vpax4lo2.cloudfront.net
ssum-sec.casalemedia.com
js-sec.indexww.com
8 csi.gstatic.com www.gstatic.com
7 www.gstatic.com googleads.g.doubleclick.net
7 ib.adnxs.com 1 redirects d3lcz8vpax4lo2.cloudfront.net
acdn.adnxs.com
7 securepubads.g.doubleclick.net wwwproxy.uscho.com
securepubads.g.doubleclick.net
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
6 eus.rubiconproject.com d3lcz8vpax4lo2.cloudfront.net
eus.rubiconproject.com
ex.ingage.tech
6 ap.lijit.com d3lcz8vpax4lo2.cloudfront.net
6 prebid.a-mo.net 2 redirects d3lcz8vpax4lo2.cloudfront.net
6 cdnjs.cloudflare.com wwwproxy.uscho.com
cdnjs.cloudflare.com
ads.eu.criteo.com
5 static.instiengage.com
5 cm.g.doubleclick.net 5 redirects
5 sync.go.sonobi.com wwwproxy.uscho.com
5 csm.eu.criteo.net ads.eu.criteo.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 fonts.googleapis.com wwwproxy.uscho.com
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
4 i6.liadm.com ssum-sec.casalemedia.com
4 dis.criteo.com 4 redirects
4 x.bidswitch.net 2 redirects wwwproxy.uscho.com
ssum-sec.casalemedia.com
4 ads.pubmatic.com d3lcz8vpax4lo2.cloudfront.net
4 u.openx.net d3lcz8vpax4lo2.cloudfront.net
4 gum.criteo.com 2 redirects static.criteo.net
4 event.insticator.com d3lcz8vpax4lo2.cloudfront.net
4 d3lcz8vpax4lo2.cloudfront.net wwwproxy.uscho.com
d3lcz8vpax4lo2.cloudfront.net
3 token.rubiconproject.com eus.rubiconproject.com
3 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
3 match.adsrvr.org d3lcz8vpax4lo2.cloudfront.net
wwwproxy.uscho.com
ssum-sec.casalemedia.com
3 encrypted-tbn3.gstatic.com googleads.g.doubleclick.net
3 cat.nl3.eu.criteo.com ads.eu.criteo.com
3 ads.eu.criteo.com googleads.g.doubleclick.net
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
3 www.google.de wwwproxy.uscho.com
3 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
3 id5-sync.com cdn.id5-sync.com
d3lcz8vpax4lo2.cloudfront.net
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 api.btloader.com btloader.com
3 cse.google.com wwwproxy.uscho.com
www.google.com
2 c1.adform.net 2 redirects
2 cdn.indexww.com ssum-sec.casalemedia.com
2 sync.adotmob.com 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 secure.adnxs.com 2 redirects
2 d.adroll.com ssum-sec.casalemedia.com
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 dpm.demdex.net 1 redirects wwwproxy.uscho.com
2 creativecdn.com 2 redirects
2 aax-eu.amazon-adsystem.com wwwproxy.uscho.com
2 bh.contextweb.com 1 redirects wwwproxy.uscho.com
2 p.rfihub.com 2 redirects
2 sync.aralego.com d3lcz8vpax4lo2.cloudfront.net
2 js-sec.indexww.com d3lcz8vpax4lo2.cloudfront.net
2 csync.loopme.me 2 redirects
2 acdn.adnxs.com d3lcz8vpax4lo2.cloudfront.net
2 match.sharethrough.com d3lcz8vpax4lo2.cloudfront.net
2 rtb.fr3.eu.criteo.com googleads.g.doubleclick.net
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
2 encrypted-tbn1.gstatic.com googleads.g.doubleclick.net
2 mug.criteo.com wwwproxy.uscho.com
2 fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 ups.analytics.yahoo.com connectid.analytics.yahoo.com
ssum-sec.casalemedia.com
2 region1.analytics.google.com www.googletagmanager.com
2 www.uscho.com wwwproxy.uscho.com
2 oajs.openx.net 1 redirects wwwproxy.uscho.com
2 auth.instiengage.com d3lcz8vpax4lo2.cloudfront.net
auth.instiengage.com
2 geoip.instiengage.com d3lcz8vpax4lo2.cloudfront.net
product.instiengage.com
2 apex.go.sonobi.com d3lcz8vpax4lo2.cloudfront.net
2 fastlane.rubiconproject.com d3lcz8vpax4lo2.cloudfront.net
2 ssc.33across.com d3lcz8vpax4lo2.cloudfront.net
2 bidder.criteo.com d3lcz8vpax4lo2.cloudfront.net
2 web.hb.ad.cpe.dotomi.com d3lcz8vpax4lo2.cloudfront.net
2 hbopenbid.pubmatic.com d3lcz8vpax4lo2.cloudfront.net
2 insticator-d.openx.net d3lcz8vpax4lo2.cloudfront.net
2 htlb.casalemedia.com d3lcz8vpax4lo2.cloudfront.net
2 g2.gumgum.com d3lcz8vpax4lo2.cloudfront.net
2 ad-delivery.net wwwproxy.uscho.com
2 json-b.uscho.com wwwproxy.uscho.com
2 cdn.confiant-integrations.net d3lcz8vpax4lo2.cloudfront.net
cdn.confiant-integrations.net
2 www.googletagmanager.com wwwproxy.uscho.com
www.googletagmanager.com
1 cms.instiengage.com product.instiengage.com
1 product.instiengage.com d3lcz8vpax4lo2.cloudfront.net
1 cm.ctnsnet.com 1 redirects
1 pixel-sync.sitescout.com ssum-sec.casalemedia.com
1 s.company-target.com 1 redirects
1 match.adsby.bidtheatre.com ssum-sec.casalemedia.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 casale-match.dotomi.com 1 redirects
1 match.prod.bidr.io ssum-sec.casalemedia.com
1 ad4m.at ssum-sec.casalemedia.com
1 cms.quantserve.com 1 redirects
1 ads.stickyadstv.com ssum-sec.casalemedia.com
1 ad.turn.com 1 redirects
1 ids.ad.gt 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 lb.eu-1-id5-sync.com d3lcz8vpax4lo2.cloudfront.net
1 sync.srv.stackadapt.com 1 redirects
1 d.turn.com wwwproxy.uscho.com
1 ssc-cms.33across.com d3lcz8vpax4lo2.cloudfront.net
1 api.rlcdn.com d3lcz8vpax4lo2.cloudfront.net
1 id.crwdcntrl.net d3lcz8vpax4lo2.cloudfront.net
1 rtb.nl3.eu.criteo.com googleads.g.doubleclick.net
1 r1---sn-4g5lzner.gvt1.com googleads.g.doubleclick.net
1 redirector.gvt1.com 1 redirects
1 encrypted-tbn2.gstatic.com googleads.g.doubleclick.net
1 google-bidout-d.openx.net oa.openxcdn.net
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 pixel.quantserve.com wwwproxy.uscho.com
1 clients1.google.com wwwproxy.uscho.com
1 rules.quantcount.com secure.quantserve.com
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 connectid.analytics.yahoo.com securepubads.g.doubleclick.net
1 ad.doubleclick.net wwwproxy.uscho.com
1 secure.quantserve.com wwwproxy.uscho.com
1 geoip.insticator.com d3lcz8vpax4lo2.cloudfront.net
1 btloader.com d3lcz8vpax4lo2.cloudfront.net
516 130

This site contains links to these domains. Also see Links.

Domain
fanforum.uscho.com
www.uscho.com
stats.uscho.com
www.facebook.com
twitter.com
hockeyhumanitarian.org
Subject Issuer Validity Valid
wwwproxy.uscho.com
R3
2023-10-27 -
2024-01-25
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
btloader.com
GTS CA 1P5
2023-10-19 -
2024-01-17
3 months crt.sh
*.insticator.com
Sectigo RSA Organization Validation Secure Server CA
2023-08-28 -
2024-08-28
a year crt.sh
confiant-integrations.net
GTS CA 1P5
2023-09-20 -
2023-12-19
3 months crt.sh
json-b.uscho.com
R3
2023-11-05 -
2024-02-03
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
quantserve.com
R3
2023-10-28 -
2024-01-26
3 months crt.sh
api.btloader.com
GTS CA 1D4
2023-10-10 -
2024-01-08
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
connectid.analytics.yahoo.com
GlobalSign ECC OV SSL CA 2018
2023-08-15 -
2024-02-08
6 months crt.sh
cdn.prod.uidapi.com
R3
2023-11-02 -
2024-01-31
3 months crt.sh
oa.openxcdn.net
GTS CA 1D4
2023-09-25 -
2023-12-24
3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2023-09-06 -
2024-09-30
a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-09 -
2024-01-06
3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01
2023-10-08 -
2024-11-05
a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4
2023-10-24 -
2024-01-22
3 months crt.sh
*.ingage.tech
Sectigo RSA Organization Validation Secure Server CA
2023-07-28 -
2024-08-11
a year crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01
2023-07-17 -
2024-08-14
a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3
2023-05-21 -
2024-05-20
a year crt.sh
*.a-mo.net
R3
2023-11-07 -
2024-02-05
3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2023-05-06 -
2024-05-04
a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2023-08-18 -
2024-08-18
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2023-04-20 -
2024-05-20
a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018
2023-06-09 -
2024-07-10
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-26 -
2023-12-23
3 months crt.sh
ssc.33across.com
GTS CA 1D4
2023-10-28 -
2024-01-26
3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-05 -
2024-04-03
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2022-12-06 -
2024-01-07
a year crt.sh
www.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.instiengage.com
Sectigo RSA Organization Validation Secure Server CA
2023-05-09 -
2024-05-24
a year crt.sh
*.id5-sync.com
R3
2023-11-01 -
2024-01-30
3 months crt.sh
www.uscho.com
GTS CA 1P5
2023-10-20 -
2024-01-18
3 months crt.sh
www.google.de
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-03 -
2024-01-24
6 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2023-12-23
3 months crt.sh
misc-sni.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.nl3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-30 -
2023-12-25
3 months crt.sh
*.eu.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-17 -
2024-01-18
3 months crt.sh
*.fr3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-07 -
2023-12-30
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2023-02-02 -
2024-03-03
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01
2023-06-14 -
2024-07-12
a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1
2023-03-27 -
2024-04-26
a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3
2023-09-05 -
2024-09-03
a year crt.sh
*.aralego.com
Sectigo RSA Domain Validation Secure Server CA
2023-11-09 -
2024-12-09
a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01
2023-06-21 -
2024-03-02
8 months crt.sh
*.turn.com
RapidSSL TLS RSA CA G1
2023-03-22 -
2024-03-31
a year crt.sh
*.eu-1-id5-sync.com
R3
2023-11-01 -
2024-01-30
3 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-29 -
2024-02-21
6 months crt.sh
d.adroll.com
Amazon RSA 2048 M01
2023-10-09 -
2024-11-07
a year crt.sh
*.ads.stickyadstv.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-04-19 -
2024-05-19
a year crt.sh
*.match.prod.bidr.io
Amazon RSA 2048 M02
2023-02-09 -
2024-01-26
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2023-03-23 -
2024-03-23
a year crt.sh
match.adsby.bidtheatre.com
Go Daddy Secure Certificate Authority - G2
2023-06-20 -
2024-07-21
a year crt.sh
*.sitescout.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2023-01-09 -
2024-02-02
a year crt.sh
*.google.de
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh

This page contains 68 frames:

Primary Page: https://wwwproxy.uscho.com/
Frame ID: 66F7280222E5338A839980553D904A29
Requests: 186 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 262919BBA530A05CDD9773CD6AC9E48C
Requests: 1 HTTP requests in this frame

Frame: https://auth.instiengage.com/auth/index.html
Frame ID: 380F77A5308EC41E3A822F7C769D53BC
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&adk=1812271804&adf=3025194257&lmt=1700156092&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092282&bpp=4&bdt=2038&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7796994645410&frm=20&pv=2&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=365
Frame ID: 06FD1778BAE3654402CE4BE7B7534FAC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Frame ID: B0F5F5156995411F6F8D20D038B7751B
Requests: 35 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wwwproxy.uscho.com
Frame ID: EF5BD0E2D76CB6D94E41E3A983D7A39C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Frame ID: EDE0AB8E65D99C68012154B7B47AD3A6
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Frame ID: 815124C6C8C7E1CFC897D844AEB8A23B
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Frame ID: 3CFF6C43CBE051664B6DE9BF1B420C43
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Frame ID: E5955BA69C659E22E77087741FAD1148
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Frame ID: C64AA772098BF87DEABA54F8EDF82B67
Requests: 9 HTTP requests in this frame

Frame: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9DF211BE2FFD6E9884CACECA003982D9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Frame ID: 45D83EC42A20B42887D5ED8F55918FFC
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Frame ID: 6C59CF72B46E0F7016B7F14BA0627A00
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 24937520FDE38B22FFF5B63648BAC257
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 0254C03E1F7412B1CF8BC51E4A70D0DC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Frame ID: 0655901228F27B8E143B1C345C37F41F
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 893EA234554698F97E74A98689EA6B27
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: FC572CFAB4A0DC6F8DA6B6CCC2ACE909
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 911C25F76338CB50FCEBE3709C9645B5
Requests: 2 HTTP requests in this frame

Frame: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2165F790267E8FBABD1531A10CCAC4F3
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 7565A8E20F2B4597743F7D4C393BC330
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Frame ID: 36C20DE9C41DD934443634978486660E
Requests: 19 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Frame ID: 0662958765D248CB08AEE65E3837DA96
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 638B9A15756598AB74A4956E95C90FA4
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 8149794C4AB8BBEBE4BEA056ED275075
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 0C818CE3894E41C5D17A68D7EF47B34F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 46ED5017AE314E2924BA03563E79F647
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 95DB2551B710C1FC722971A4EFA6C3A1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 21DF8AF6EAF0D61FB1E3BECD97BF7E9C
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406715
Frame ID: EE86159B73EDB4637EEFC42DFA8AD443
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: F8A6E44DD27809BF5E1C7D8FE45FD78D
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Frame ID: EB10F9EF5E30E532062BAD2FDAD2161D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: F595CC26A0BBC90DC150FF324DBB5ACF
Requests: 3 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=5622d513-ce14-4dca-b66a-4ef733d2e09b
Frame ID: C4AED4C9B6A06BB3147E62B5265ABCC8
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%24UID
Frame ID: 64134F272AAFD72624AA6B55D9CC10ED
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Frame ID: 9F4D361A09B958AB5978D0D19CC08273
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: AB1519E4FFAAC2E7E7FFE14ADCE3A15A
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
Frame ID: 13641D8C8A36C11680E560D9BBC4AA8E
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: AC63150353724E7C72D3340FB4C48C9E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E92C2B24AFB4EA3CABBE94251CC88C99
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Frame ID: CA9C241B58477947C15D98BC98C57B3C
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 627BDD5F74875512C551E4632AC0324B
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Frame ID: 0857C48ED5ED3A739DAE8394AE2C75B3
Requests: 10 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 105134C0408D789F0E902236B4591F8A
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A6C2740C7C05E024FDA2F026C01E5761
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DPM_UID
Frame ID: 1F9F78B5F151C51CF5900176A5DA0B57
Requests: 1 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DUCFUID
Frame ID: 807AF2AA65DD9C0E486833C528CB5A46
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%24UID
Frame ID: CDED4B2E149F2C100117C510E71BF279
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=dc8afd6f-8f60-4baa-a118-cf16cb2b6c87
Frame ID: 6EE0996CBAAECA75ADA25944C6EAABD6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Frame ID: 6858A706828F1D214C1FFD08C90512D9
Requests: 2 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 0C20891AF83E2ED1606D33CD9F2CD8F1
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Frame ID: A0EA4344F068E9E2F95F672E8BC313D2
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406715
Frame ID: BDD56C13F88F8D7BDE757D3F20177C84
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 5E9E34BEBE44CD16FAEB3BB1B2608A8E
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Frame ID: FE41373C614C41F2B299F43E025922F3
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
Frame ID: C9D609E5F8FEE3620E281CFDDF35CD55
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: 8433225B619DEA3D5CC6AC211E3E8A1A
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DPM_UID
Frame ID: BA3F8DDA8EDAA5BEC209196524ED3329
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: 3C2E97CB637068C68734B6C8B308C1FB
Requests: 4 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DUCFUID
Frame ID: 3364F2AF79E2AF316DD49247D65B3F70
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Frame ID: C1E2D50673AB4CFDA7C54122C53AF45F
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 9185B84C00C1DAAD2EFAA295B4681AC8
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: ADA11DEE9AE4B209ECAEF705143AD6D6
Requests: 10 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wwwproxy.uscho.com
Frame ID: 447059060DE1BDB204DF3D97EA1E0933
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 928A887734FA75D6EBE58CF6231B841A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 21CB349416F681A8E8869512A02657ED
Requests: 2 HTTP requests in this frame

Frame: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Frame ID: E20148396C729DC41D21802E956AFE29
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Men’s DI College Hockey - College Hockey | USCHO.comsearch

Page URL History Show full URLs

  1. http://wwwproxy.uscho.com/ HTTP 301
    https://wwwproxy.uscho.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • bootstrap-table(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

516
Requests

92 %
HTTPS

50 %
IPv6

69
Domains

130
Subdomains

101
IPs

10
Countries

11180 kB
Transfer

19767 kB
Size

87
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wwwproxy.uscho.com/ HTTP 301
    https://wwwproxy.uscho.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65
  • https://www.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto HTTP 301
  • https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
Request Chain 143
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
Request Chain 173
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=uscho.com&sn=ChromeSyncframe&so=0&topUrl=wwwproxy.uscho.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=pZw0kXxYcHp4U3YzMCtvc2VGUUptRWhYVHJNVWphdHdaUG5kaVQ5aUtlT3ZiUDVHeUJSaktjYXQrZjM5RlNBMWoxUlorOGVlL0pHN3cwTWMvTFdBUmJONFRYa3pDM0N3cm9hWnkwcWhZYW1VTGhlNlBEcVZFS2xBeFFuNE1UcE4vRnFybElYMHBEWnh1M3RWUTQyeEJVVDZzRFJ4RU1WcUp2NTBEeUczQS9pendGbjV5a0NielArLzJBUmpWWmV5b3hOUDIxV0ovWENoOTQ3eHA3Um5RSDQxWkFGZVMwUXMxd25EUHRBUEJpQVRQQXJwSnZrQWVOOXFQMk5iZFhhZmJWWUJWZW5wSlh2cnVEdnBESTlzZ0poR05zdz09fA&cppv=2
Request Chain 181
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CTsoevFJWZa2lMOjvtgfvm5W4ConEjeNx7uCl9PAQ2tkeEAEg4Y_1AWCV-viBlAegAfjg9PoDyAEJqQK_2Gm_FTSyPqgDAcgDywSqBIsCT9C2SggL7y3JA_wyd2xDsW364GiIk2x9ZqLCSfQP9y-8zgYDIYO2dCDSZ25yXV511TtFI9cOEIe3h8aWTPdgtdauxnX2ZnCsPHEIj8FR-xQ0XZ0oTTXWF2uIx1eM9msZGLH_J4-SjLJ05zcyhw10pYcZD6yGEocLTisUd9grpxJl4BGxhFmhaT8ovNDD243QQVm3Tu7xR-N2pRH-17glNSgLKCGxaZzGjMCsLCFwTDt2db1IT2Um02aqIoxHzFLQLO4XYqkzLQp13ciJvZstDrJ31w6EKLntD2x-WBXKiCI1XxktDUrOzJG1pAgrBMZRsagzorQ4uzf77soT0gofJaw6TmIYf82kXqXtwATb5cXymQSIBd6w3spGkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_CeiwWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDAtgTSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkgaHR0cHM6Ly93d3cud2Fnby5jb20vZGUvbHAtaGViZWyACgHICwGiDBAqDgoM5LSxAu61sQK1uLECuBPkA9gTDYgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi00MTkxNjQ3MjQxNDg2ODgwGAA&sigh=7U-HIld2Rg8&uach_m=[UACH]&ase=2&cid=CAQSTgDICaaNVNlBp10rc45kLsOS-Fnyh40nQJJCAefbsS3NTBkejTJqJ6rhfqsldUhaKow3yiBOzWRJkkPe7HvxTGS-2FNJ9_pWVHwCFfyfRRgB&template_id=484&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223489421630149092647%22,%22debug_reporting%22:true,%22destination%22:%22https://wago.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221063071864%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22740917203004811921%22}&andc=true
Request Chain 198
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 253
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CjE35vFJWZbawNIbwtwfFkKiYCpr1y4t07dDqzIoS2tkeEAEg4Y_1AWCV-viBlAegAYeDv_cDyAECqAMByAPJBKoEigJP0P_Xy8Y9yU8E_8IDhyQVW6g-FRY1n9W8u_iXeAklFbb9FwVdTToUhX_5DHepcQXdZdq--mQIClmMb7yV38EhyYoksxXWO77BFk2wDtgHuItkXAbhBxQ-COkIKKDcX3ObW1HEz4XwYYDtLtU9eJq3rmMalVfSJZk9kG5Ygdp4vGhhyX-ukuJER6JMy09En-X_6qbFiz93TSh3_UPk-LAgKbVdAFeJlE6dYRNUXo5_ktn9_nd6xgJrbZ7q57uQJGnvTE4B8Z-Z4hKAWcz7e4EPNRQRi5_vNihHcYOJkShbyCSkQPsnw0B8rb94QHU0Gu5x95Kg6ooOmHwoDAuWdNRsvA4MSWkCb2DOQ8AEp7yG0MwEiAWQkaSdTZIFBAgEGAGSBQQIBRgEoAYCgAeroqEjqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ3pYD0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJe2h0dHBzOi8vd3d3LmxpZ2h0aW50aGVib3guY29tL2MvbWVuLXMtcHJpbnRlZC1zaGlydHNfMTE1MDg5P3RvcF9waWQ9OTcwMjI0Myw5NzAyMjQ0LDk3MDIyNDEsOTcwMjI0Miw5NzAyMjQwLDk3MTc4NDIsOTcxNzgzOIAKAcgLAaIMECoOCgzktLEC7rWxArW4sQLYEwzQFQGAFwGyFxwKGggAEhRwdWItNDE5MTY0NzI0MTQ4Njg4MBgA&sigh=ndgQxEznEYY&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTwDICaaNLASCSvQSBiWvFbrtsi9GEpvWmuyIi74wAX7KcMINgEx6n8VIgb2_ujr1VZUgaYfiLtEtn_ltn8cUulTgkas_VwPCCbsGFga2MDQYAQ&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211163127113421641040%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217514279361110489265%22}&andc=true
Request Chain 261
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U HTTP 301
  • https://tpc.googlesyndication.com/simgad/7103612115487317334
Request Chain 267
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCgyafZFBCgEBigEDIIRSpaM6LlJqg HTTP 301
  • https://tpc.googlesyndication.com/simgad/4074894803268433091
Request Chain 279
  • https://redirector.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=3965C6ED1228443145EB1DE1CAAB277D5A909CF9.64E46FF46907C15EA6E4C3C1655B2D145E67FE5D&key=ck2 HTTP 302
  • https://r1---sn-4g5lzner.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64AF84D478EC4394471B4C8972A34E9DF7A50818.50BFC8EE4D72AB0BDB1A197E1BBA8FD33B31EF1D&key=cms1&cms_redirect=yes&mh=f0&mip=2001:1b60:2:240:3247::9&mm=28&mn=sn-4g5lzner&ms=nvh&mt=1700155332&mv=u&mvi=1&pl=29
Request Chain 292
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 293
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CMNJ8vFJWZerVNdyHwuIP5oaJoAqa9cuLdO3Q6syKEtrZHhABIOGP9QFglfr4gZQHoAGHg7_3A8gBAqgDAcgDyQSqBIoCT9AXDD3DTbLoXcn2Kl2tjktLdG-MgPfuq8xArC-nr0RY52ZiBsMeGBY8PjuDlsNQghBKJElqCqK7XdCMPVD5wp3gWJ8GcLHoLZCvJ5GbnWYeOu-TGe72Ao9F31BmcDF8ZIu4-igDWdNB90zORgQyJuH2RjGZoiXWWk-WpQCxdyBzQh7m1xgNLMy40LIOlvgl-8HV-hR5GGFjCQ3E6fMpCJ0CIZ1hyMkaBXx1vAtOcY87sTlC2lUf5RZWK8ZF4sJd5bu1aokp191njdrs8KxO7tJpvljqVcuHHK7XFMOQi8XC9UzEOMhBrukyDO14SwC9R3K4RKLaR2_BimR59rB7ViDIU_JwZR4cF3TABKe8htDMBIgFkJGknU2SBQQIBBgBkgUECAUYBKAGAoAHq6KhI6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEILvAtIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCXtodHRwczovL3d3dy5saWdodGludGhlYm94LmNvbS9jL21lbi1zLXByaW50ZWQtc2hpcnRzXzExNTA4OT90b3BfcGlkPTk3MDIyNDMsOTcwMjI0NCw5NzAyMjQxLDk3MDIyNDIsOTcwMjI0MCw5NzE3ODQyLDk3MTc4MziACgHICwGiDBAqDgoM5LSxAu61sQK1uLEC2BMM0BUBgBcBshccChoIABIUcHViLTQxOTE2NDcyNDE0ODY4ODAYAA&sigh=_UXnYAjCmfE&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTwDICaaN0tdbctNHR7GVDvpiG9U1pVHTvMJgBfDW17B1HWnAKNnBqSMEeIqOOSLd5PrOuygHah-_bKtERkxlh9URmoSY6He43jNEWvK5h8EYAQ&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225154838738701500729%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222989270465262815089%22}&andc=true
Request Chain 298
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C_lmhvFJWZfa0LImLtweY8LGQAviD_51048fQlqMRl8aGmqk5EAEg4Y_1AWCV-viBlAegAePAq8cDyAEJqQJR6kGdDTGyPqgDAcgDywSqBIUCT9ClJGXIaiqHArGhes7k48ItT4rlR_sBYcJJPylkpPldsnsckGcCeKX8ShfO2Lk_o36tBcWbschx_mH7IGLUJsXOOV42eUuONIyhpKGodpgE4CKfad9dsmoo1A2Liw80bakBd5M-1spvr2llqXM6ETp779CzwbXx0ALKgf89Ljtt_aBCEgFjOADepPDAZZ-uRw5Nat5yvO1NbECue9zk1ozeCgNTp7RfQd3KWmHPw7KxMf0lB91wabNWh6NgSmUskvzepjhxEAl-6VhxBiifv1AAmoGYdeHeurHxciQc-R4V9si9BG1qkJln_RedJZzzFtbApBbezGi52xcMtoB9D83Rt_luwAT59pq-mwSIBbHU0upJkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB9H_jCaoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQ9JIi0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJI2h0dHBzOi8vd3d3LnN0eWxpZ2h0LmRlL0Jla2xlaWR1bmcvgAoByAsBogwQKg4KDOS0sQLutbECtbixAtgTC9AVAYAXAbIXHAoaCAASFHB1Yi00MTkxNjQ3MjQxNDg2ODgwGAA&sigh=2ewrBcirU9o&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTgDICaaNeIGnqXalg_rpd55HcgoBAN_wqSEEKCW2dv9hA_i0O9E-Ru6p51hSohIaFoztEnTz71e5lko8KmmLkEU_S2o4AE5lz4W0LRxs9BgB&template_id=499&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222162907265408429949%22,%22debug_reporting%22:true,%22destination%22:%22https://stylight.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22954916963%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210950554646605436833%22}&andc=true
Request Chain 305
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 326
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C9lnPvFJWZYHAN8mLtwfanq74AfrZ7pt0wdi2nI4StP2ai7IDEAEg4Y_1AWCV-viBlAegAc-vjMwoyAECqAMByAPJBKoEgwJP0GjGPmZ6HuYJvOWmxb68uAnpXbIYR6MvGP6QxgEyydQ2-C_eDBMquDYIU65LJ3G_JEDhgW_nsTTBnqo6QCyZMNabDsdL8mYFzLl0nx8p6wjXkhuM7Z33iF-O2Sh0CnXfA3JN44dtXKBrCiF0ljYGEIfNeZB4XrPDbaM_7WdN7mna6NLJt6PcaIvStdLys7xCtrtwpUU3Vw2sADWLQQaYl-Nm3u6Dhxt6rFvXHBFCdMpNLgtj6xDHVQiTV1Y-w3bX3gbJC9EywZaPhgz5TelX0voTfu2h-5BbLeco7sCrR15KTTFH10yL90MfBsPKUcmJ9ZvpHWeKcFvrvhFQb_r0ZCqtwAT4l-SevASIBf_d-dxLkgUECAQYAZIFBAgFGASgBgKAB8_n3KsDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQtP0H0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJoAFodHRwczovL2RlLnNpbGtzaWxreS5jb20vY29sbGVjdGlvbnMvcHVyZS1zaWxrLW5pZ2h0Z293bj9zb3J0X2J5PXB1cmUtc2lsay1zZXh5LWxhY2UtbmVjay1zbGlwLWRyZXNzZXMmdXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1nZG4mdXRtX2NhbXBhaWduPTIwMzI3NTkxNjc5gAoByAsBogwUKhIKEOS0sQLutbECtbixAru7sQLYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNDE5MTY0NzI0MTQ4Njg4MBgA&sigh=nJldltKuL0Q&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTgDICaaNin4pQT-OnlnHhXJRVSNSec4XyrL8KLhPUwZCnwAiCIPCEcxT0joMTfGEHtaIG-8Q3VQCniqPJP_KM-f_fsuNU0y9Vun_a7xPVhgB&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225501651140982028927%22,%22debug_reporting%22:true,%22destination%22:%22https://silksilky.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210897004495%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22947900785217907745%22}&andc=true
Request Chain 347
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CkRp4vFJWZevkKZTItwetkriABf6i-px0y4XMwYYSgsKDw8EBEAEg4Y_1AWCV-viBlAegAfnwpbgByAEBqQK_2Gm_FTSyPqgDAcgDywSqBIECT9Bn3J89nCZTIhUkkv6cO3VjCZmMgABfnwXDMobzBq0oIqmjTqhKIORJTG19fUrv4mMAWHuOBZ7ENDyA1yUCL9QrXvyzDsoqVbgsYLHSvCCS3XoKiqvlR43-o2Y1mwrU0siNz3QJ-1Bzm6qN4jvKj_rtsJ77icra9ge4iNFJDpczzPYFv0ZzTRN2dJF8iwTTDGFVI2J8HYFZ5VpDrufEXKkkHQk-PqUkkPe_lt2P5FOZeyhtleUTjK0pQVKAAdvEwW-4s_lUnkuxfZ3yTdk8NuNkz2RI3in3OCGvBejEAg58Wa7OJ1qiDCyq31Rz1FgGR_Vr0y9wUY5JXavMDgVQ-WjABKqy7-_EBIgFidmIkE2SBQQIBBgBkgUECAUYBIAH747axwKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBD5owbSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mglnaHR0cHM6Ly93d3cuaG9mbWFubi1ob2ZtYW5uLWZjYS5kZS9oYWVuZGxlci9maWF0L2FuZ2Vib3RlL2FuZ2Vib3QuY3BzUHJvbW8uc2FsZXMuZmlhdC1ha3R1ZWxsZS1hbmdlYm90ZYAKAcgLAaIMECoOCgzktLEC7rWxArW4sQLYEwqIFAHQFQGAFwGyFxwKGggAEhRwdWItNDE5MTY0NzI0MTQ4Njg4MBgA&sigh=yZLBbbRI6SE&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTwDICaaNOO8luwuoztMnN9OB-7SlLxIY-4RHgUqLtVk2JHR48DLq03nPBqHjROZc-0J6wn0_C4zTMGIOkuLFPYhEUH1LwFjffMfuDwVCGZ0YAQ&template_id=5001&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210655591615244792552%22,%22debug_reporting%22:true,%22destination%22:%22https://hofmann-hofmann-fca.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22386496633%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216572019114648612417%22}&andc=true
Request Chain 348
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 406
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6 HTTP 302
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Request Chain 408
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%7Bviewer_token%7D HTTP 307
  • https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=5622d513-ce14-4dca-b66a-4ef733d2e09b
Request Chain 410
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Request Chain 417
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Request Chain 423
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%7Bviewer_token%7D HTTP 307
  • https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=dc8afd6f-8f60-4baa-a118-cf16cb2b6c87
Request Chain 426
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6 HTTP 302
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Request Chain 429
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D HTTP 302
  • https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Request Chain 435
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D HTTP 302
  • https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Request Chain 436
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928320223993
Request Chain 437
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1a1bed38-7d99-43d5-bec5-751de3b970ab&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=MExWczZLLUdmTl82MUxQaS04bVA0QQ&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEEznKE370c-wVYMbhTabGbg&google_cver=1
Request Chain 439
  • https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=2638324055642456530
Request Chain 441
  • https://creativecdn.com/cm-notify?pi=sonobi HTTP 302
  • https://creativecdn.com/cm-notify?pi=sonobi&tc=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=2iUNnjyy0vwCxk3yArncJvSr1j_ghODgUnvNwQZmJxc&pi=sonobi&tc=1
Request Chain 442
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWExYmVkMzgtN2Q5OS00M2Q1LWJlYzUtNzUxZGUzYjk3MGFi HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEPYIbFqNAht_cGHKtbBDCAo&google_cver=1
Request Chain 443
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427&google_hm=ZDFlODcwMDEtYTdkZC00MGYxLTkyYjUtM2VjN2RmY2I4NDI3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKm3uoBYLcPyVB7hmOZ3CJs&google_cver=1&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427
Request Chain 444
  • https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=0INoe5JwVz9c6yAyaNKsLNly2hs
Request Chain 445
  • https://dpm.demdex.net/ibs:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab
Request Chain 450
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZVZSvyO0oWRlGMviBNFxBwAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEG16SCXBDHXkQ-ZII_oFJsQ&google_cver=1
Request Chain 451
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 452
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=0c086f2bf6ad4d8eb13518a87f0655dd HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Request Chain 453
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAzGxqqAIC8Cy1A5AA2-27Q&google_cver=1
Request Chain 454
  • https://ids.ad.gt/api/v1/index?cb=https%3A%2F%2Fssum-sec.casalemedia.com%2Fium%3Fsourceid%3D15%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0ea96lcied6babhbe8g68li86lb8flccc8dabackkc2jl
Request Chain 456
  • https://ad.turn.com/r/cs?pid=21 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2654784360710305845
Request Chain 460
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=175131265f43448698e8366e3b96903b HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Request Chain 462
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
Request Chain 465
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=OLgzWzu_ZA4j7z8JaL4rXD3rYl8jtDIPOb05duUD
Request Chain 467
  • https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588527496609376
Request Chain 469
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Request Chain 476
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Request Chain 477
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=598ecd43fea2404db733be5c69124556 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Request Chain 480
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700242496
Request Chain 483
  • https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATION%5D&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Request Chain 487
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=714a835545ff4e73aa05d0ec9e51aa0a HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Request Chain 488
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1715880896&external_user_id=05e7a862-27ec-47a8-a6fc-c80d537657b0
Request Chain 490
  • https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=2056997978948887281&expiration=1701365696
Request Chain 492
  • https://cm.ctnsnet.com/int/cm?exc=19 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=805a11e62ea049a3acb762db688175d2&expiration=1702748096
Request Chain 493
  • https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATION%5D&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Request Chain 494
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
Request Chain 506
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=uscho.com&sn=ChromeSyncframe&so=3&topUrl=wwwproxy.uscho.com&bundle=4v_ER19adUUzV1loUENtdjBKeG10TW9rUjVOT0VpS1dWRnlrVFJVbSUyRjJDSWpYJTJCc3YybUF2N2p0TEVEM1hITWVBMW1LM3ZxeTdQc0ZmNHBDeGclMkI4TExWSjFuazB0N0ElMkZZUW9HNmthNEk5RDF1Wm5mTFBZNmlpOE9KSkI0cHNieGFNOFF5TnZ3d2dYM05IeWNIbUU1aSUyRnZUQUhBJTNEJTNE&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=vtdLk3wwTURuMzJXTnhBckpWQTAwSk0yS3RNcW1IT002RHRORjJ3YnN3dG4yM3VCdkR0L1p5eklvcUZTNk44Y3o2R04wMDRVRW9ZcFhvKzF5M241SW5Va0ZiSWRNVytVOC8vWXdxUWxHaVRlRHpMQWpHVWNVbldIUGJhVEtqSW5mVjA2YmtPS3FGYTlPdFFWQ0lDQ1pmbWllK2VWM2lpSE5oY0k3djVWbmZ2QzlDSDgxcndMa0ZzV0gvalBIR2gzVi9tZ2wwMXY1Vk03cUR4ek9JKzFXRCtvK3VkdVVtbWIvNkVYWGZPdTc4NElvRy9SbUtvWVhIWURNNHZKREhKWVg5aXZtZEh0a3RNNGRzZzFUN1h4dWM0Y203ZStOVURqMUk2OElTYmVLMEI2Wmgwbz18&cppv=2

516 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
wwwproxy.uscho.com/
Redirect Chain
  • http://wwwproxy.uscho.com/
  • https://wwwproxy.uscho.com/
330 KB
55 KB
Document
General
Full URL
https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0f6bf4910e65a8b85acba1f90e7dc7396a342e14f110e60da1232a5a043ed509
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 17:34:50 GMT
Expires
Thu, 16 Nov 2023 17:34:50 GMT
Referrer-Policy
same-origin
Server
nginx/1.18.0 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Thu, 16 Nov 2023 17:34:49 GMT
Location
https://wwwproxy.uscho.com/
Server
nginx/1.18.0 (Ubuntu)
css
fonts.googleapis.com/
57 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%20Condensed%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7COpen%20Sans%20Condensed%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7COpen%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%2C700italic%7CPragati%20Narrow%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%2C600%2C600italic%2C700italic&subset=latin%2Clatin-ext&display=swap
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5760268e960a24f33df8d74d270189856f6e2248eff4030f06fe98ef20d25fe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 17:34:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 17:34:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 17:34:50 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
98 KB
30 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
17113ef298a9d106b208a2676992950fb01858e5d7b1f99f34731941794bb682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:50 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30271
x-xss-protection
0
server
cafe
etag
379 / 19677 / 31079694 / config-hash: 16204867678510254442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:50 GMT
dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
d3lcz8vpax4lo2.cloudfront.net/ads-code/
24 KB
8 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:fe00:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0a17ba6a86af3ed68048863bbdff8366a4c00b37e3811d42351255a58eae8ac1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
w0Wv5dEwVaGfFndb9lYKslSvub92l6BC
content-encoding
br
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 17:34:51 GMT
x-amz-cf-pop
VIE50-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:20 GMT
server
AmazonS3
etag
W/"413386ae1669d4b6886133e96e14c3b7"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
Avu3QQ79LxsnjJxkGFnHQclAF23SYZzb2pjuLeCrO9lwMj69b8_cOg==
wgs2.css
wwwproxy.uscho.com/wp-content/plugins/wp-google-search/
3 KB
1 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/wp-google-search/wgs2.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:12 GMT
style.min.css
wwwproxy.uscho.com/wp-includes/css/dist/block-library/
107 KB
19 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:13 GMT
dashicons.min.css
wwwproxy.uscho.com/wp-includes/css/
58 KB
36 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-includes/css/dashicons.min.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:13 GMT
frontend.css
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/css/
492 B
727 B
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/css/frontend.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fd38cc4f5a1af807a9d255a14d926721a64f42f65c61942d20fdc5902fdda86f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
humix-icon.css
wwwproxy.uscho.com/wp-content/plugins/humix/humix-block/src/assets/
176 B
585 B
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/humix/humix-block/src/assets/humix-icon.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f4f5bc9d6560f0070591a6c76ad815195a2a2530aea7b99c4debe126a0042de4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
tablepress-combined.min.css
wwwproxy.uscho.com/wp-content/uploads/
6 KB
3 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/tablepress-combined.min.css?ver=5
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
a56ff3331dd91c0016db1310c80cb86269f27aa8590ae4d7c1afe1d610eb7fb9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:16 GMT
googlefonts.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/
5 KB
1 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
37727880f7138cb2008cbebe912218cdf04ebde2d32b2ead6414f4973c168f4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:13 GMT
style.css
wwwproxy.uscho.com/wp-content/themes/Newspaper/
153 KB
33 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/Newspaper/style.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7fcbb849ee8ed3f4a06797012779e04511bd86ce7f68e6e6e55a315bd121e693
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
custom.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/assets/css/
185 KB
35 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/assets/css/custom.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3bb5a755d2cead52daddbed76beabfe990961f0ff5397eda5b27989a5d7d4deb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
style.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/
14 KB
5 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
6a7cd882bb8944b4b5e40dafbde5f91d051dc6fdf5d924f2ef1c71affa91f790
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
jquery-ui.min.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/
30 KB
9 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/jquery-ui.min.css?ver=1.12.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
u_table.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/
19 KB
5 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/u_table.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cc89945923d38b792886a72514949dc38cccd49e7f246890a2bd3c2b0e643328
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:16 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/
58 KB
11 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1255385
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10391
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-e637"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51PRYeupE3U84Cxbkj28pP%2B6ou1qkWS4InMiYC2tQoQ9fKit6ALA1455nXBgHMSN39iFp0fnt91Skeue0EPDZ3ADgMFZVTVbSx%2FBgwnhPbqItX54b%2BUYzDbcaHvMRD9%2FjsdsBXUH7HLw6J3AWDQte3UQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cac78439b1f-FRA
expires
Tue, 05 Nov 2024 17:34:50 GMT
bootstrap-table.min.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/
9 KB
3 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/bootstrap-table.min.css?ver=1.17.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d6aa4a81b663c869b6e9c3ade8ee99bd6d18de18843ac75ae4670819b8d56d9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:16 GMT
td_legacy_main.css
wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/
987 KB
136 KB
Stylesheet
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=5a862b9d7c39671de80dd6dee389818b
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ba33741f1b945cfb71d6fe3fb60628af0cb4cce7f464f84c43f5d6457b284272
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:17 GMT
jquery.min.js
wwwproxy.uscho.com/wp-includes/js/jquery/
86 KB
35 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Nov 2023 03:33:28 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
jquery-migrate.min.js
wwwproxy.uscho.com/wp-includes/js/jquery/
13 KB
6 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2023 01:46:44 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
ad-blocking-advisor.js
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/
700 B
938 B
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ad-blocking-advisor.js?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
630449d41b41ba38bf6ded286f77e3b04ae2a8dfce0cef7b55a9c00003c2a44b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 15:44:36 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
jquery-ui.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/
248 KB
82 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/jquery-ui.min.js?ver=1.12.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:01:03 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
uscho.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/
7 KB
2 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/uscho.js?ver=1.4.19
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e082e6b7c3dadd692d57462fe0c10ac1007282fbfe4317c06f1136e836694ebc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Sep 2020 21:06:05 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
uscho_scoreboard.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/
12 KB
4 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/uscho_scoreboard.js?ver=1.6.27
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3f973d52c2e5dd999a84bc6b9a0e82aed56c24a0b3c34819de4badba69e6ca88
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Jan 2023 22:34:39 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
bootstrap.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/
57 KB
19 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/bootstrap.min.js?ver=4.3.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:31 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
bootstrap-table.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/
67 KB
22 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/bootstrap-table.min.js?ver=1.14.2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ff17df18c29c83710f08d1add651f127d74dfde3250fc9e83afb69b40047465b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:16 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
js
www.googletagmanager.com/gtag/
186 KB
67 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fffd8d1502b0e9b65701a8f70f811bf6fd3450f97af22b6f4f51e3e26d585d0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68573
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Nov 2023 17:34:52 GMT
cse.js
cse.google.com/
6 KB
4 KB
Script
General
Full URL
https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
3248dbbb0805bbe104f7da2f55582972a7e876c05472371a0cc1aa30d04bc523
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-H4srGEC541yb0Gukh2Y1dQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-H4srGEC541yb0Gukh2Y1dQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding
br
date
Thu, 16 Nov 2023 17:34:52 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2460
x-xss-protection
0
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
server
gws
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires
Thu, 16 Nov 2023 17:34:52 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
150 KB
52 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
365cfd79b98ba64e4c3416a89fe146e920009003ffeefd5077ece5c7d49ef3af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52679
x-xss-protection
0
server
cafe
etag
16161754581902676446
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:52 GMT
uscho150-150x22.png
wwwproxy.uscho.com/wp-content/uploads/2019/07/
1 KB
2 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/07/uscho150-150x22.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
581e9b691f11ca7c7b803f9bdd70bb110d982213c025de8cc47d8556388ef6f2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 02:10:13 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1386
Expires
Thu, 31 Dec 2037 23:55:55 GMT
uw.gif
wwwproxy.uscho.com/images/logos/
4 KB
4 KB
Image
General
Full URL
https://wwwproxy.uscho.com/images/logos/uw.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3882
Expires
Thu, 31 Dec 2037 23:55:55 GMT
wis.gif
wwwproxy.uscho.com/images/logos/
4 KB
4 KB
Image
General
Full URL
https://wwwproxy.uscho.com/images/logos/wis.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3882
Expires
Thu, 31 Dec 2037 23:55:55 GMT
plattst.gif
wwwproxy.uscho.com/images/logos/
2 KB
3 KB
Image
General
Full URL
https://wwwproxy.uscho.com/images/logos/plattst.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
15fda53fec50af3afccaabeddfb604989393a704cbe5f0004bf0822f51b5288b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2160
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ga.gif
wwwproxy.uscho.com/images/logos/
2 KB
2 KB
Image
General
Full URL
https://wwwproxy.uscho.com/images/logos/ga.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f745c6f5fa5259ec3c8d56fd08f1c892dff209e6cff2345436d33535e1da8954
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2009
Expires
Thu, 31 Dec 2037 23:55:55 GMT
unnamed.gif
wwwproxy.uscho.com/wp-content/uploads/2019/10/
7 KB
7 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/unnamed.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
8d664e01881d90325f0d0f03bc0a2b3745d130fd309c172119a965d66324976a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Fri, 04 Oct 2019 21:25:24 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7024
Expires
Thu, 31 Dec 2037 23:55:55 GMT
google_cse_v2.js
wwwproxy.uscho.com/wp-content/plugins/wp-google-search/assets/js/
468 B
825 B
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/wp-google-search/assets/js/google_cse_v2.js?ver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 24 Sep 2022 00:44:31 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:14 GMT
ads.js
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/
151 B
650 B
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ads.js?ver=1700150472
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f9e21fe0f386e1eb0f9113df90ab2ccbbcf9a2ec39e26130d32fd0b3a5a31ba5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 15:44:36 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:51 GMT
tagdiv_theme.min.js
wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/js/
223 KB
64 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=9.8
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4e8a9f91efa071fef1ae36b2178873b6c92e16a7d4a1087468e85609c2e68d85
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Sep 2019 17:36:29 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
new-tab.js
wwwproxy.uscho.com/wp-content/plugins/page-links-to/dist/
24 KB
10 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 01 Mar 2022 18:13:43 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
popper.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/
21 KB
9 KB
Script
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/popper.min.js?ver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:51 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 17:34:15 GMT
cc7c52ff-f462-471f-b44e-693e487d499a.js
d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/
403 KB
115 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:fe00:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd9818ab6cef998db6194180ff87119e5f076d616a03e51634aa52fa2f1c4a98

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
psSndnVBR12Ds.rFxIwPJH2dPqdDTVC8
content-encoding
br
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 07:59:45 GMT
x-amz-cf-pop
VIE50-C2
age
34507
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 24 Oct 2023 21:18:07 GMT
server
AmazonS3
etag
W/"8f58a9dd76a56445be9a22137d074e2c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-id
v59d6OtZ7N-Ez1yYZffmG-w8UAqlb8lYV9ARTuFeQlhuSW3qxbCuIQ==
cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/
160 KB
39 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:fe00:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3e01853afa2f8a06e0aaf4352b56064214e570b582e12994774bdefe9c1fbc6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
UVKrFAwtZn5Vl_WrazXSwj7qFZck4zw0
content-encoding
br
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 17:34:52 GMT
x-amz-cf-pop
VIE50-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:18 GMT
server
AmazonS3
etag
W/"3aabef5e72feee9fd54af2429a61ddbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
YX6MoTIFQ1owFTSjPCUrmxGK2pXfHBPOEPo4077RXxE8m0cwSiSgsA==
cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/
15 KB
5 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:fe00:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0cae8f6632d5aa082e7b7ef0cc7a82ed2840fa700e6ee3f322006160652a6a21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
hHmfboLbuM2vGtJBtky49drSfk2VBA3a
content-encoding
br
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 17:34:52 GMT
x-amz-cf-pop
VIE50-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:19 GMT
server
AmazonS3
etag
W/"ce8c0d0d092d33485bebca5cabb97cd9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
x2NjhRLZsrsEDQ_EWmm2eR_bt1Rc4QbiQmR3gPLwWCaZjT6nXKZlKQ==
tag
btloader.com/
72 KB
24 KB
Script
General
Full URL
https://btloader.com/tag?o=4879373895204864&upapi=true
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10c53fec666f188d628fea7bfdd6b30cb24b9a55ac0c9ef3dcf15f562b2fd9a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 17:28:33 GMT
server
cloudflare
age
325
etag
"eac5a31618cfb503c65ce89006841ff9"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges
bytes
cf-ray
82717cb74f8d1b93-FRA
content-length
24388
/
geoip.insticator.com/json/
211 B
401 B
Fetch
General
Full URL
https://geoip.insticator.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.50.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-50-168.compute-1.amazonaws.com
Software
/
Resource Hash
2100654f3ff0abaa401b1efdb0f4c141f4500aafa8981a9b934bfba938ff8047

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
access-control-allow-credentials
true
x-database-date
Wed, 15 Nov 2023 22:09:49 GMT
content-length
211
vary
Origin
content-type
application/json
config.js
cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/
112 KB
25 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8ae744a57b39fe4ced7328838882eb465d5452d03a7b424dfd9eea9d3849c1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 17:01:36 GMT
server
cloudflare
x-amz-request-id
V9J37Q1AWQC594D6
age
263
etag
W/"79e32fb3170c03f8dc4afa6e34d84eeb"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82717cb73c59906c-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
sDW/RqrDHEBk/Eid30nKiVnn6YaohXmCc1jGQoWwyy53vBjnLNSvOp+CJ3RdU+pAeyLInMqQcQA=
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/
430 KB
135 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 11:36:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
21487
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138013
x-xss-protection
0
server
cafe
etag
17202369310903786887
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 15 Nov 2024 11:36:44 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
1 KB
514 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=wwwproxy.uscho.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae9a3e4b6126d41fef61d81df21fe17e5e053bd5bcd52187e43bd67bee0fe214
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:51 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
489
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:51 GMT
event
event.insticator.com/v1/
0
0
Fetch
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.50.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-50-168.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.50.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-50-168.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
content-length
0
date
Thu, 16 Nov 2023 17:34:52 GMT
vary
Origin
20232024
json-b.uscho.com/json/topperformers/m/I/
2 KB
1 KB
XHR
General
Full URL
https://json-b.uscho.com/json/topperformers/m/I/20232024
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.172.136.17 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
powerplay.uscho.com
Software
LiteSpeed /
Resource Hash
8fe2117aa4c725f0e3b1a96f6172f46814b450fd315db1d0d2617339e57f025e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
server
LiteSpeed
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-litespeed-cache-control
max-age=120,no-cache
cache-control
no-cache, private
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
636
tyler_rubin2-696x416.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
40 KB
40 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/tyler_rubin2-696x416.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1deed95852a49e7f7b4527125ff12e8ce75568fd6e1d91befca131bd595fd5ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 17:24:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
40562
Expires
Thu, 31 Dec 2037 23:55:55 GMT
nmu_shlaine-696x423.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
43 KB
44 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/nmu_shlaine-696x423.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b1f275e8c57349ed7e21f7ab7176799e90229135ed5133614811ef887adda03d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 16 Nov 2023 01:56:53 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44108
Expires
Thu, 31 Dec 2037 23:55:55 GMT
spotlight-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2019/10/
381 KB
382 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/spotlight-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bf7ebd4fad51be7d4fee8cfa34c08ef3f62d3cfa386ecce4e85a0c1ce6cb32c0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 26 Jun 2021 17:21:12 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
390227
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bentley_bench-scaled-e1700012811583-696x394.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
63 KB
64 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/bentley_bench-scaled-e1700012811583-696x394.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1d12c1a3dfa6b5a6dcda054067f4f756586710deb639f092babdbfeb2deeb721
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 01:46:54 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
64534
Expires
Thu, 31 Dec 2037 23:55:55 GMT
uw_group_tom_lynn-696x425.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
523 KB
523 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/uw_group_tom_lynn-696x425.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d7e664184b2eeb05112f250badaca2cd8c7b602958c2fe8ec4ca07338d763bbc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 01:32:08 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
535451
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jeffries_merrimack-696x421.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
54 KB
55 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/jeffries_merrimack-696x421.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bf9c4c020ac4280f500779c26abe069e693f9047edef968d7cb27b2aacb0bb4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2023 22:12:46 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55493
Expires
Thu, 31 Dec 2037 23:55:55 GMT
beanpot_td-garden-696x393.jpg
wwwproxy.uscho.com/wp-content/uploads/2020/11/
70 KB
71 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2020/11/beanpot_td-garden-696x393.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ec13d6ada1280c8f59b420f94a57f26725f26422667197ff7acf159e7f04e832
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 16 Nov 2020 20:38:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
71952
Expires
Thu, 31 Dec 2037 23:55:55 GMT
z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMQg.ttf
fonts.gstatic.com/s/opensanscondensed/v14/
31 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensanscondensed/v14/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMQg.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8049b940f02850ebdea3e3c0bfeb7a62491111121894e6394cae14bed2a9264
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 12:54:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
535246
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20839
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:17:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 12:54:06 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/
78 KB
79 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
311632
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
80148
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-13914"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zOpN8m%2F7clzxuzLdfsB7D1Pi0cLvKuxU37C5MeygIRN8wp7siMxqaKCkOOD2LT9qOccdLYMBkojml7ehXVtzXFJW0As5frpF5O0g5ZVvg8jJfUfLxG0uwIWrysLCz0%2FvtLqvh9Z6P9RZoSuju8ETfA4"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cb72be030d6-FRA
expires
Tue, 05 Nov 2024 17:34:52 GMT
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/
76 KB
76 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
779249965fcc56df5ccc2c89293a582fbea63f785bc4041c878106b01b725dcb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
318266
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
77400
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-12e58"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1zl3dR49mLGfwHyyYMJJ7n1C9MeOoaZtEQ5rAgYT5zTAzlTk3%2B74mbqV6g8O2u5gRTMJRI491L5HpxZbiJynqMlwGuQIHXVltZB1XtbAnaGESpzh3heejmqc0pE2BtSJkn8xYyR5B94tEAEDVmoQCorp"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cb72bdc30d6-FRA
expires
Tue, 05 Nov 2024 17:34:52 GMT
mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
fonts.gstatic.com/s/opensans/v17/
28 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 01:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
488176
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19068
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:30:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 10 Nov 2024 01:58:36 GMT
mem5YaGs126MiZpBA-UNirkOUuhs.ttf
fonts.gstatic.com/s/opensans/v17/
27 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhs.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
23fea0a987694a487d5e053345c610b6c2b0cee5943e6c54dffa8c4d3b8c2a27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
237044
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18834
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:31:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:44:08 GMT
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v17/
26 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0e.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 04:13:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
220892
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18276
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:30:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Nov 2024 04:13:20 GMT
quant.js
secure.quantserve.com/
21 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
etag
"e23JaXq4HVtlOmThpFhluQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Thu, 23 Nov 2023 17:34:52 GMT
cse.js
cse.google.com/cse/
Redirect Chain
  • https://www.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
  • https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
6 KB
3 KB
Script
General
Full URL
https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e315f8d8f66405263b332fe9db7fb6fb284d79ec4b5a0c567dd58f7b2f45621c
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-e7glStAXb8TgQvuTD9_0Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-e7glStAXb8TgQvuTD9_0Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding
br
date
Thu, 16 Nov 2023 17:34:52 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2462
x-xss-protection
0
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
server
gws
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires
Thu, 16 Nov 2023 17:34:52 GMT

Redirect headers

date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
location
https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
267
x-xss-protection
0
expires
Thu, 16 Nov 2023 18:04:52 GMT
victor_ostman-696x435.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
598 KB
598 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/victor_ostman-696x435.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3b29eac9127bcd1305d4c5528798e05546a55f55a13d21eaabbef0fc98938094
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2023 00:54:57 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
612257
Expires
Thu, 31 Dec 2037 23:55:55 GMT
weekend-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2019/10/
50 KB
51 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/weekend-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c2d040825ca177c72048dfbc2a69b92907313e50a8126e04ab9e820edadad11d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Sep 2020 20:34:25 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51303
Expires
Thu, 31 Dec 2037 23:55:55 GMT
quinn_finley_uw-696x408.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
405 KB
406 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/quinn_finley_uw-696x408.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
01ceac3cb0b0c8905f0b522e43ad391744e0daa2aa5594158b59b6c468da1472
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 17:37:34 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
415053
Expires
Thu, 31 Dec 2037 23:55:55 GMT
dillan_bentley.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
88 KB
89 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/dillan_bentley.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c744a42ecfaf5faa40dc9af8b27a5638ee4cf42ac9261037eac09d8732284b61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 16:07:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
90295
Expires
Thu, 31 Dec 2037 23:55:55 GMT
scsu_bill_prout-e1699878686528-696x448.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
75 KB
76 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/scsu_bill_prout-e1699878686528-696x448.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
61f8cc4a9f44ce199de46c6bc9a1ba02ffdacd23a7ae71d800e5364d057ab06c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 12:31:27 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
76959
Expires
Thu, 31 Dec 2037 23:55:55 GMT
friars_celly-696x414.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
54 KB
55 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/friars_celly-696x414.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f9f08cfecafa372f4aae0af5dbe536699f3f81e22b838f67ae59cd46100ed6b8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sun, 12 Nov 2023 18:22:07 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55759
Expires
Thu, 31 Dec 2037 23:55:55 GMT
1_20231115_213825_0000-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
397 KB
398 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/1_20231115_213825_0000-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c509aad73831b134cf895163606a337481b3a2bfd483e5331d8e092eb4055c6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 16 Nov 2023 05:37:56 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
406831
Expires
Thu, 31 Dec 2037 23:55:55 GMT
rmu-schooley.jpg
wwwproxy.uscho.com/wp-content/uploads/2019/01/
162 KB
163 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/01/rmu-schooley.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
af4cb1079334e25d083285e5220cd7845056a6c8f69f3739dc86519a06ae4da4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 24 Aug 2020 18:27:18 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
166017
Expires
Thu, 31 Dec 2037 23:55:55 GMT
graf_rasmussen-696x391.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/04/
42 KB
43 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/04/graf_rasmussen-696x391.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c37757fcea357c2078afb149e652876779c1f620f4d9fa7afd424f5362643500
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Apr 2023 14:19:37 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43403
Expires
Thu, 31 Dec 2037 23:55:55 GMT
weems_fanti-696x464.jpg
wwwproxy.uscho.com/wp-content/uploads/2022/05/
70 KB
71 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2022/05/weems_fanti-696x464.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
9984cb6b0be2a839539669a0a04a44e515408d658b171b39177397cc061ed845
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 May 2022 18:56:13 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
72064
Expires
Thu, 31 Dec 2037 23:55:55 GMT
lssu28-696x406.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
372 KB
373 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/lssu28-696x406.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ef6dcd95c9fbfdb77c4e8532f768c9b5dffba55e028748d3e9176602223ab126
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 01:39:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
381391
Expires
Thu, 31 Dec 2037 23:55:55 GMT
gotkin_bench_mercyhurst-696x419.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
432 KB
432 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/gotkin_bench_mercyhurst-696x419.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fe2c332a9c0f3365c409187c3ada915ae20d99841cd054f20f59c1649c8ca01d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Nov 2023 01:59:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
441952
Expires
Thu, 31 Dec 2037 23:55:55 GMT
osu93-696x443.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/
364 KB
364 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/osu93-696x443.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b6fbaa05c45d558628365fb49a71e5521d8883747f8778a370be7540faa19e6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 03:06:59 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
372342
Expires
Thu, 31 Dec 2037 23:55:55 GMT
umass_mich2-696x391.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
51 KB
51 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/umass_mich2-696x391.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5fa27a71e7530663c8bfb835f67d72d7485a5582a82be83004871a661995e833
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 23:22:02 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
52057
Expires
Thu, 31 Dec 2037 23:55:55 GMT
adam_johnson-696x522.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/10/
85 KB
86 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/10/adam_johnson-696x522.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4f4206ab2f0fb5c89167649b6980f3a4b6c90a30c448d42dcb90960e2c44005c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sun, 29 Oct 2023 15:07:05 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
87125
Expires
Thu, 31 Dec 2037 23:55:55 GMT
roed_brent_cizek-696x418.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/
47 KB
47 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/roed_brent_cizek-696x418.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
743f722963dbcdd3b9cce8a482d994536480dca7f315e7b35ee8a617b595539f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Nov 2023 01:23:32 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
48075
Expires
Thu, 31 Dec 2037 23:55:55 GMT
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/
264 KB
84 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
SDYP533A8GRSHRN6
age
740396
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
82717cb7cce6906c-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
zSzUh9Aw0eI/ntmSMxglfKToh22a/xq3MjJMokndSD96yj3zJfC0K6llYsOCu0Nxfn8nWs+6JVt1sngaGVJsXkJZdVA9rTPK
state
api.btloader.com/mw/
0
102 B
Fetch
General
Full URL
https://api.btloader.com/mw/state?bt_env=prod
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:52 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
px.gif
ad-delivery.net/
43 B
338 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
302744
x-guploader-uploadid
ABPtcPoCjHZz2Z_km5VaYiqzKu4s5KfgqgWdpKHaYGvXeoKl6M7Je-UrhCbADCxmlAWOMNfMc7zVfUcYnA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2Be2aHXaGclv9YOWlHUWCjTMtlTOMaVHQTcm1mhFbv9rzsxxp3DczCk%2BqP0H6gRU0YGp7%2F9p39w5R3LOVoZX66gKemKkZ9cdyzPTtFf4Wo6ehYZk60wqImhakWb0CasFO2B2blxZbr90RA6%2B9g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
82717cb8b8819972-FRA
expires
Mon, 13 Nov 2023 05:39:40 GMT
favicon.ico
ad.doubleclick.net/
1 KB
571 B
Image
General
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:20:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54841
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 02:20:51 GMT
px.gif
ad-delivery.net/
43 B
930 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.42470835294318987
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
302744
x-guploader-uploadid
ABPtcPoCjHZz2Z_km5VaYiqzKu4s5KfgqgWdpKHaYGvXeoKl6M7Je-UrhCbADCxmlAWOMNfMc7zVfUcYnA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4LOW48I%2BK8CmtN1J3EoIVkW5W%2B%2B%2FFRI5%2Fq69527EdP07IeSHw%2BK7BcARDaxp%2B13IB2b%2BTyuCqwEL2dI9KtrZG79fWFxbzwGhYTAjH2GtUSuoD4%2F0la2HH%2Fbbf4ikMgjbl3iLJtSWJOAcNKXNug%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
82717cb8b87d9972-FRA
expires
Mon, 13 Nov 2023 05:39:40 GMT
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.50.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-50-168.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
content-length
0
date
Thu, 16 Nov 2023 17:34:52 GMT
vary
Origin
event
event.insticator.com/v1/
0
0
Fetch
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.50.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-50-168.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
connectId-gpt.js
connectid.analytics.yahoo.com/
9 KB
9 KB
Script
General
Full URL
https://connectid.analytics.yahoo.com/connectId-gpt.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:a200:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
Security Headers
Name Value
Content-Security-Policy default-src 'self'

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:30:04 GMT
via
1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'
x-amz-cf-pop
FRA56-P2
age
289
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
8730
x-amz-expiration
expiry-date="Tue, 17 Oct 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
last-modified
Tue, 17 Oct 2023 13:17:45 GMT
server
AmazonS3
etag
"c46e30de24d0f12167e302e9e32ff4a5"
content-type
application/javascript
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
Dd6cwHyQ4GoNdDYqKM1Qb7irFv4EJqKPCNrb-vBrjUkIiDlxRN8pug==
uid2SecureSignal.js
cdn.prod.uidapi.com/
3 KB
3 KB
Script
General
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ae00:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date
Thu, 16 Nov 2023 06:17:34 GMT
Via
1.1 c172ad3d6658cab7ff64a4a64dca4822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
VIE50-P1
Age
40639
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
2776
Last-Modified
Thu, 19 Oct 2023 06:40:11 GMT
Server
AmazonS3
ETag
"a3a9a9ee8e72db69d54e805f0586c651"
Content-Type
text/javascript
Accept-Ranges
bytes
X-Amz-Cf-Id
gxL8-HWKD6Mi94WdkCo1TdiXQDDjistEc59MeZl90cKgl63ZoCal4A==
esp.js
cdn.id5-sync.com/api/1.0/
155 KB
34 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
902f47bc9eeb026da8cbcef8c7ec51aaa1f73bf7ca587c8694cceb36ff91a92e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 09:30:02 GMT
server
cloudflare
x-amz-request-id
XC7AHQSTXMY4PBHX
age
3057
etag
W/"5cdc7028bae687cbffcc9d7982dd9ad5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
82717cb8db504d5b-FRA
x-amz-id-2
kujo6YgHxiC/ARRNtXe7hlWHJfyJ4bZFssk0NMbz+SLmTVmsYdUn9apOg/K6y09myDyhMXCPe7g=
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 17:40:12 GMT
content-encoding
gzip
age
258880
x-guploader-uploadid
ABPtcPrYakBZZUaYUT2Aa4NoJoJQZRP6-ODG4Mlhh8MKCLApMvJzlaEJN2z8T9SAscKxSRsWb_zHAvxtH2n8WvZ8c-eAXA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Tue, 12 Nov 2024 17:40:12 GMT
ob.js
cdn-ima.33across.com/
11 KB
5 KB
Script
General
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 30 Oct 2023 20:31:13 GMT
server
cloudflare
age
478330
etag
W/"65401291-2b7d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
82717cb96c7f4d8a-FRA
expires
Sun, 19 Nov 2023 17:34:52 GMT
publishertag.ids.js
static.criteo.net/js/ld/
42 KB
13 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-a9a7"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 17:34:52 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
39 KB
12 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-83.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 07:38:20 GMT
content-encoding
gzip
via
1.1 0b727ed0f0558ba8e12453bfc7ff4906.cloudfront.net (CloudFront)
last-modified
Wed, 06 Sep 2023 15:56:57 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
age
35793
x-amz-server-side-encryption
AES256
etag
W/"e073e71ed7a44e6f9cdd72904fda5940"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
aqzRNz1eDzgR2GqrU09cMQbqcA3_0g-ZjiiDMN6-jISLVCFmzPRZCA==
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/
1 KB
1 KB
Script
General
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 03 Aug 2023 03:28:51 GMT
server
Google Frontend
etag
fc4e6bfe266081c4873c6f08c8298e5c
content-type
text/javascript; charset=utf-8
x-cloud-trace-context
ecfcfcae7db19508fc72c7f9d19d8f85
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1207
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/
732 B
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1791
x-jsd-version
master
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230058-FRA
x-jsd-version-type
branch
server
cloudflare
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxnC9ENDKsqViB90xSRshok3To%2F7jgAunTFo1L9NFfQu8iqMNRovIFsHPt%2FcZ1Bi%2FBGDa8FU6bsL1pNs3p3M%2FPWgzu5VTwM%2F1w4kqfP8sCc9L5R3kVPp8V%2BJ8zWvdp6liHBdiojj3AacyoCmHUY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
82717cb9cde3910a-FRA
openrtb
ex.ingage.tech/v1/ Frame
0
0
Preflight
General
Full URL
https://ex.ingage.tech/v1/openrtb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
cf-cache-status
DYNAMIC
cf-ray
82717cb91f3a2bc2-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:52 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Headers
openrtb
ex.ingage.tech/v1/ Frame
0
0
Preflight
General
Full URL
https://ex.ingage.tech/v1/openrtb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
cf-cache-status
DYNAMIC
cf-ray
82717cb91f3f2bc2-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:52 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Headers
imp
g2.gumgum.com/hbid/
2 B
333 B
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700156092192&to=-60&aun=div-insticator-ad-1&pubcid=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13&gpid=uscho.com-div-insticator-ad-1&maxw=336&maxh=280&si=18035&pi=3&bf=250x250%2C320x50%2C320x100%2C336x280%2C300x250&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwwwproxy.uscho.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.42.0%22%7D&ogu=https%3A%2F%2Fwww.uscho.com%2F&ns=10035
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.72.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-72-49.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
content-length
2
expires
0
pbjs
htlb.casalemedia.com/openrtb/
36 B
551 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=579236
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efdb2dcd5af2946175e9696c98804aec751f5ae8640ec9ecf2654145d9e77df3

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ObIMbVXrwI2le0PQ1uHSds3c5ZZLNaQFuZJ%2FDXRvxFmgeDpwWfHw%2FSXjw1vRhVNsnBnfTaVW%2FepZnaQ%2Br9DhtYhYEhPctVB55BbgEEeo7ZdsKEHRA38Fcr6i1X6xANIIsPDqhzEm"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82717cb91bc63630-FRA
alt-svc
h3=":443"; ma=86400
content-length
36
expires
0
c
prebid.a-mo.net/a/
0
133 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:51 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
29
server
envoy
vary
origin, Accept-Encoding
bid
ap.lijit.com/rtb/
94 B
503 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.42.0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
bc45e69f487a85721c93631fb656e15fb0e76308912b04193b3f585dfb31bf27

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://wwwproxy.uscho.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
arj
insticator-d.openx.net/w/1.0/
73 B
382 B
XHR
General
Full URL
https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwwwproxy.uscho.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1adf24ec-296e-43cb-817e-30e9cf3edea5&nocache=1700156092202&sua=%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D&pubcid=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C%2C%2C&aus=250x250%2C320x50%2C320x100%2C336x280%2C300x250&divids=div-insticator-ad-1&aucs=uscho.com-div-insticator-ad-1&auid=558599904
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
34539260d07347adab72ff2fa2da52272f37c18f494885f435f033fbfe5c974e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
117 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:50 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
openrtb
ex.ingage.tech/v1/
2 KB
880 B
XHR
General
Full URL
https://ex.ingage.tech/v1/openrtb
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9da18e732fcddb00703914e2a8de64cdcd4adcd82b95dacc4670fd9b2362fe7

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
cf-ray
82717cbaae3c1d94-FRA
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/
0
218 B
XHR
General
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fa8:8806:21::1780 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
expires
0
prebid
ib.adnxs.com/ut/v3/
144 B
967 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
394997f33cb83006a0c9745e99bbf451af2cd6e1b3c896a848582bfdb420c942
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
an-x-request-uuid
9afa3a83-2a97-415b-9212-97e2e1009378
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
144
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/
0
196 B
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.42.0&cb=98373699057&lsavail=1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
hb
ssc.33across.com/api/v1/
87 B
355 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
e211a998115b886c1779877c3dba314830b1c15906cee58e44fc26d07d1a3536

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fastlane.json
fastlane.rubiconproject.com/a/api/
382 B
912 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=153530&zone_id=771356&size_id=15&alt_size_ids=14%2C16%2C43%2C117&rp_schain=1.0,1!insticator.com,c8afe158-72c1-454b-9574-c150e9630cb3,1,131d7bc9d708088,,&eid_pubcid.org=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13%5E1&rf=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.domain=wwwproxy.uscho.com&tg_i.page=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.pbadslot=uscho.com-div-insticator-ad-1&tk_flint=pbjs_lite_v7.42.0&x_source.tid=1adf24ec-296e-43cb-817e-30e9cf3edea5&l_pb_bid_id=24c8d92e8bc98a1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=uscho.com-div-insticator-ad-1&slots=1&rand=0.3056707369377947
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::43 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1f539b1fc86ad5fc6f347ac6dfd1ed32319e57fd7ffa6283102cdc713603ac80

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
382
expires
Wed, 17 Sep 1975 21:32:10 GMT
trinity.json
apex.go.sonobi.com/
2 KB
2 KB
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22264e4a45efa33e1%22%3A%2236da7d94d2c3aa4af27d%7C250x250%2C320x50%2C320x100%2C336x280%2C300x250%7Cgpid%3Duscho.com-div-insticator-ad-1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwwwproxy.uscho.com%2F&s=99193195-0945-4e61-b484-738981ceb094&pv=7b73b82c-02dd-4d5f-950d-dbb535983e09&vp=desktop&lib_name=prebid&lib_v=7.42.0&us=50&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22wwwproxy.uscho.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22uscho.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fwwwproxy.uscho.com%2F%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%22c8afe158-72c1-454b-9574-c150e9630cb3%22%2C%22hp%22%3A1%2C%22rid%22%3A%22131d7bc9d708088%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f59f0b43-c8e0-4098-b7ea-71d97a2b8f13%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.64 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
414d7522b8e0144d710849110145c762ec57019b49a2ec7f7c3d7af420d1d320
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
732
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/
0
219 B
XHR
General
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fa8:8806:21::1780 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/
382 B
732 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=153530&zone_id=771358&size_id=15&alt_size_ids=14%2C16%2C43%2C117&rp_schain=1.0,1!insticator.com,c8afe158-72c1-454b-9574-c150e9630cb3,1,131d7bc9d708088,,&eid_pubcid.org=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13%5E1&rf=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.domain=wwwproxy.uscho.com&tg_i.page=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.pbadslot=uscho.com-div-insticator-ad-2&tk_flint=pbjs_lite_v7.42.0&x_source.tid=8ab749e8-50f7-4375-9302-069625b9a3c0&l_pb_bid_id=312eb8c3d6772ad&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=uscho.com-div-insticator-ad-2&slots=1&rand=0.8058325268538866
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::43 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
be9a2d123eb12103919c90ff298d8829cc87316197c48f995f4ecef04dd87f4c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
382
expires
Wed, 17 Sep 1975 21:32:10 GMT
imp
g2.gumgum.com/hbid/
2 B
334 B
XHR
General
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700156092225&to=-60&aun=div-insticator-ad-2&pubcid=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13&gpid=uscho.com-div-insticator-ad-2&maxw=336&maxh=280&si=18036&pi=3&bf=250x250%2C320x50%2C320x100%2C336x280%2C300x250&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C131d7bc9d708088%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwwwproxy.uscho.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.42.0%22%7D&ogu=https%3A%2F%2Fwww.uscho.com%2F&ns=10035
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.72.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-72-49.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
content-length
2
expires
0
prebid
ib.adnxs.com/ut/v3/
139 B
707 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
99c2f32143563b975ad0e4e14a839dae259c8c4901b88a5ae608beebab753f6b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
an-x-request-uuid
49c9e11e-dcdf-4a96-9830-7a6b39c0f74c
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
139
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
hb
ssc.33across.com/api/v1/
87 B
162 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
f9fa92416a8ff082c70522274ff0b80b42e47398502f6eb08f593cb379cc07e9

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
trinity.json
apex.go.sonobi.com/
95 B
889 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2239578006825dd98%22%3A%220d770b9786c0a7f313cd%7C250x250%2C320x50%2C320x100%2C336x280%2C300x250%7Cgpid%3Duscho.com-div-insticator-ad-2%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwwwproxy.uscho.com%2F&s=aa86b95b-cc01-4dfb-84e7-15f1800f870b&pv=7b73b82c-02dd-4d5f-950d-dbb535983e09&vp=desktop&lib_name=prebid&lib_v=7.42.0&us=50&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22wwwproxy.uscho.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22uscho.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fwwwproxy.uscho.com%2F%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%22c8afe158-72c1-454b-9574-c150e9630cb3%22%2C%22hp%22%3A1%2C%22rid%22%3A%22131d7bc9d708088%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f59f0b43-c8e0-4098-b7ea-71d97a2b8f13%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.64 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
27a6a4c384506bb6ba8cccc622a6be2af700bee269aae7b0644e7b5d29ff9b73
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-59
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
120
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/
94 B
503 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.42.0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
4d96c74db017b6c86d35e5c625f7cd65bfb2e923c3866f624b08d1a2cfeb278c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://wwwproxy.uscho.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
openrtb
ex.ingage.tech/v1/
2 KB
738 B
XHR
General
Full URL
https://ex.ingage.tech/v1/openrtb
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c71de37124b8ed25baf8af415ec032595c564b5bb3721c63fa68922aae5a6ded

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
cf-ray
82717cbaae3f1d94-FRA
arj
insticator-d.openx.net/w/1.0/
73 B
146 B
XHR
General
Full URL
https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwwwproxy.uscho.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8ab749e8-50f7-4375-9302-069625b9a3c0&nocache=1700156092232&sua=%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D&pubcid=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C4293dd69fb612b4%2C%2C&aus=250x250%2C320x50%2C320x100%2C336x280%2C300x250&divids=div-insticator-ad-2&aucs=uscho.com-div-insticator-ad-2&auid=558599904
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
a21ba330372da88b834b83b8911e512f7ced6e55c2d2fb69e277c0a86bc39815

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
cdb
bidder.criteo.com/
0
197 B
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.42.0&cb=9085272004&lsavail=1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:51 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
translator
hbopenbid.pubmatic.com/
0
61 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:51 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
pbjs
htlb.casalemedia.com/openrtb/
37 B
313 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=579236
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76f1b2d0d9a280f7c3bd17fc18e49d195087c94758d9b8591f38c00a110a7815

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OW0QhLhQWhtXsAq1D2BG9lCQtQWkjB1JGCn1ePYjS07MlT5C2xsH8SZE9zm2glcfsdovceuAE3%2FMFS742Ytb%2B1It%2B%2FekrxERStpcl6aqD%2FLAKp0wHCeLejQeZViD4ASJ214UWqRR"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82717cb91bc93630-FRA
alt-svc
h3=":443"; ma=86400
content-length
37
expires
0
c
prebid.a-mo.net/a/
0
280 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:51 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
25
server
envoy
vary
origin, Accept-Encoding
cse_element__en.js
www.google.com/cse/static/element/2b35e7a15e0e30e2/
314 KB
105 KB
Script
General
Full URL
https://www.google.com/cse/static/element/2b35e7a15e0e30e2/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dbf7eb98f997a8df116c6515ce77a2e76be2dafbdbc62cd7feade398544ac0a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106943
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 17:44:48 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 17:34:52 GMT
default+en.css
www.google.com/cse/static/element/2b35e7a15e0e30e2/
41 KB
9 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/element/2b35e7a15e0e30e2/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9068
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 17:44:48 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 17:34:52 GMT
default.css
www.google.com/cse/static/style/look/v4/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/style/look/v4/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:03:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1880
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1345
x-xss-protection
0
last-modified
Wed, 17 Jun 2020 00:00:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 17:53:32 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/
400 KB
135 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
737066c13a2fa5c69c1d9f4b8ff9e7a4480ce5c0afa9a2f09dcd6518e70ebdaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138525
x-xss-protection
0
server
cafe
etag
8251541580443479651
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:52 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 2629
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
915
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:19:37 GMT
etag
16674218716276178799
expires
Thu, 30 Nov 2023 17:19:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/
293 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4c8ee3039642aebe6a0178154c4ef46e40fe62b965922744b8b530edaae4aa2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97224
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 16 Nov 2023 17:34:52 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 Nov 2023 17:16:44 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1088
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 16 Nov 2023 19:16:44 GMT
rules-p-an_CHGCH-wfKr.js
rules.quantcount.com/
160 B
642 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-an_CHGCH-wfKr.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:1600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e7ffdc17f9a380f6376691bc77f18787b35359f2bd140b637a4e530bf5606f0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
2511
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Thu, 13 Oct 2022 23:03:05 GMT
server
AmazonS3
etag
"22f4da4063f1225e531d8ed42a7b3ec2"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
03s8n2_b6n7jQICX1iHyuO56YcU7qEglOJzDJ2Ga0iDrgUGaRGnNcg==
/
geoip.instiengage.com/json/
211 B
401 B
XHR
General
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
2100654f3ff0abaa401b1efdb0f4c141f4500aafa8981a9b934bfba938ff8047

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
access-control-allow-credentials
true
x-database-date
Wed, 15 Nov 2023 22:09:31 GMT
content-length
211
vary
Origin
content-type
application/json
index.html
auth.instiengage.com/auth/ Frame 380F
75 B
497 B
Document
General
Full URL
https://auth.instiengage.com/auth/index.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2611:3e00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
254
cache-control
max-age=300
content-length
75
content-type
text/html
date
Thu, 16 Nov 2023 17:30:54 GMT
etag
"2e3d17ce9023be2c1313c02113f5c568"
last-modified
Thu, 11 May 2023 11:38:04 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 b27f21f2e46f0db2d89ec3930dfac728.cloudfront.net (CloudFront)
x-amz-cf-id
y07n5DmcVrwGlFh_WLEDxhksheQreeqmpTu7T8Rsrn9aWHvHvtpqnQ==
x-amz-cf-pop
VIE50-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
sdvig1qk6AHuXLU2Lr6rxmxwpeBBF1C.
x-cache
Hit from cloudfront
0
json-b.uscho.com/json/scoreboard/division-i-men/2023-2024/gameday/2023-11-16/
2 KB
1 KB
XHR
General
Full URL
https://json-b.uscho.com/json/scoreboard/division-i-men/2023-2024/gameday/2023-11-16/0
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.172.136.17 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
powerplay.uscho.com
Software
LiteSpeed /
Resource Hash
e6f44640021413129ba6c881b570b02a209f008c2261a81889158a8bab259ec9

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
server
LiteSpeed
x-litespeed-cache
hit
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
899
country
api.btloader.com/
16 B
142 B
Fetch
General
Full URL
https://api.btloader.com/country
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
pv
api.btloader.com/
0
67 B
XHR
General
Full URL
https://api.btloader.com/pv?tid=ZBdtNSCh&w=6283414432382976&o=4879373895204864&cv=2.1.23-7-g7ca04d5&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwwwproxy.uscho.com%2F&sid=L12apmef&pm=true&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:52 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
increment
id5-sync.com/api/esp/
0
234 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
async-ads.js
cse.google.com/adsense/search/
143 KB
52 KB
Script
General
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/2b35e7a15e0e30e2/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9211b98042b17907d74bb76aa84613fe8d9dec0208003af8082899a662a00c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"12933309866110392501"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Thu, 16 Nov 2023 17:34:52 GMT
branding.png
www.google.com/cse/static/images/1x/en/
1 KB
1 KB
Image
General
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:06:21 GMT
x-content-type-options
nosniff
age
12511
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1372
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Fri, 15 Nov 2024 14:06:21 GMT
generate_204
clients1.google.com/
0
118 B
Image
General
Full URL
https://clients1.google.com/generate_204
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
85 B
203 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e29fc3a132d3a493162fa723f4c13d755394882b8d691629dad715ac4818727c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-nBDnxUrpiuwJ5SGviS0jmCmbxc8"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Thu, 16 Nov 2023 17:34:53 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://wwwproxy.uscho.com
location
/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
uma.gif
www.uscho.com/images/logos/
8 KB
9 KB
Image
General
Full URL
https://www.uscho.com/images/logos/uma.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:46fa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7231f5d6814a8eb17b1590e4a49895dd69583f31ada43dd63838f868d061af25
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400
x-ezoic-excludewebp
false
referrer-policy
same-origin
response
200
last-modified
Mon, 09 Oct 2023 17:14:47 GMT
server
cloudflare
x-origin-cache-control
max-age=315360000
vary
Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBOM7q71MeDwY%2FANeew8Urz7uQQRtK%2FVzk3P2vmKnWRAAz%2BT1n0kiAfPbQ1aO6z%2BX%2BOA0IVD%2FP4K4s0XYLOf0KEeZaejotneB4IpF9QQGG2fSvArl%2BKL0vsE5HQtuULtJerZueDgylu10rJn"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=3600
cf-ray
82717cbb0c401e51-FRA
pc.gif
www.uscho.com/images/logos/
5 KB
5 KB
Image
General
Full URL
https://www.uscho.com/images/logos/pc.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:46fa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f878b274a38de5001f17126a165d8e990267d5d28b1e8dc3661f1728eb54256
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400
x-ezoic-excludewebp
false
referrer-policy
same-origin
response
200
last-modified
Mon, 09 Oct 2023 17:14:47 GMT
server
cloudflare
x-origin-cache-control
max-age=315360000
vary
Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQ8FZgZPlrZV5hmQiKRIiZyLt20rlDnAGlL38OK7v9KX2Ej5ZNFZauxPf3OCviNlU8aIjSJ1k90ddNo2vfANFX1ssdXA4dYVn5%2Fii0F6symLTprKGQgx0jk9DMO%2BFbyxv2PdSl6wYsTrvtcQ"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=3600
cf-ray
82717cbb0c421e51-FRA
sliderleft.png
wwwproxy.uscho.com/wp-content/themes/uscho-np/img/
795 B
1 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/img/sliderleft.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cc4c5c8e3d1bf32ad091e720ce9f7c22111ec003e84e6a4570b386b0fb0b210a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 14 Oct 2017 00:09:54 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
795
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sliderright.png
wwwproxy.uscho.com/wp-content/themes/uscho-np/img/
758 B
1 KB
Image
General
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/img/sliderright.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
793bdfab72ad84a40b06db22176e14c6654329c1accc292a36c06228afd662c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 14 Oct 2017 00:16:23 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
758
Expires
Thu, 31 Dec 2037 23:55:55 GMT
collect
region1.analytics.google.com/g/
0
258 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-K9F26MDDX7&gtm=45je3b81v9105504737&_p=1700156091959&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1673431664.1700156093&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1700156092&sct=1&seg=0&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3119
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
258 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K9F26MDDX7&cid=1673431664.1700156093&gtm=45je3b81v9105504737&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
409 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K9F26MDDX7&cid=1673431664.1700156093&gtm=45je3b81v9105504737&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2025093089
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 06FD
158 KB
47 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&adk=1812271804&adf=3025194257&lmt=1700156092&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092282&bpp=4&bdt=2038&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7796994645410&frm=20&pv=2&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=365
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b684387f1c956c7a6629558081ab4d015d08918226d4a950271869eb757e31c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
47502
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
authIframe.js
auth.instiengage.com/auth/ Frame 380F
65 KB
22 KB
Script
General
Full URL
https://auth.instiengage.com/auth/authIframe.js?v=1
Requested by
Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2611:3e00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.instiengage.com/auth/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
.lK6ICx53soEeOpFisF5xs3WBNt5Sw79
content-encoding
br
via
1.1 b27f21f2e46f0db2d89ec3930dfac728.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 17:31:31 GMT
last-modified
Thu, 11 May 2023 11:38:01 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P2
age
206
x-amz-server-side-encryption
AES256
etag
W/"e0bffec4a3929b23d4347f914449f5cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300
x-amz-cf-id
_3xLKvCdp_SduUFVJH0ZlUjnqsL99JLc4BZB8MSFCYPQKBuBsAO3mA==
vm8sdRf0T0bS1ffgsPB7WZ-mD2ZD5cd4Epc.ttf
fonts.gstatic.com/s/pragatinarrow/v5/
46 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/pragatinarrow/v5/vm8sdRf0T0bS1ffgsPB7WZ-mD2ZD5cd4Epc.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
17810a53b5ffc8157c46a6192533bf2e567a31e23b31c4bac42d214787e488f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 01:16:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
145101
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23898
x-xss-protection
0
last-modified
Tue, 16 Jul 2019 02:42:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2024 01:16:31 GMT
vm8vdRf0T0bS1ffgsPB7WZ-mD274wNc.ttf
fonts.gstatic.com/s/pragatinarrow/v5/
44 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/pragatinarrow/v5/vm8vdRf0T0bS1ffgsPB7WZ-mD274wNc.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e10801387114a129e9f06d6eedf6def06e1508ff4f53362043dd47a66bd7968
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 00:16:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
235075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23544
x-xss-protection
0
last-modified
Tue, 16 Jul 2019 03:14:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Nov 2024 00:16:57 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame B0F5
157 KB
44 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0278dc395ba7873b879d2cad1c304be606bc064928de48e36af8aace0f1e387a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
45179
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
syncframe
gum.criteo.com/ Frame EF5B
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wwwproxy.uscho.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:52 GMT
server
Kestrel
server-processing-duration-in-ticks
342764
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
collect
www.google-analytics.com/j/
2 B
211 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=604306581&t=pageview&_s=1&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&ul=en-us&de=UTF-8&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1315902545&gjid=599548075&cid=1673431664.1700156093&tid=UA-541124-2&_gid=849677365.1700156093&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1834516650
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame EDE0
111 KB
38 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
172379ec050938e38630653328583ad204ae0b6021e9929513219463c9751cac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
38482
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
pixel;r=1831134810;rf=0;a=p-an_CHGCH-wfKr;url=https%3A%2F%2Fwwwproxy.uscho.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1293308888-1700156092324;pb...
pixel.quantserve.com/
35 B
373 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1831134810;rf=0;a=p-an_CHGCH-wfKr;url=https%3A%2F%2Fwwwproxy.uscho.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1293308888-1700156092324;pbc=f59f0b43-c8e0-4098-b7ea-71d97a2b8f13;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;ref=;d=uscho.com;dst=1;et=1700156092742;tzo=-60;ogl=title.College%20Hockey%20%7C%20USCHO%252Ecom%2Cdescription.Welcome%20to%20USCHO%252Ecom%20-%20see%20blog%20posts%2Cimage.https%3A%2F%2Fwww%252Euscho%252Ecom%2Fwp-content%2Fuploads%2F2017%2F12%2Fuschowithbackground%252Ejpg%2Clocale.en_US%2Ctype.website%2Ctitle.Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO%252Ecom%2Curl.https%3A%2F%2Fwww%252Euscho%252Ecom%2F%2Csite_name.College%20Hockey%20%7C%20USCHO%252Ecom;ses=951aad45-dc38-4845-b629-4e4a957678bf;mdl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
fed
ups.analytics.yahoo.com/ups/58813/
2 B
216 B
XHR
General
Full URL
https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwwwproxy.uscho.com%2F
Requested by
Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
vary
Origin
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
content-type
application/json
access-control-allow-credentials
true
ads
googleads.g.doubleclick.net/pagead/ Frame 8151
36 KB
14 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
893b225d99f64a327f9aef2fdd2435d518ad061e98e12675754db3d1f203409d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
14738
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
map
bcp.crwdcntrl.net/6/
60 B
338 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.27.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-27-149.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
31d27ce00ca4c7af33cf42153d73abce046d25fc5c892fdabc61ec5690ecd0e2

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
x-server
10.45.25.99
access-control-allow-credentials
true
content-length
60
expires
0
collect
stats.g.doubleclick.net/j/
4 B
152 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-541124-2&cid=1673431664.1700156093&jid=1315902545&gjid=599548075&_gid=849677365.1700156093&_u=YADAAUAAAAAAACAAI~&z=568918168
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 3CFF
103 KB
38 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
97f9bd999ce227798c30d6b5aea2580e4eac041aa0b1c89b67aa94b4e70c44e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
38719
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame E595
103 KB
38 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
285edf67fede959a3cab4bf23073b3d12dd55d56637c361860afb74f6799d1a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
38902
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C64A
103 KB
38 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4d800359352e3ddb3bab2af277dcea7fd06f99885ee8375157f2b15935eca1b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
38981
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Thu, 16 Nov 2023 17:34:53 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-541124-2&cid=1673431664.1700156093&jid=1315902545&_u=YADAAUAAAAAAACAAI~&z=1486959797
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
108 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-541124-2&cid=1673431664.1700156093&jid=1315902545&_u=YADAAUAAAAAAACAAI~&z=1486959797
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
70 KB
17 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4020746149329059&correlator=2647970531041719&eid=31078986%2C31079672%2C31079760%2C31079694%2C44807410%2C31079525&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=2507246%3A1005862%2Cuscho.com_Web_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250&fluid=height&ifi=10&didk=570410235&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1700156092891&lmt=1700156092&adxs=1205&adys=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&vis=1&psz=285x-1&msz=300x-1&fws=0&ohw=0&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=true&dlt=1700156090244&idt=1875&prev_scp=aid%3D2dc35d83-6051-4477-90e1-13e4e889f8fc%26ib%3Dnofill%26iaid%3Dnofill%26iba%3D0%26at%3D1%26h%3D17%26utier%3D0%26tg_utier%3D0_0%26itier%3D3%26tg_itier%3D0_3%26tg%3D0%26shb%3D0%26it%3Dil&adks=315237988&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a8e54ed0c3b85c013a3abe83cf1e95529872363fd907935e78d9b1316f9178f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17041
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9DF2
6 KB
3 KB
Document
General
Full URL
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Fri, 15 Nov 2024 17:34:53 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 45D8
36 KB
14 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57532fde1cb53874471267bf48fabe86a64169c134aaa124a1eed5c4cc64fa77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
14739
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
expires
Thu, 16 Nov 2023 17:34:54 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
37 KB
14 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4020746149329059&correlator=2647970531041719&eid=31078986%2C31079672%2C31079760%2C31079694%2C44807410%2C31079525&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=2507246%3A1005862%2Cuscho.com_Web_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250&fluid=height&ifi=11&didk=570410234&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1700156093001&lmt=1700156093&adxs=1205&adys=3458&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&vis=1&psz=285x-1&msz=300x-1&fws=0&ohw=0&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=true&dlt=1700156090244&idt=1875&prev_scp=aid%3Dbc51921a-266b-4dde-8c60-48f73eeebc62%26ib%3Dnofill%26iaid%3Dnofill%26iba%3D0%26at%3D1%26h%3D17%26utier%3D0%26tg_utier%3D0_0%26itier%3D3%26tg_itier%3D0_3%26tg%3D0%26shb%3D0%26it%3Dil&adks=2375193414&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bade98acb28cd2011b43069d33aeda8fb5ec1f24aa3718086f1c380776e9632c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14714
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame EF5B
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=uscho.com&sn=ChromeSyncframe&so=0&topUrl=wwwproxy.uscho.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=pZw0kXxYcHp4U3YzMCtvc2VGUUptRWhYVHJNVWphdHdaUG5kaVQ5aUtlT3ZiUDVHeUJSaktjYXQrZjM5RlNBMWoxUlorOGVlL0pHN3cwTWMvTFdBUmJONFRYa3pDM0N3cm9hWnkwcWhZYW1VTGhlNlBEcVZFS2xBeFFuNE...
430 B
651 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=pZw0kXxYcHp4U3YzMCtvc2VGUUptRWhYVHJNVWphdHdaUG5kaVQ5aUtlT3ZiUDVHeUJSaktjYXQrZjM5RlNBMWoxUlorOGVlL0pHN3cwTWMvTFdBUmJONFRYa3pDM0N3cm9hWnkwcWhZYW1VTGhlNlBEcVZFS2xBeFFuNE1UcE4vRnFybElYMHBEWnh1M3RWUTQyeEJVVDZzRFJ4RU1WcUp2NTBEeUczQS9pendGbjV5a0NielArLzJBUmpWWmV5b3hOUDIxV0ovWENoOTQ3eHA3Um5RSDQxWkFGZVMwUXMxd25EUHRBUEJpQVRQQXJwSnZrQWVOOXFQMk5iZFhhZmJWWUJWZW5wSlh2cnVEdnBESTlzZ0poR05zdz09fA&cppv=2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
9b961e9d5506cfd8955dd92d7cfc26bcd31fc34f63fe52b87a570fbdcc3d21d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1365472
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=pZw0kXxYcHp4U3YzMCtvc2VGUUptRWhYVHJNVWphdHdaUG5kaVQ5aUtlT3ZiUDVHeUJSaktjYXQrZjM5RlNBMWoxUlorOGVlL0pHN3cwTWMvTFdBUmJONFRYa3pDM0N3cm9hWnkwcWhZYW1VTGhlNlBEcVZFS2xBeFFuNE1UcE4vRnFybElYMHBEWnh1M3RWUTQyeEJVVDZzRFJ4RU1WcUp2NTBEeUczQS9pendGbjV5a0NielArLzJBUmpWWmV5b3hOUDIxV0ovWENoOTQ3eHA3Um5RSDQxWkFGZVMwUXMxd25EUHRBUEJpQVRQQXJwSnZrQWVOOXFQMk5iZFhhZmJWWUJWZW5wSlh2cnVEdnBESTlzZ0poR05zdz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
219784
content-length
0
expires
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 8151
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 8151
20 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 8151
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
afr.php
ads.eu.criteo.com/delivery/r/ Frame 6C59
140 KB
48 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
f12348913c8f7abffd929a4470b9c698f53aee21b242a0292b2477198919c60e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hi1OW527wuzIDsI8QUhwjVNBn13EPqd_bdTY555b6L7UNh4nYCL-salACv-STcBZb-sp9aCEurxrI17yg3uf_kEggjJWVIYYfeFng1FbiZNzUacYwpk6JpbjjxlUFm3munbVKCMGbIteHyHaFAPgA3aQq2hX8-J4oKcOEGePRtrc91pVUhTWupl531E5IXo75x_Yd8STNb3E7py9w-pnOfsmba48PAG8ipBb6x7zsyUmATXQCbaqdXzLyy4wqWT7eruMvg"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
46157908
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
css
fonts.googleapis.com/ Frame EDE0
6 KB
805 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 16:36:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 17:34:53 GMT
3819132169622685745
tpc.googlesyndication.com/daca_images/simgad/ Frame 3CFF
109 KB
109 KB
Image
General
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3819132169622685745
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81bf165cd84d85784ad1dabd81bb1734f63b60cae108af93f6a42a440faf21df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 08:01:24 GMT
x-content-type-options
nosniff
age
293609
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111586
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 06:09:07 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 12 Nov 2024 08:01:24 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame EDE0
2 KB
875 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame EDE0
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CTsoevFJWZa2lMOjvtgfvm5W4ConEjeNx7uCl9PAQ2tkeEAEg4Y_1AWCV-viBlAegAfjg9PoDyAEJqQK_2Gm_FTSyPqgDAcgDywSqBIsCT9C2SggL7y3JA_wyd2xDsW364GiIk2x9ZqLCSfQ...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223489421630149092647%22,%22debug_reporting%22:true,%22destination%22:%22https://wago.com%22,%22event_report_window%22:%2225...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223489421630149092647%22,%22debug_reporting%22:true,%22destination%22:%22https://wago.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221063071864%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22740917203004811921%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"3489421630149092647","debug_reporting":true,"destination":"https://wago.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1063071864"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"740917203004811921"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:53 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"3489421630149092647","debug_reporting":true,"destination":"https://wago.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1063071864"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"740917203004811921"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 3CFF
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 2493
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1382
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:11:51 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3CFF
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3CFF
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 3CFF
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3CFF
36 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 23:54:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
63598
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14803
x-xss-protection
0
server
cafe
etag
12205605038930952422
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 23:54:55 GMT
pd
google-bidout-d.openx.net/w/1.0/ Frame 0254
0
92 B
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 16 Nov 2023 17:34:53 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
2076313506083323656
tpc.googlesyndication.com/simgad/5948888636117298975/ Frame EDE0
20 KB
21 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/5948888636117298975/2076313506083323656
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4690663259de00275761fa1819ddd95bffb6d4a361d7695ec1273ec846ea549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 06:57:00 GMT
x-content-type-options
nosniff
age
297473
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20958
x-xss-protection
0
last-modified
Thu, 17 Nov 2022 09:17:16 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 12 Nov 2024 06:57:00 GMT
truncated
/ Frame EDE0
220 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
21faaba4509d48f84287a8b5bbc12b3e110a2bcda9e5df65bc2f0f69ff6c39c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 8151
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4f4f288148bdde39d13158af2ca38aa67f3505ee26a0d4fa0776e4a55735e55

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/
160 KB
55 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9c419e3ada62ac8a308cf7a6967d866775a2aa78e89dd4c4698db8a429f8f85a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55800
x-xss-protection
0
server
cafe
etag
15907131197518248745
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame EDE0
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame EDE0
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame EDE0
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame EDE0
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
a6de5423b7c632060e8f86136bd5d27a.js
www.gstatic.com/mysidia/ Frame EDE0
37 KB
16 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 03:47:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
222433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15478
x-xss-protection
0
last-modified
Mon, 13 Nov 2023 13:20:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 12 Feb 2024 03:47:40 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 2493
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
expires
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012310301456000/ Frame 0655
196 KB
56 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 10 Nov 2023 02:37:57 GMT
age
572216
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56081
x-xss-protection
0
server
sffe
etag
"6a17d296884b026a"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 09 Nov 2024 02:37:57 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0655
15 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 14 Nov 2023 05:14:53 GMT
age
217200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5225
x-xss-protection
0
server
sffe
etag
"0b7142e00666043e"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 13 Nov 2024 05:14:53 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0655
95 KB
29 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 10 Nov 2023 03:53:12 GMT
age
567701
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29077
x-xss-protection
0
server
sffe
etag
"7b1f1965b6cd6fda"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 09 Nov 2024 03:53:12 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0655
5 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 10 Nov 2023 01:14:32 GMT
age
577221
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1911
x-xss-protection
0
server
sffe
etag
"5b0a82507b260c6e"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 09 Nov 2024 01:14:32 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 0655
40 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 16 Nov 2023 14:54:32 GMT
age
9621
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12952
x-xss-protection
0
server
sffe
etag
"9817e561a46c70fa"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 15 Nov 2024 14:54:32 GMT
css
fonts.googleapis.com/ Frame 0655
6 KB
706 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7abab7a5fed6d1eb8dcfed4e7f6bfcbc1a1a1dfbf95d281b008f04245b26c769
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 16:37:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 17:34:53 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0655
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 23:30:12 GMT
x-content-type-options
nosniff
server
cafe
age
65081
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Thu, 16 Nov 2023 23:30:12 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0655
295 B
319 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 03:23:34 GMT
x-content-type-options
nosniff
server
cafe
age
51079
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 17 Nov 2023 03:23:34 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223489421630149092647%22,%22debug_reporting%22:true,%22destination%22:%22https://wago.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221063071864%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22740917203004811921%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:53 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
14763004658117789537
tpc.googlesyndication.com/simgad/4679861581066940199/ Frame 0655
11 KB
11 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/4679861581066940199/14763004658117789537?w=400&h=209&tw=1&q=75
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b8b9c36294e1afd4ad007bb4d834a6cd8415629eb6e69bc5f12d5dcf9340362
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 13:18:24 GMT
x-content-type-options
nosniff
age
101789
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11252
x-xss-protection
0
last-modified
Wed, 15 Nov 2023 12:58:41 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 14 Nov 2024 13:18:24 GMT
truncated
/ Frame 0655
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0cc7088b335b30f7b1fa0903bc8aa143b11cb8408032d62d28d5ab768cc68c88

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 0655
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2be78b8f08d3850add8b13c28029fe126c676a44abfa4810ef4f397e9067fdff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
3819132169622685745
tpc.googlesyndication.com/daca_images/simgad/ Frame E595
109 KB
109 KB
Image
General
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3819132169622685745
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81bf165cd84d85784ad1dabd81bb1734f63b60cae108af93f6a42a440faf21df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 08:01:24 GMT
x-content-type-options
nosniff
age
293609
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111586
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 06:09:07 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 12 Nov 2024 08:01:24 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame E595
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame E595
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame E595
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame E595
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame E595
36 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 23:54:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
63598
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14803
x-xss-protection
0
server
cafe
etag
12205605038930952422
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 23:54:55 GMT
38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js
www.gstatic.com/mysidia/ Frame B0F5
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 14:04:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
531024
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4046
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 19:36:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 08 Feb 2024 14:04:29 GMT
550964233668833c70e8a0f193337640.js
www.gstatic.com/mysidia/ Frame B0F5
172 KB
63 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c3a239dc3b7e0a74e2557957294fac25f4cf7f6f9d15bc4af042c251dbc3d13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 00:15:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
580782
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64262
x-xss-protection
0
last-modified
Thu, 09 Nov 2023 22:22:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 08 Feb 2024 00:15:11 GMT
css
fonts.googleapis.com/ Frame B0F5
11 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CGoogle%20Sans%20Display%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e5688319ea093a91c367a5f64f22b2012affd2a2bf80a8e31a6f4e02c67fb1ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 16:44:20 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 17:34:53 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B0F5
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame B0F5
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B0F5
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B0F5
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame B0F5
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
a6de5423b7c632060e8f86136bd5d27a.js
www.gstatic.com/mysidia/ Frame B0F5
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 03:47:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
222433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15478
x-xss-protection
0
last-modified
Mon, 13 Nov 2023 13:20:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 12 Feb 2024 03:47:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0655
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 14:45:25 GMT
x-content-type-options
nosniff
age
269368
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 14:45:25 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0655
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 15:22:55 GMT
x-content-type-options
nosniff
age
526318
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 15:22:55 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0655
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:30:11 GMT
x-content-type-options
nosniff
age
237882
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:30:11 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 893E
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1382
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:11:51 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
privacy_small.svg
static.criteo.net/flash/icon/ Frame 6C59
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:53 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 6C59
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:53 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 6C59
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sun, 10 Nov 2024 17:34:53 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame 6C59
293 B
621 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sun, 10 Nov 2024 17:34:53 GMT
lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 6C59
43 B
348 B
Image
General
Full URL
https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=9-xU7d1umVEuj3aIexVmo22u4-b6Fk6S93Z-k7T0zskt3WERJlklf1Ew9V6h5dWQUrMBTGA8WMw27sl4GAgSLKR-KBxJZtjtlrvdYcKSjJsr-BOgR1ot_5GCcl2Gpt55m5grhvhA_eZCMdUjQ03cuxUaBx_say9h_4y3Wkc7dWoPmILkMikscwwZnm5FejPsGg2X-3zbsTr-asnVhR0ihvPNeqnDG07M1Bl3n4kpCBEzq55ZoPOKevuS8KdUHz-eCPi3RsEVgnj_iTmACbVLSmyAHreQ8cCya7mQMpOxie-jK34n3cavAwzsmtbzp3F9jwr3BlI8ssjZdxtQ9Pj11NsPPSgcLplQGMVUExLd77e2dmF7gXnO--S05LWb74lAYAU1zHHwZ9V0AtVGvgBsgIixBn7epGyZyaIR4Yehbs7hSPK2
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2575626
expires
Mon, 26 Jul 1997 05:00:00 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 6C59
12 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
212957
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDpSm44%2FXTHkMLNSMtvbLHEFSyQWvHxbsTfoarWnY7%2Fa8qUaugfVGXpTU1clzZQazOzYbrEBpg1xQQrn42fjY5Lx1%2FXEQKFe00RNKGMamq%2F7Ikjpl5VoS9E02TcCvc5TAWNm91sabNiURjjEiKFmRx0I"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cc0b8a89b1f-FRA
expires
Tue, 05 Nov 2024 17:34:53 GMT
truncated
/ Frame 3CFF
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9838bebcdcd661c8267cc3f244e746a6b11a256bc14e4201a395bfcb06c9188d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame FC57
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
8431
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 15:14:22 GMT
etag
16674218716276178799
expires
Thu, 30 Nov 2023 15:14:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame EDE0
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8ad71582d3ee067161bab292b9f769335be17f818b2a9a8fef4e95a450519bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
animejs.js
static.criteo.net/animejs/ Frame 6C59
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:53 GMT
dbbc399d77b849d88127a50c12ca789e_cpn_300x250_1.jpeg
static.criteo.net/design/dt/19906/4834108/ Frame 6C59
61 KB
62 KB
Image
General
Full URL
https://static.criteo.net/design/dt/19906/4834108/dbbc399d77b849d88127a50c12ca789e_cpn_300x250_1.jpeg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
5409b00c1531cf7e989e59f50a440f3a70c019dbefd5379327661fcb8d16bdc3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 14 Nov 2023 12:33:08 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"65536904-f57d"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
62845
expires
Sun, 10 Nov 2024 17:34:53 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6C59
10 KB
10 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=76&m=0&partner=19906&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F19906%2F190812%2F319a2d5469c04e068839667ed003cd32_logo4.png&v=3&w=596&rid=4&s=0QCl27MyXPG2kIk4n1NDhjGp
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
dd73f4e1f4316b52955d52de613c5cbb1034124faf6657ceb6d1e1799979790a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
9815
expires
Sun, 03 Nov 2024 05:28:17 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6C59
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29403781_13-202210180031.jpg&v=3&w=400&rid=4&s=uyhgJgTwrfspO9_bHM5W50sw&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7588af36baed8ec2c6681c753d85d79d83fa47573473489ce3eff27f16b6688d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4520
expires
Sat, 02 Nov 2024 09:18:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6C59
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F19906%2Fbadgeupdate.png&v=3&w=400&rid=4&s=sFPYPwb7keL_Ew6_IWjCVNv_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4547
expires
Thu, 07 Nov 2024 09:55:04 GMT
all
csm.eu.criteo.net/ Frame 6C59
0
128 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=hi1OW527wuzIDsI8QUhwjVNBn13EPqd_bdTY555b6L7UNh4nYCL-salACv-STcBZb-sp9aCEurxrI17yg3uf_kEggjJWVIYYfeFng1FbiZNzUacYwpk6JpbjjxlUFm3munbVKCMGbIteHyHaFAPgA3aQq2hX8-J4oKcOEGePRtrc91pVUhTWupl531E5IXo75x_Yd8STNb3E7py9w-pnOfsmba48PAG8ipBb6x7zsyUmATXQCbaqdXzLyy4wqWT7eruMvg&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:52 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 6C59
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:53 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 6C59
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:53 GMT
18050084918335394246
tpc.googlesyndication.com/daca_images/simgad/ Frame C64A
32 KB
32 KB
Image
General
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/18050084918335394246
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d3b15bb28cd20f34c563325aed8b4c50609880405311e5d281b7269566804fba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 04:32:42 GMT
x-content-type-options
nosniff
age
306131
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32834
x-xss-protection
0
last-modified
Wed, 20 Sep 2023 09:15:25 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 12 Nov 2024 04:32:42 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C64A
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C64A
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C64A
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame C64A
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C64A
36 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 23:54:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
63598
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14803
x-xss-protection
0
server
cafe
etag
12205605038930952422
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Nov 2023 23:54:55 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 3CFF
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CjE35vFJWZbawNIbwtwfFkKiYCpr1y4t07dDqzIoS2tkeEAEg4Y_1AWCV-viBlAegAYeDv_cDyAECqAMByAPJBKoEigJP0P_Xy8Y9yU8E_8IDhyQVW6g-FRY1n9W8u_iXeAklFbb9FwVdTTo...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211163127113421641040%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_windo...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211163127113421641040%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217514279361110489265%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"11163127113421641040","debug_reporting":true,"destination":"https://lightinthebox.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1055900039"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"17514279361110489265"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11163127113421641040","debug_reporting":true,"destination":"https://lightinthebox.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1055900039"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"17514279361110489265"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 911C
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1382
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:11:51 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
shopping
encrypted-tbn3.gstatic.com/ Frame B0F5
11 KB
11 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcT_-X_Z_oxrie5RUyUDUZSSIsY5Cldtq7B7b929UM7jv_YzrgXH&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b46b0ccab5db6d7b89cb1e70f81752c2113b74834881f495517d095f1df5f71b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 08:42:58 GMT
x-content-type-options
nosniff
age
118315
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10844
x-xss-protection
0
last-modified
Thu, 15 Feb 2024 08:06:23 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Thu, 14 Nov 2024 08:42:58 GMT
shopping
encrypted-tbn1.gstatic.com/ Frame B0F5
9 KB
10 KB
Image
General
Full URL
https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSkpENzlI3dOoPs0buFjOeFJKGUeNvqcLmTuuRIUJl18G_AKFc&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4e6b27802cd447183a356cc7f824ac7fc4f6f5197cd2b1ee12758236ed505777
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 01:49:36 GMT
x-content-type-options
nosniff
age
143117
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9726
x-xss-protection
0
last-modified
Wed, 31 Jan 2024 07:59:14 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Thu, 14 Nov 2024 01:49:36 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame B0F5
9 KB
9 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTg2TJ8CjnEtvTiz6Ch1oUcI0t-qxSs83FuvGpe22_1XAQZTh0&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e5353c28d3c7b7fa50d3e3315867e003ea63910264032903eb978b1810c0e60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 08:12:26 GMT
x-content-type-options
nosniff
age
120147
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9251
x-xss-protection
0
last-modified
Thu, 08 Dec 2022 20:54:52 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Thu, 14 Nov 2024 08:12:26 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame B0F5
9 KB
10 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTMSNKcTIxUhHPIv6Lxo4S99z8AYg0W0UVxwBkOx6UPN0RFGtyB&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
812d14f997830b2956aaa4040066a6c43bf04d9ea4b64e6c3e64720ef4496d28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 13:24:14 GMT
x-content-type-options
nosniff
age
15039
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9680
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 10:07:22 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 15 Nov 2024 13:24:14 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame B0F5
16 KB
17 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTHM7_VjiE5q22MrrcKDki_u-BGmruvFjllUpOXB1Lvg7eLumJe&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
204ad18d0f58ab0b0af424fad9a971ba92ee9aa991ebed7988c067818dc2051d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 18:54:31 GMT
x-content-type-options
nosniff
age
168022
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16433
x-xss-protection
0
last-modified
Sun, 24 Dec 2023 02:00:56 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Wed, 13 Nov 2024 18:54:31 GMT
shopping
encrypted-tbn1.gstatic.com/ Frame B0F5
11 KB
11 KB
Image
General
Full URL
https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTAF9zvQgu9nLNJ8LXstA91F4MTPbPPSX4vVjYQwHu13U7lPRd2&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e28b837296a1fe2b1a7bc0e954587f796408b41b734078552db34477007f186b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:50:56 GMT
x-content-type-options
nosniff
age
42237
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11547
x-xss-protection
0
last-modified
Wed, 20 Mar 2024 12:16:19 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 15 Nov 2024 05:50:56 GMT
7103612115487317334
tpc.googlesyndication.com/simgad/ Frame B0F5
Redirect Chain
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U
  • https://tpc.googlesyndication.com/simgad/7103612115487317334
5 KB
5 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7103612115487317334
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24fe63307e2903b2a4b2d80c28383d91861dc9ade1b28feac920e9f5f7b7dddd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:47:38 GMT
x-content-type-options
nosniff
age
236835
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5156
x-xss-protection
0
last-modified
Mon, 18 Nov 2019 11:07:29 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 12 Nov 2024 23:47:38 GMT

Redirect headers

date
Thu, 16 Nov 2023 10:28:32 GMT
x-content-type-options
nosniff
server
cafe
age
25581
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://tpc.googlesyndication.com/simgad/7103612115487317334
content-type
text/html; charset=UTF-8
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 16 Dec 2023 10:28:32 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EDE0
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:30:11 GMT
x-content-type-options
nosniff
age
237882
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:30:11 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EDE0
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 04:31:44 GMT
x-content-type-options
nosniff
age
306189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 04:31:44 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EDE0
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 15:22:55 GMT
x-content-type-options
nosniff
age
526318
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 15:22:55 GMT
container.html
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2165
6 KB
3 KB
Document
General
Full URL
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js?cb=31079694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Fri, 15 Nov 2024 17:34:53 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lp1h1hqt&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&sei=44752538%2C44807614%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1&ua_e=1
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4074894803268433091
tpc.googlesyndication.com/simgad/ Frame B0F5
Redirect Chain
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOCgyafZFBCgEBigEDIIRSpaM6LlJqg
  • https://tpc.googlesyndication.com/simgad/4074894803268433091
341 KB
341 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/4074894803268433091
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2d17e0c299a3060dbd0415878b38cc80f2f6cad0924001ff8e1d29cd85cf0217
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:50:03 GMT
x-content-type-options
nosniff
age
74690
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
348928
x-xss-protection
0
last-modified
Tue, 01 Feb 2022 13:15:08 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 14 Nov 2024 20:50:03 GMT

Redirect headers

date
Thu, 16 Nov 2023 10:11:17 GMT
x-content-type-options
nosniff
server
cafe
age
26616
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://tpc.googlesyndication.com/simgad/4074894803268433091
content-type
text/html; charset=UTF-8
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 16 Dec 2023 10:11:17 GMT
38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js
www.gstatic.com/mysidia/ Frame FC57
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 14:04:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
531024
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4046
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 19:36:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 08 Feb 2024 14:04:29 GMT
78b00c21e40332afd18050ebd59c6b08.js
www.gstatic.com/mysidia/ Frame FC57
11 KB
5 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/78b00c21e40332afd18050ebd59c6b08.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 00:13:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
580865
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4753
x-xss-protection
0
last-modified
Thu, 09 Nov 2023 22:22:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 08 Feb 2024 00:13:48 GMT
css
fonts.googleapis.com/ Frame FC57
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 16:37:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 17:34:53 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FC57
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame FC57
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:17:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
55048
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:17:25 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FC57
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12700
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FC57
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6204
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame FC57
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:53 GMT
a6de5423b7c632060e8f86136bd5d27a.js
www.gstatic.com/mysidia/ Frame FC57
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 03:47:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
222433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15478
x-xss-protection
0
last-modified
Mon, 13 Nov 2023 13:20:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 12 Feb 2024 03:47:40 GMT
truncated
/ Frame E595
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2da2efea74f294509c344e246b3b006e8c2081a9e38dbe6396d0a39bc355791

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211163127113421641040%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217514279361110489265%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:53 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
videoplayback
r1---sn-4g5lzner.gvt1.com/ Frame B0F5
Redirect Chain
  • https://redirector.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=ip,ipbits,expire,id,...
  • https://r1---sn-4g5lzner.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...
1 MB
1 MB
Media
General
Full URL
https://r1---sn-4g5lzner.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64AF84D478EC4394471B4C8972A34E9DF7A50818.50BFC8EE4D72AB0BDB1A197E1BBA8FD33B31EF1D&key=cms1&cms_redirect=yes&mh=f0&mip=2001:1b60:2:240:3247::9&mm=28&mn=sn-4g5lzner&ms=nvh&mt=1700155332&mv=u&mvi=1&pl=29
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Server
2a00:1450:4001:15::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
a46e24e96432effddcb0fb1945b98fe889b09bc22c6b4fbb3567c6f4970aa9ff
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

client-protocol
quic
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
last-modified
Mon, 02 Oct 2023 22:11:07 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
Content-Range
bytes 0-1194405/1194406
cache-control
private, max-age=6899
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length
1194406
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
ClientMapServer
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://r1---sn-4g5lzner.gvt1.com/videoplayback?id=a8c2897be5de21df&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1700163293&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=64AF84D478EC4394471B4C8972A34E9DF7A50818.50BFC8EE4D72AB0BDB1A197E1BBA8FD33B31EF1D&key=cms1&cms_redirect=yes&mh=f0&mip=2001:1b60:2:240:3247::9&mm=28&mn=sn-4g5lzner&ms=nvh&mt=1700155332&mv=u&mvi=1&pl=29
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
710
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame B0F5
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be3e82bac967ae4410e4892709367f57fa7d0c393af8f1818173d0e9f4adcccf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
img
imageproxy.eu.criteo.net/img/ Frame 6C59
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29403781_13-202210180031.jpg&v=3&w=400&rid=4&s=uyhgJgTwrfspO9_bHM5W50sw&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7588af36baed8ec2c6681c753d85d79d83fa47573473489ce3eff27f16b6688d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4520
expires
Sat, 02 Nov 2024 09:18:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6C59
10 KB
10 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=76&m=0&partner=19906&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F19906%2F190812%2F319a2d5469c04e068839667ed003cd32_logo4.png&v=3&w=596&rid=4&s=0QCl27MyXPG2kIk4n1NDhjGp
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
dd73f4e1f4316b52955d52de613c5cbb1034124faf6657ceb6d1e1799979790a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
9815
expires
Sun, 03 Nov 2024 05:28:17 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6C59
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F19906%2Fbadgeupdate.png&v=3&w=400&rid=4&s=sFPYPwb7keL_Ew6_IWjCVNv_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4547
expires
Thu, 07 Nov 2024 09:55:04 GMT
opensans-400.css
static.criteo.net/design/googlefont/opensans/ Frame 6C59
2 KB
899 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-700.css
static.criteo.net/design/googlefont/opensans/ Frame 6C59
2 KB
900 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 7565
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=24789235&adf=2314797025&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=444&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1255&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=449
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
afr.php
ads.eu.criteo.com/delivery/r/ Frame 36C2
140 KB
48 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
2520ee7187e14fc429422e3d1d7015b1127ab7e1623d99fead944769b51a0abf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=uAI24J27wuzIDsI868gOfNwpj57HZMioTfXBnoVMaiMqB8_fB57RPWkDEeK-XrKnKY01HIys2CtMTRrXtngtGSZieG3kT-eujnu7_MTCUUR-Uvrfr8W55sLa8W1KmgG1gS-A8ojNAtbqKbKuv_UD0QNjOWmDTCQDJzbr5QHUDqWN9Jp17Cz2t8udEZ8vz-NVo7yujiZBDrJAqHNvzm7oGc4du5bL0EZHyIPfmH9db234vC4lVZ8C9JZAfTNggW2P1Jc0GQ"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
49763770
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2165
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12701
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2165
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2165
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 01:55:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
574788
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 09 Nov 2024 01:55:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 2165
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:54 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 893E
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
expires
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame E595
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CMNJ8vFJWZerVNdyHwuIP5oaJoAqa9cuLdO3Q6syKEtrZHhABIOGP9QFglfr4gZQHoAGHg7_3A8gBAqgDAcgDyQSqBIoCT9AXDD3DTbLoXcn2Kl2tjktLdG-MgPfuq8xArC-nr0RY52ZiBsM...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225154838738701500729%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225154838738701500729%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222989270465262815089%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"5154838738701500729","debug_reporting":true,"destination":"https://lightinthebox.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1055900039"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"2989270465262815089"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5154838738701500729","debug_reporting":true,"destination":"https://lightinthebox.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1055900039"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"2989270465262815089"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 45D8
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:03:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
12701
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:03:13 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 45D8
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
6205
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:29 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 45D8
203 KB
64 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 17:34:54 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B0F5
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?zx=nlfl9nanoamw&sap=t&cf=playback_controller
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame B0F5
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C_lmhvFJWZfa0LImLtweY8LGQAviD_51048fQlqMRl8aGmqk5EAEg4Y_1AWCV-viBlAegAePAq8cDyAEJqQJR6kGdDTGyPqgDAcgDywSqBIUCT9ClJGXIaiqHArGhes7k48ItT4rlR_sBYcJ...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222162907265408429949%22,%22debug_reporting%22:true,%22destination%22:%22https://stylight.de%22,%22event_report_window%22:%2...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222162907265408429949%22,%22debug_reporting%22:true,%22destination%22:%22https://stylight.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22954916963%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210950554646605436833%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"2162907265408429949","debug_reporting":true,"destination":"https://stylight.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["954916963"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"10950554646605436833"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"2162907265408429949","debug_reporting":true,"destination":"https://stylight.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["954916963"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"10950554646605436833"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0655
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 23:30:12 GMT
x-content-type-options
nosniff
server
cafe
age
65082
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Thu, 16 Nov 2023 23:30:12 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0655
295 B
330 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 03:23:34 GMT
x-content-type-options
nosniff
server
cafe
age
51080
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 17 Nov 2023 03:23:34 GMT
ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame B0F5
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CGoogle%20Sans%20Display%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 19:14:31 GMT
x-content-type-options
nosniff
age
512423
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21428
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:32:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 19:14:31 GMT
4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame B0F5
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CGoogle%20Sans%20Display%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fd13aa5309882955edefa1157aab289e1542b6cac5b258f7a486ef88ed1d876
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 16:55:06 GMT
x-content-type-options
nosniff
age
2388
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21360
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 16:55:06 GMT
truncated
/ Frame C64A
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f71e8066f6e77c1f4c5cd125b90b13988b7bf06a6f43951542f6d566ee8a1af9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
afr.php
ads.eu.criteo.com/delivery/r/ Frame 0662
245 KB
66 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e4648dcf44a08191d151a06cc363affa8119c5dcd47247cf56d2c4a6d5c49890
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:53 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=iVR46J27wuzIDsI8s35kxcrrAPxQ-2j4c0BOdp_JkITakxo45YMdkkpVH9I8RnmsmANFuX6i6ZFde9dyCkqnuKvC7ahnB38G1xQo0rDxxMcuYGl6l7luEk03ntrHwiZNM5s2rSpmA5Fp3jfnPBb_zpl46hkxdneNWVMStqsV2IISWGFoRE855img_jdCtUVaGJs2gXNp80V0E3Lm7CU_oCG-rjan6IVJgvcdS6iF-MJoTPyZHzhwEh4dmiyTyoYvFDiNNQ"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
82087295
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
si
googleads.g.doubleclick.net/pagead/drt/ Frame 911C
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
expires
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
14763004658117789537
tpc.googlesyndication.com/simgad/10553422672292510253/ Frame FC57
1013 B
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/10553422672292510253/14763004658117789537?w=100&h=100&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9362261a59576b70d5c810098495b30a0b7fbf5cbf6eb84647c618caa11f0581
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 06:08:46 GMT
x-content-type-options
nosniff
age
559568
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1013
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 17:43:03 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 09 Nov 2024 06:08:46 GMT
opensans-400-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 6C59
16 KB
17 KB
Font
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-4164"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-700-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 6C59
16 KB
16 KB
Font
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
1baff9bf8d69c7de6ea553b53218dc5990e8a58d69200bab0c4763e70639fef4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-3ff4"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 8151
0
19 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CpGlsvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIACT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxj02kB-VF_q8s491BROaJ6iWaNVJXl5udj6Za-X9P3opE_6qgwNT4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi00MTkxNjQ3MjQxNDg2ODgwGAA&sigh=UlKLrhF7amE&uach_m=[UACH]&cid=CAQSTgDICaaNNbF2ExeluOYwN_gLM3EripEi6uvIevpCE6wM6W26_fyhMQErW-jzp18enhq197u2nD8_aJ3mszwxmTHCP_OMwpKy5yhIRg-iCRgB&cbvp=2&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 8151
0
126 B
Image
General
Full URL
https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kOz_GN2BMKwC-gGdg2ICAgAAAKT7D9EfaP_CELxSVmWR8g9pfr6M8mb1AAASAAAKCkFRVUJEd0VCRHc&wp=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&cbvp=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
server-processing-duration-in-ticks
174919
server
Kestrel
content-length
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 638B
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:11:51 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225154838738701500729%22,%22debug_reporting%22:true,%22destination%22:%22https://lightinthebox.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221055900039%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222989270465262815089%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame FC57
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11641c9b34bdbf61a762c9b04146ee1da7b01e5bb43d8bae8e1a05dc67978a81

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lp1h1hsr&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&umsem=0&ple=1&ape=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js%253Ftag%253Dclient_fast_engine_2019&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~lp1h1i4i&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F550964233668833c70e8a0f193337640.js%253Ftag%253Dgpa%252Fdynamic_fig_web_banner_v2&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~lp1h1i4i&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252Fa6de5423b7c632060e8f86136bd5d27a.js%253Ftag%253Dmysidia_one_click_handler_one_afma_2019&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
235 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=5~lp1h1i4i&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fencrypted-tbn3.gstatic.com%252Fshopping%253Fq%253Dtbn%253AANd9GcT_-X_Z_oxrie5RUyUDUZSSIsY5Cldtq7B7b929UM7jv_YzrgXH%2526usqp%253DCAI&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=6~lp1h1i4i&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fencrypted-tbn1.gstatic.com%252Fshopping%253Fq%253Dtbn%253AANd9GcSkpENzlI3dOoPs0buFjOeFJKGUeNvqcLmTuuRIUJl18G_AKFc%2526usqp%253DCAI&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
55 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=7~lp1h1i4j&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fencrypted-tbn3.gstatic.com%252Fshopping%253Fq%253Dtbn%253AANd9GcTMSNKcTIxUhHPIv6Lxo4S99z8AYg0W0UVxwBkOx6UPN0RFGtyB%2526usqp%253DCAI&encoded_body_size=0&transfer_size=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222162907265408429949%22,%22debug_reporting%22:true,%22destination%22:%22https://stylight.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22954916963%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210950554646605436833%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
privacy_small.svg
static.criteo.net/flash/icon/ Frame 36C2
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 36C2
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 36C2
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sun, 10 Nov 2024 17:34:54 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame 36C2
293 B
621 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sun, 10 Nov 2024 17:34:54 GMT
lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 36C2
43 B
347 B
Image
General
Full URL
https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=8Apic5SdAITy1Ulo9HjmEAakjX1xope6OVWznCSVJZWHIvUm2jhLyCwa3OppxevC5tjglpha5l2gP96NwZz4jH2P5PHeac-OUNCqag7o19wpKxSfW0xW48zTF_JK9SaWSsGHshs1v6gr3lj5uMQHbITg5G-vM68akm8XyhJ6CFEEK3p-NBp0IpFADiNoY727VACiuS2old24rOm_KhfwWqq7QhTM8D5tUeCeuM8VkUh3s1QrWk21DVt3ptobnLW_WwBq1h5VLq_pgOQZzK5DJEBr_vc3UkdwzRVgX_JLFZigW6BKOwPqAyimTn1jmgt-n9WJoLlVMHvF4aSHyHzWPLNejZog3NwYbbzoOZZcOI5wXYHaxmmBeJm79JkcR57bCl_sYyxC8E4kgHdfykB4PzFVIHlzoUvI9tR-i8eViISoJH3bmF1x9zyoSW9mKrlZrUhUww
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2282066
expires
Mon, 26 Jul 1997 05:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame C64A
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C9lnPvFJWZYHAN8mLtwfanq74AfrZ7pt0wdi2nI4StP2ai7IDEAEg4Y_1AWCV-viBlAegAc-vjMwoyAECqAMByAPJBKoEgwJP0GjGPmZ6HuYJvOWmxb68uAnpXbIYR6MvGP6QxgEyydQ2-C_...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225501651140982028927%22,%22debug_reporting%22:true,%22destination%22:%22https://silksilky.com%22,%22event_report_window%22:...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225501651140982028927%22,%22debug_reporting%22:true,%22destination%22:%22https://silksilky.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210897004495%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22947900785217907745%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"5501651140982028927","debug_reporting":true,"destination":"https://silksilky.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10897004495"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"947900785217907745"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5501651140982028927","debug_reporting":true,"destination":"https://silksilky.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10897004495"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"947900785217907745"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 36C2
12 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
565669
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IdlyPwgiDQlXZNa2t%2FHe99O10kSklJRPKGSPvvO1e7tUCr3rkB%2FS1iUQhzMwxngZEAZG7DyEn9t38MZR9lIFUhjxuslFpDtkCWZSQLRegCFE0SZB445yEoL6pnENr7C%2Begi8hU%2BvWQPV1O1bVKU5tAKh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cc5687f9bdc-FRA
expires
Tue, 05 Nov 2024 17:34:54 GMT
animejs.js
static.criteo.net/animejs/ Frame 36C2
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame FC57
33 KB
33 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 21:01:51 GMT
x-content-type-options
nosniff
age
73983
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34108
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2024 21:01:51 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 0655
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CishTvFJWZc3UOYCS7_UP4bK3gAG7-tmddOvWmr6nEvb3jpitQRABILDIwCFglfr4gZQHoAGokta_A8gBCakCRHtlq2KVgz7gAgCoAwHIAwqqBMACT9DX3VFtS6AeTE3c5gzuekg7U5qYr5BW1Qg7HPXtgy0U05vhUlcjRkFN6l9rpX3s-LBHXGdeV9wlvd4Y5f-rLqXQPFrG0MuvZ-sk_dYCjWLNrWF5eADsz61kS2qqnFpilrX4zHoD_cDk0RJGVepOHSvtYXzkSCHZO6kxoadkauY1bL6ZzTp22HAuvfKSpU8yXRd9idhg_K1UH1qHkTLq08_Eb0hEUtPbz6-7hqWQ-RXbSw0nIX1sDEmXZQEV-DjB-TUpn-VutfhESAklgZ_ttvW-vbhB3TRWfjp6oWrI1SB761tP-3sHiHIbkda5ShEps8IGG05PyZyQbNK2O_0LDUzF0D4s0Rdv-zgAmfebqb4jzGC4pYuNiIB2LPQit-FFwUB3d8Nec1ghgNnWTiorXRCdEhpGxhCqrb8gRnW1cqnABOWvsti8BOAEAYgFjsnVpk2gBi6AB-PjzDSoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBD-7wTSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WLy67P-GyYIDmgmGAWh0dHBzOi8vd3d3LmJvb3p0LmNvbS9kZS9kZS9kYW1lbm1vZGUvYmxhY2stZnJpZGF5P3V0bV9zb3VyY2U9Z29vZ2xlJnV0bV9tZWRpdW09ZGlzcGxheSZ1dG1fY2FtcGFpZ249ZGVfZ29vZ2xlZGlzcGxheV9ibGFja2ZyaWRheV8yMDIzgAoDyAsBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbEC4g0TCPjm7P-GyYIDFQDJuwgdYdkNENgTA4gUA9AVAZgWAYAXAbIXHgocCAASFHB1Yi0yMzI1NDc5MTg2NDg1MzM4GNTEDA&sigh=eqbpnCvUtYs&uach_m=[]&ase=2&nis=5&cid=CAQSTgDICaaN1sWh3tscrKzZDapzuG_KQ5U55m23V1GwGEsFxlvHzkFmBnZioimUAMOIK6LMn6cTVshKbVUEULkC0AsiknO93AwFIb7C7g2ytBgB&template_id=5000&cbvp=2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

truncated
/ Frame 2165
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8793f5ad7c1b32e475dcad3f2fb16081b5023820e10e679e7c3b303b05b3c80

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
img
imageproxy.eu.criteo.net/img/ Frame 36C2
10 KB
10 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=76&m=0&partner=19906&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F19906%2F190812%2F319a2d5469c04e068839667ed003cd32_logo4.png&v=3&w=596&rid=4&s=0QCl27MyXPG2kIk4n1NDhjGp
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
dd73f4e1f4316b52955d52de613c5cbb1034124faf6657ceb6d1e1799979790a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
9815
expires
Sun, 03 Nov 2024 05:28:17 GMT
img
imageproxy.eu.criteo.net/img/ Frame 36C2
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29403781_13-202210180031.jpg&v=3&w=400&rid=4&s=uyhgJgTwrfspO9_bHM5W50sw&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7588af36baed8ec2c6681c753d85d79d83fa47573473489ce3eff27f16b6688d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4520
expires
Sat, 02 Nov 2024 09:18:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame 36C2
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F19906%2Fbadgeupdate.png&v=3&w=400&rid=4&s=sFPYPwb7keL_Ew6_IWjCVNv_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4547
expires
Thu, 07 Nov 2024 09:55:04 GMT
dbbc399d77b849d88127a50c12ca789e_cpn_300x250_1.jpeg
static.criteo.net/design/dt/19906/4834108/ Frame 36C2
61 KB
62 KB
Image
General
Full URL
https://static.criteo.net/design/dt/19906/4834108/dbbc399d77b849d88127a50c12ca789e_cpn_300x250_1.jpeg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
5409b00c1531cf7e989e59f50a440f3a70c019dbefd5379327661fcb8d16bdc3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 14 Nov 2023 12:33:08 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"65536904-f57d"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
62845
expires
Sun, 10 Nov 2024 17:34:54 GMT
img
imageproxy.eu.criteo.net/img/ Frame 36C2
3 KB
3 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12126311_2-202108130002.jpg&v=3&w=400&rid=4&s=L0oDTP2b8TwjcfDgCxE3O9qC&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
0c659c2351251346d80951411cf3e8704b382d17b990f900212543f96faaa44d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3134
expires
Tue, 05 Nov 2024 03:33:20 GMT
all
csm.eu.criteo.net/ Frame 36C2
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=uAI24J27wuzIDsI868gOfNwpj57HZMioTfXBnoVMaiMqB8_fB57RPWkDEeK-XrKnKY01HIys2CtMTRrXtngtGSZieG3kT-eujnu7_MTCUUR-Uvrfr8W55sLa8W1KmgG1gS-A8ojNAtbqKbKuv_UD0QNjOWmDTCQDJzbr5QHUDqWN9Jp17Cz2t8udEZ8vz-NVo7yujiZBDrJAqHNvzm7oGc4du5bL0EZHyIPfmH9db234vC4lVZ8C9JZAfTNggW2P1Jc0GQ&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 36C2
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 36C2
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&u=%7C6NZpOCorWY2RjlUIGldzc4E4GquNo6%2FFwmQtkqcqCOU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZVTcDBqK9MN3x1zpw2m-BD1ZPLD60EDP5kE-9UUK591_kmjYYWLfHUiGbuq8UUcNT8hR2fsnhgnMFjkn82WaDL-fR6bH4O706Z6gobtTGB0Eth0gWIHrRDbC7jlDxgofgGTyPY2d7VoI6WFadMdSw7r7JkbMKGscUqikxiyGO6bkA0A72P0_79TcFpS9XOJ3NPe7_6KVn_iXYx5xWeUOFAyTcfvFWACY39_aIQe5IDEJbJkE28wL6bZQqqB1nTBbo4hggCHYh8W2146J72ErGgJgiY_EJmFjk7nnUIDWdCdE-xE4D2ddPTOfU9Rf3nQOYOBqDtBnU5wAAbyAa7qFKErwgQNR_eSo-93Ka5PYwwLRERGY7JPQpW4G1REpnf5pOEgMBFZOZtt1m6GVo2a-APRRPIDgNyqh-hDfKKqiXokPqV86FSsvSKiuQGQjU_HsBGqzEvKX5YPD_zm0TkihW2R8bGhWYFw7j2UzDdhhKOsyy-FAJef69_z0mntnn02icZZhemcpw_0OONJMclqK4ZSlwkuOYlU3N9VLx6GZEC2s&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP2nBvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS4Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsFpx5fDqQ7gk5KKkY8PqRZuiiBoL0MKAgfJc7tQq5Xt3eiOxQk0l7UcIuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Bo663pmE2uZ9uRqmrosINmwxrvA%26client%3Dca-pub-2697679518515886%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
truncated
/ Frame 45D8
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ad6d02ce0a503f785bd98cef582ee82e731365471f4e598106ad5fbfc919888

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
privacy_small.svg
static.criteo.net/flash/icon/ Frame 0662
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 0662
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 0662
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sun, 10 Nov 2024 17:34:54 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame 0662
293 B
621 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sun, 10 Nov 2024 17:34:54 GMT
lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 0662
43 B
347 B
Image
General
Full URL
https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=htDWBhiS2CFxMGBZS-Ik8zpbHBp4za0CjZl1CWn5l6h939JoCB7FfqvgRfEVwrkXdKdDdAmqreRAwDvxrZCCJFRC8GtyEO2IMcGunQs7QKUaSIYKt0G6W5BoOGXRCTMY6_o1XMY8v2qHTYkv_vIo0CqRis_TyaAiyNWtUwuEEWAmeYi4jTkVtPFjwzpuQUTYvc5aKm-OmdXBN3iLwksgd0ma4G9_p3loMrfjcY545-N-U6wC5aWZw8hkVAIeF8Az0MOySS1Qur1KYX2LL3U4mXAajnRQ87nPYmoWAaBrZpyblO_HbIJ3cyhj5cx6U5NTT-n7GtAtMckOXJO029KCgmfpsre1eESH9C7fCcoS-DjrMEq6MBFFqgQ1y5-N5ILyLTJU2L1HVTU64_yq9RMIS70tOa6HSP7MFVZn5xxxAOyowrwxSPkgF315ToV4MFb4m-8y_Q
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2260262
expires
Mon, 26 Jul 1997 05:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225501651140982028927%22,%22debug_reporting%22:true,%22destination%22:%22https://silksilky.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210897004495%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22947900785217907745%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame FC57
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CkRp4vFJWZevkKZTItwetkriABf6i-px0y4XMwYYSgsKDw8EBEAEg4Y_1AWCV-viBlAegAfnwpbgByAEBqQK_2Gm_FTSyPqgDAcgDywSqBIECT9Bn3J89nCZTIhUkkv6cO3VjCZmMgABfnwX...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210655591615244792552%22,%22debug_reporting%22:true,%22destination%22:%22https://hofmann-hofmann-fca.de%22,%22event_report_...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210655591615244792552%22,%22debug_reporting%22:true,%22destination%22:%22https://hofmann-hofmann-fca.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22386496633%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216572019114648612417%22}&andc=true
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"10655591615244792552","debug_reporting":true,"destination":"https://hofmann-hofmann-fca.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["386496633"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"16572019114648612417"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 17:34:54 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"10655591615244792552","debug_reporting":true,"destination":"https://hofmann-hofmann-fca.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["386496633"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"16572019114648612417"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 638B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
expires
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:54 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 0662
12 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
565669
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mq7rO4sOyCh4Zr0UN3E3IPOXKR7d8GFCn38daspbw%2FJT%2BUpzmFZtALaDWXObmVpr%2FOhelvVOOtDLFQ%2F48e55G68eDNUyHCAxtqzeiyNznmgcFuUHvVvPlZfViDBS9UFIKxjOag7zsJmQNkAu6A7ibrZy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82717cc6799e9bdc-FRA
expires
Tue, 05 Nov 2024 17:34:54 GMT
animejs.js
static.criteo.net/animejs/ Frame 0662
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 8149
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F19906%2Fbadgeupdate.png&v=3&w=400&rid=4&s=sFPYPwb7keL_Ew6_IWjCVNv_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4547
expires
Thu, 07 Nov 2024 09:55:04 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
3 KB
3 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12126311_2-202108130002.jpg&v=3&w=400&rid=4&s=L0oDTP2b8TwjcfDgCxE3O9qC&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
0c659c2351251346d80951411cf3e8704b382d17b990f900212543f96faaa44d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3134
expires
Tue, 05 Nov 2024 03:33:20 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29403781_13-202210180031.jpg&v=3&w=400&rid=4&s=uyhgJgTwrfspO9_bHM5W50sw&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7588af36baed8ec2c6681c753d85d79d83fa47573473489ce3eff27f16b6688d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4520
expires
Sat, 02 Nov 2024 09:18:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
8 KB
8 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=19906&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F19906%2F190812%2F319a2d5469c04e068839667ed003cd32_logo4.png&v=3&w=196&rid=4&s=FZTmcHCBcgtKijymJTiRiLks
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3499c40fb2a828918f50d4d4b1daa09d3b3470a48033136ec99afd3300df608
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/png
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
7882
expires
Sun, 03 Nov 2024 05:28:17 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
4 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F11303227_5-202304111829.jpg&v=3&w=400&rid=4&s=4EvXVwfKaitNtkYi6Qp04EdR&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
529bdd17318df790516860cd852d100561f0e6abb5f90e23b85bce353dc14435
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3610
expires
Mon, 04 Nov 2024 18:15:13 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
4 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F14307938_9-202206132231.jpg&v=3&w=400&rid=4&s=9GhbJtvjQNs079aZsEpm6AmD&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
778ddd1dfc54953dbd0f16c09bb9aa333201fc88187dedec5cc1439a4431b0d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4122
expires
Mon, 04 Nov 2024 18:14:20 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
2 KB
2 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F26405068_2-202107202233.jpg&v=3&w=400&rid=4&s=os5uDOYCbBRS7Ri47n5Xlpjm&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
32132009f3bc11d62ae0b55655df18cba0f8d7b6c12d8052291c660255faa29e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
1956
expires
Sun, 03 Nov 2024 08:48:34 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
5 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F40400278_1-202301131241.jpg&v=3&w=400&rid=4&s=CC0mQrcyd8GSUL5X3HwO9VHS&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7bf234cb7bfdc714a773781dfd2ea6d49a594d568ba449d271c73b5ec323d4b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4658
expires
Mon, 04 Nov 2024 14:46:11 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
7 KB
7 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F22407994_3-202206091236.jpg&v=3&w=400&rid=4&s=0ohRL2t-kF7zvxvczHoaqjrN&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
3016eaf084e598194a0e18a0d4d1ad90d1da1dffe5a0cdde34df5733de975e3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
7138
expires
Sat, 02 Nov 2024 11:40:57 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
9 KB
10 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F11524767_2-202110061234.jpg&v=3&w=400&rid=4&s=OVZiaA2ZC7eUuoB5li5x_PwJ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
431097f4f934bdc8ae8ea0d5d33a07573e22cf31f50e02499a1b12b98be7c4a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
9592
expires
Sat, 26 Oct 2024 05:01:44 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
8 KB
8 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12301172_4-201811271512.jpg&v=3&w=400&rid=4&s=YhJmXegJv-Ar8PS_bYunnL9Q&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7b3b86a9c070155b2cbb0ea45df23d3b69968245a8dab1a442c4c7c25e18e11c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
8324
expires
Sun, 03 Nov 2024 07:29:30 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
5 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F28409628_2-202202022233.jpg&v=3&w=400&rid=4&s=UL6pOIcy7zM-pxOPisoDQ3ms&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
1ab6763a92c664d1b1a7b5421ac60834aa5a1e93dd9ade4e1f951723207bc53e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4624
expires
Sat, 02 Nov 2024 08:43:55 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
3 KB
3 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F28405766_2-202111031303.jpg&v=3&w=400&rid=4&s=MWqfokvxrnLr-UZkzqaUXpzo&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
0d566296c283e164ef207161e0c46c0d3b63c9a52e176af09832cd187a14c891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3076
expires
Tue, 05 Nov 2024 14:56:24 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
3 KB
3 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29408527_4-202211071236.jpg&v=3&w=400&rid=4&s=CV2z6TcE4jgACikjiZ4r-Q4t&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d4dc518e243d06f337b00ed6c623f2aff3c67aa179a08b68f875e470898a5df4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3064
expires
Sun, 03 Nov 2024 07:37:18 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
5 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12307622_8-202307112233.jpg&v=3&w=400&rid=4&s=EX50WH4UN9Ua1bbmxHGSx1ZZ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
6893f1cd0da336a810d8787c06138ca1787585165bb3f5ea6d8da70f0d3632a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4964
expires
Tue, 08 Oct 2024 04:52:32 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
4 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F25402845_4-202006091054.jpg&v=3&w=400&rid=4&s=jDSdYFtt5cbCe2aQrdZzsoq2&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
3f8df6f3619442499c34784324159b55d118fbe0f3070c63a8554d766a4f7a9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4212
expires
Sat, 02 Nov 2024 03:05:10 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
2 KB
2 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29406679_7-202304111829.jpg&v=3&w=400&rid=4&s=Ap4KpwmCU_zV9vRnOaPBbtGU&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
af372253d5598edc1e4368bf6ee8e5fc5970eebe66fb7fb91554ee9918214a7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
2230
expires
Sun, 03 Nov 2024 14:03:46 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
2 KB
2 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F40406261_6-202309221240.jpg&v=3&w=400&rid=4&s=YxWi4CyBZD5PMW9L20E0396P&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
a27997ed4b49e43ff9ade9ca0505a27fc8b392a2e1ab6d7e14976f03a737e95f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
1746
expires
Thu, 17 Oct 2024 07:54:44 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
2 KB
2 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F29403899_9-202207062231.jpg&v=3&w=400&rid=4&s=an9GnJ_2quAmOtH0nMJ6bmbo&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
3e976b279b9ad9976190980603aceb502e89975d5234f3f4d38601fbc4baa6cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
2256
expires
Mon, 04 Nov 2024 18:26:09 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
4 KB
4 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F12307718_6-202109202232.jpg&v=3&w=400&rid=4&s=5wHyHv9ji-hKd50iAJkYgVwa&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e90958ba258edd7d3efaabc4da6dfd25112abd7d7eaf600ee5d18bc5e8630af3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
3794
expires
Sat, 02 Nov 2024 03:34:43 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
3 KB
3 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F27404138_1-202109241236.jpg&v=3&w=400&rid=4&s=oQW0epws7BCfsAgMPJGjwR7a&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
c7b0559bee2cbbbf9832b770c7ff15a4c204209b11dd04a1eeadecfb2fad3ae9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
2962
expires
Sun, 03 Nov 2024 20:47:37 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
5 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F26403084_2-202011061721.jpg&v=3&w=400&rid=4&s=rkhvWB39GXXEqQ2p9jA4MAFs&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
485b7e107282f2bacf10a28bf7a8c5d62d76d4021350698ef27248ede039dee8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
5284
expires
Mon, 04 Nov 2024 12:29:27 GMT
img
imageproxy.eu.criteo.net/img/ Frame 0662
5 KB
5 KB
Image
General
Full URL
https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=19906&q=80&r=0&u=https%3A%2F%2Fmedia.hoeffner.de%2Fmedias%2Fzoom%2F13306019_5-202110192233.jpg&v=3&w=400&rid=4&s=kLnfE4pG3CTbGVYMk5LZKgiR&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
849302d1bef4830623ba271a9f718597e176a9ddadff287ee9ea63708d2b2a62
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
timing-allow-origin
*
content-length
4842
expires
Mon, 04 Nov 2024 07:50:07 GMT
all
csm.eu.criteo.net/ Frame 0662
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=iVR46J27wuzIDsI8s35kxcrrAPxQ-2j4c0BOdp_JkITakxo45YMdkkpVH9I8RnmsmANFuX6i6ZFde9dyCkqnuKvC7ahnB38G1xQo0rDxxMcuYGl6l7luEk03ntrHwiZNM5s2rSpmA5Fp3jfnPBb_zpl46hkxdneNWVMStqsV2IISWGFoRE855img_jdCtUVaGJs2gXNp80V0E3Lm7CU_oCG-rjan6IVJgvcdS6iF-MJoTPyZHzhwEh4dmiyTyoYvFDiNNQ&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:54 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 0662
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 0662
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 0C81
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=627390368&adf=3077839952&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2044&idt=511&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1921&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=535
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210655591615244792552%22,%22debug_reporting%22:true,%22destination%22:%22https://hofmann-hofmann-fca.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22386496633%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216572019114648612417%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:54 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 46ED
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=3871340477&adf=3598479851&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=582&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4332&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=5&fsb=1&dtd=585
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 95DB
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=1582561945&adf=1461205882&pi=t.ma~as.6979783657&w=300&lmt=1700156092&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092288&bpp=1&bdt=2043&idt=547&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=4&fsb=1&dtd=551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
opensans-400.css
static.criteo.net/design/googlefont/opensans/ Frame 36C2
2 KB
899 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-700.css
static.criteo.net/design/googlefont/opensans/ Frame 36C2
2 KB
900 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-400.css
static.criteo.net/design/googlefont/opensans/ Frame 0662
2 KB
899 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-700.css
static.criteo.net/design/googlefont/opensans/ Frame 0662
2 KB
900 B
Stylesheet
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-9fe"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame B0F5
42 B
64 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cgk6jvFJWZfa0LImLtweY8LGQAviD_51048fQlqMRl8aGmqk5EAEg4Y_1AWCV-viBlAegAePAq8cDyAEJqQJR6kGdDTGyPqgDAcgDywSqBIgCT9ClJGXIaiqHArGhes7k48ItT4rlR_sBYcJJPylkpPldsnsckGcCeKX8ShfO2Lk_o36tBcWbschx_mH7IGLUJsXOOV42eUuONIyhpKGodpgE4CKfad9dsmoo1A2Liw80bakBd5M-1spvr2llqXM6ETp779CzwbXx0ALKgf89Ljtt_aBCEgFjOADepPDAZZ-uRw5Nat5yvO1NbECue9zk1ozeCgNTp7RfQd3KWmHPw7KxMf0lB91wabNWh6NgSmUskvzepjhxEAl-6VhxBiifv1AAmoGYdeHeurHxciQc-VwX11oWq-lZDh0nIvCJzlOQMtxtrjjGFqFGz_zJeK5RF2RbK8rwsWoAwAT59pq-mwSIBbHU0upJoAYugAfR_4wmqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6sQmERRltX58RQoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQLaDBEKCxDQ79i76uLGqNoBEgIBA6oNAkRFyA0B2BMLoBSvycygq8Djil-gFL6Q4vW2w8-3rwGgFNPO_92vgomuzwGgFIfynL7XiNm79QGgFKjnxu-2jeWO5AGgFPmxi9WrqJyRuAHQFQH4FgGAFwE&sigh=XXFo1W6Lse0&cid=CAQSTgDICaaNeIGnqXalg_rpd55HcgoBAN_wqSEEKCW2dv9hA_i0O9E-Ru6p51hSohIaFoztEnTz71e5lko8KmmLkEU_S2o4AE5lz4W0LRxs9A&label=adresume
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
opensans-400-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 36C2
16 KB
17 KB
Font
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-4164"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 2165
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CAFMhvVJWZYacEb7c7_UPjqiysAjJntKxXNWdkfdwwI23ARABIABglfr4gZQHggEXY2EtcHViLTI2OTc2Nzk1MTg1MTU4ODbIAQmpAm8L5uPGQbI-4AIAqAMByAMCqgS1Ak_QvnsVNb8H91eGYHAtv30RXu3mQx_PfBWdJYiYVj78Tp2NkQo9Ub8tWWcGHiDQCgaL7tpB_2-deUGdLoVG6uDucqTPgyXJJSvAFzbMljUDCLhPQldKrjZ_4DN0IHdB9lBe-syD9JO5rFalKiov83woITnNEAlaz-VJfs5Twkl4_uJdQKaSWdOTJPmev3vmDnCwq7mEq5iiaSEgTJe9aLETEm94wADSEl4UDFu27PWodcjjA160uJAcvGzLJnZ3iQvVcNWNK4r_QWcLabSwwBeWpJxXKGZoUBn2e1oTPZSs-xsT_ZjS9e5gaIJUIBSBA7CsDFe66e1NzbqcZA38bfUarFaNOrMFXzvO_Nr1TsErxbZRKZ0wrjRatlWDif_KhAdimUkkGoV9u4b2WSrz8fAWD50UfuAEAYAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKA_oLAggBgAwB4g0TCKfK8_-GyYIDFT7uuwgdDpQMhtAVAYAXAbIXHAoaEhRwdWItMjY5NzY3OTUxODUxNTg4NhjUxAw&sigh=4ZkaWD3EFD4&uach_m=[UACH]&cid=CAQSTgDICaaNsj-lqU_dkw-OBKxzNnyu93c5h-x2DHtApfhjGrBzuKm7PtWmMI5gWk81zFBtEAA-hSM6HmUqwK7L6pMXeHWHm9NcSY2UAKLDohgB&cbvp=2&vis=1
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 2165
0
125 B
Image
General
Full URL
https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kOz_GMc1rAL6AZ2DYgICAAAAJ1y8J-rGe64QvFJWZfeSwg9GeQZ_nNYAABIAAAoKQVFVRER3RUJEdw&wp=ZVZSvQAETgYIu-4-AAyUDke_up7gZcaqa2rWpQ&cbvp=2
Requested by
Host: fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
URL: https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:53 GMT
strict-transport-security
max-age=31536000; preload;
server-processing-duration-in-ticks
166332
server
Kestrel
content-length
0
Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
pagead2.googlesyndication.com/bg/ Frame 21DF
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
308363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14900
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Nov 2024 03:55:31 GMT
opensans-400-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 0662
16 KB
17 KB
Font
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-400.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:03 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f077-4164"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
opensans-700-latin.woff2
static.criteo.net/design/googlefont/opensans/ Frame 0662
16 KB
16 KB
Font
General
Full URL
https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
1baff9bf8d69c7de6ea553b53218dc5990e8a58d69200bab0c4763e70639fef4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://static.criteo.net/design/googlefont/opensans/opensans-700.css
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 08 Dec 2022 14:11:05 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"6391f079-3ff4"
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 10 Nov 2024 17:34:54 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame B0F5
42 B
64 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cgk6jvFJWZfa0LImLtweY8LGQAviD_51048fQlqMRl8aGmqk5EAEg4Y_1AWCV-viBlAegAePAq8cDyAEJqQJR6kGdDTGyPqgDAcgDywSqBIgCT9ClJGXIaiqHArGhes7k48ItT4rlR_sBYcJJPylkpPldsnsckGcCeKX8ShfO2Lk_o36tBcWbschx_mH7IGLUJsXOOV42eUuONIyhpKGodpgE4CKfad9dsmoo1A2Liw80bakBd5M-1spvr2llqXM6ETp779CzwbXx0ALKgf89Ljtt_aBCEgFjOADepPDAZZ-uRw5Nat5yvO1NbECue9zk1ozeCgNTp7RfQd3KWmHPw7KxMf0lB91wabNWh6NgSmUskvzepjhxEAl-6VhxBiifv1AAmoGYdeHeurHxciQc-VwX11oWq-lZDh0nIvCJzlOQMtxtrjjGFqFGz_zJeK5RF2RbK8rwsWoAwAT59pq-mwSIBbHU0upJoAYugAfR_4wmqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6sQmERRltX58RQoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQLaDBEKCxDQ79i76uLGqNoBEgIBA6oNAkRFyA0B2BMLoBSvycygq8Djil-gFL6Q4vW2w8-3rwGgFNPO_92vgomuzwGgFIfynL7XiNm79QGgFKjnxu-2jeWO5AGgFPmxi9WrqJyRuAHQFQH4FgGAFwE&sigh=XXFo1W6Lse0&cid=CAQSTgDICaaNeIGnqXalg_rpd55HcgoBAN_wqSEEKCW2dv9hA_i0O9E-Ru6p51hSohIaFoztEnTz71e5lko8KmmLkEU_S2o4AE5lz4W0LRxs9A&label=part2viewed
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700156092&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092286&bpp=1&bdt=2042&idt=395&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=404
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 45D8
0
19 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CoptivFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIACT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNcHSjx7MnhyKYueK_U423q3MtyLff7QHgmc4Uw0K7GKPExDKvj9f4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi00MTkxNjQ3MjQxNDg2ODgwGAA&sigh=k9qz68N-dTU&uach_m=[UACH]&cid=CAQSTgDICaaN-g9kY3RRMDIeOunKx9qU5p85vOiRoAsIZLyjDLabXTZaCExE85i4nfht2y2kfMKpEGHll-w1BM0qRi1lyOpU-xfcgOYv8dX40hgB&cbvp=2&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 17:34:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 45D8
0
126 B
Image
General
Full URL
https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kOz_GMz6RIoFmAKdg2ICAgAAAPF7Q1kyZAlcELxSVmWSYIxF2eQCrz3SAAASAAAKCkFRVUJBUUVCQVE&wp=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&cbvp=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=471139651&adf=1651394291&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700156092&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092289&bpp=1&bdt=2045&idt=615&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3178&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=6&fsb=1&dtd=618
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=31536000; preload;
server-processing-duration-in-ticks
159269
server
Kestrel
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame FC57
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvoHJPT_cq2IAzJ608P6WC_HfB6RUzD2mp01E3kNlK0aELNxxsXUv5BVL2bmFIBWc88iWtxlilrvI8fDEjzpywhqDbXAcK_4CQZ158qJCEOz2KPhnTHuIvLTACjDnDHITCXqCgL1l_HMAeo&sai=AMfl-YTcxZZ0E2M_bcPBafta_vJgiMUWR4LxxM5Pc6QROER4u89zZesmGAb4eSEsiWtx_HuUe6dN-wq5NK1Q1augoELog5SJQ0vRDf8AfFg7d9w4PNs05mgHorCjRPZyqpuWsMi1wN9nJxyyS6Tszko9AA&sig=Cg0ArKJSzLn2GS_rLQP8EAE&cid=CAQSTwDICaaNOO8luwuoztMnN9OB-7SlLxIY-4RHgUqLtVk2JHR48DLq03nPBqHjROZc-0J6wn0_C4zTMGIOkuLFPYhEUH1LwFjffMfuDwVCGZ0YAQ&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=522,1001,1001,1001,1001&tos=522,479,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700156093590&rpt=840&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all
csm.eu.criteo.net/ Frame 6C59
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=hi1OW527wuzIDsI8QUhwjVNBn13EPqd_bdTY555b6L7UNh4nYCL-salACv-STcBZb-sp9aCEurxrI17yg3uf_kEggjJWVIYYfeFng1FbiZNzUacYwpk6JpbjjxlUFm3munbVKCMGbIteHyHaFAPgA3aQq2hX8-J4oKcOEGePRtrc91pVUhTWupl531E5IXo75x_Yd8STNb3E7py9w-pnOfsmba48PAG8ipBb6x7zsyUmATXQCbaqdXzLyy4wqWT7eruMvg&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAMbjsK7ZzjAAtqfrUlzR43F7rxtg6iXw&u=%7CCTy0O5%2BqYjlQ2wtIqlAlivVT5gRo3lobA2XAVGlJAVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANRFAsM8HTJsVkL_Sy9dVjDRLoDSks9yzuDRNS7RzA7wwW1pVwkVYPPJz-LjHOOwnGjHfgg74Na7OhzCviqOJvY1lUsEsPB-0NMOw4aT7783gb-oql6TVJsJaB_gdlZh66RTfM5niuWT2YEqt03msn8I9IztYG1cpNTl0AOeNvXxvOy7AXvk7TH5CFfkSNFZAgDkCCql3kpxCmfO5QxGggDwy3qI6WdH8GNa8-0zNPxFY84zV1QisLH_HARVfucnwsHX9Rn9bZoeVuzbk7zL7yR6Fm48tKxO9Q3r1JIjR-SvpLiPmA8eS1NJ4W_e_LL3O_2X4SnKRQ-S-l1rVsCK1rYI_oCv-ktONztf13T9Rtab2mWk54c8C6PGEHgEbGgj3XCDlisUlsbq5D0mV0GMNrsFa6vUXRiBq5A0_c_hN_b3XDgJs2PYACIoB5NRBoNSdvK03iUZgJVbY3YOH3XMXQHQpEVxSPfkM555aemK6WgKBS3CoIAJN5EusJK5a7nEOr7YDWnzQDIZXZIcetAonjbc7Pjtp6vhjVrE5-vHQrtfLOacD_4IIzxQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC37dbvFJWZbvcMeO5tgf-1K2oDsme0rFc1Z2R93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCZd6XM5c0sj6oAwHIAwKqBIMCT9AzOmkjzMmxLogQE-B47OdykXJv-MlBGNJj-q2p2m5FFCOIJX7FCBPBVHtdYoWmrF1_d7j6eUteMzLsikvWBMOGR3m2CLV9I8u-qzapeLN1-OE01zdU7Vnhzr_3cFKezpdZngjt-cyvSJYGS7HWzA326vlNVkEVqKwr6fJBhIUongA8CfowI8Sg0gIg5jT2_BchcLoDNpTlybKONfvKK2mw7Up-Ictmczelk-4MYSdZ6k76hG7rCvbcKUx6iO1Yj_I_R1ShgruO-Tgc6b9zcutlZB7PSeOztxi22GHs1Mw6z2jt887CSHcGV4Rfk3NXoVpOrZIxBkL2iFdiYJgtprrjC4AG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3RXEjh7uWw_AfbDQZKSvLrxXRoNw%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame B0F5
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssl3cWdX2UK6EJSBqovoyvBcqUP5dct8ofsXo1qn1rIDnCSkLwCDFsx-asp-zHGvlvbQOC3fzHQ43WuFmmIAdsdCB_TeI5jFSTtLLoO2vUQKQt4Y1uaSoes2j8UjM7EvnoI4Kb1ApArfCql&sai=AMfl-YT7d3cTVXr3JN9j9xokBqzrYoLs9MsHZFfan0kuNByac-Rdl7IzNnS-ZBBdEfDMb-Nxy6uAoePMlJxBaVQdPmme9_1IO25JLm6iwl1mV7nIhHsu2HjqIdBkM4WhPhTB_H1tXZH-x_iOYL8HZ6Ry&sig=Cg0ArKJSzFTA_-3jZae3EAE&cid=CAQSTgDICaaNeIGnqXalg_rpd55HcgoBAN_wqSEEKCW2dv9hA_i0O9E-Ru6p51hSohIaFoztEnTz71e5lko8KmmLkEU_S2o4AE5lz4W0LRxs9BgB&id=lidar2&mcvt=1001&p=0,0,280,1200&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1035218292&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700156092691&rpt=2051&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B0F5
0
46 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=8~lp1h1i4j&c=6112405334513&slotId=3056202667256.5&qqid=CPaC4f-GyYIDFYnF7QodGHgMIg&dm=28000&event_name=first_play&asset_bytes=377273&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=16&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=9&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.lp1h1ij1~ff.lp1h1iox~vfl.lp1h1ioz
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/550964233668833c70e8a0f193337640.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:807::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
prebid
id5-sync.com/api/config/
135 B
418 B
XHR
General
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
9122d35ca0b1532a344f0801f9004b862de73fe3ec70d6eb04a345cc02e8e2a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/
43 B
320 B
XHR
General
Full URL
https://id.crwdcntrl.net/id?c=17248
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.27.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-27-149.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
x-server
10.45.5.134
access-control-allow-credentials
true
content-length
43
expires
0
envelope
api.rlcdn.com/api/identity/
0
257 B
XHR
General
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=88
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
rid
match.adsrvr.org/track/
63 B
426 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8&fmt=json
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
c72923d3540f9c6180ffa2c093b843442c8537d20834dd60a95d4e9e997a33d2

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Sat, 16 Dec 2023 17:34:56 GMT
beacon
ap.lijit.com/ Frame EE86
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13406715
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Thu, 16 Nov 2023 17:34:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap5ams1
pd
u.openx.net/w/1.0/ Frame F8A6
0
81 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 16 Nov 2023 17:34:55 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
v1
match.sharethrough.com/universal/ Frame EB10
Redirect Chain
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
0
0
Document
General
Full URL
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.212.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT

Redirect headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717ccf6b181d94-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:55 GMT
location
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
server
cloudflare
vary
Origin
async_usersync.html
acdn.adnxs.com/dmp/ Frame F595
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
32241
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 16 Nov 2023 17:34:56 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 08 Nov 2023 05:49:52 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1174, 142909
X-Served-By
cache-lga13626-LGA, cache-cph2320029-CPH
X-Timer
S1700156096.089339,VS0,VE0
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/loopme/ Frame C4AE
Redirect Chain
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%7Bviewer_token%7D
  • https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=5622d513-ce14-4dca-b66a-4ef733d2e09b
0
0
Document
General
Full URL
https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=5622d513-ce14-4dca-b66a-4ef733d2e09b
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cache-control
private, max-age=1296000
cf-cache-status
DYNAMIC
cf-ray
82717cd0dcf31d94-FRA
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin

Redirect headers

content-length
0
date
Thu, 16 Nov 2023 17:34:56 GMT
location
https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=5622d513-ce14-4dca-b66a-4ef733d2e09b
server
_
pixel
ap.lijit.com/ Frame 6413
0
0
Document
General
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%24UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Thu, 16 Nov 2023 17:34:55 GMT
X-Sovrn-Pod
ad_ap5ams1
usermatch
ssum-sec.casalemedia.com/ Frame 9F4D
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
2 KB
927 B
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4660d82db77d874531415562f4e48bc8bbfc283f489af0fcce4d35847f13c5dd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717cd02e313630-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zgK%2F6fapdW3UtevrMHnLHLw3qAEML35OEYpLXiRL83vwS3wBbz43YB4EzsLGmg8rbMiruuudeutNc1tefEjkyslwhXf7TBvH%2FmC1hpybGR3%2BwDAHp5P85n4v7LugvRlwSKrsDaGysqGdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717ccfbdc73630-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:55 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psiOfi2q4rPhVL45mb%2BFiEEDzasLvLZAboxyUROut5tsXF8KhBNxwLhIx5pw%2F2VgqY9P5B7KVjP%2BX4IYDxSCCtFEL2tp%2BstsKSCic1Y1kIvgdJxJN5LMyxe9yi50%2F7BR7PrIDpVsb%2Fk9CA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame AB15
281 B
555 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 17:34:56 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
cm
u.openx.net/w/1.0/ Frame 1364
43 B
124 B
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-length
56
content-type
text/html
date
Thu, 16 Nov 2023 17:34:55 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
pd
u.openx.net/w/1.0/ Frame AC63
0
81 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 16 Nov 2023 17:34:55 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame E92C
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
32242
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 16 Nov 2023 17:34:56 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 08 Nov 2023 05:49:52 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1174, 143722
X-Served-By
cache-lga13626-LGA, cache-cph2320027-CPH
X-Timer
S1700156096.089098,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CA9C
16 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-228-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143078
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Sat, 18 Nov 2023 09:19:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 627B
3 KB
1 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
832
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
82717cd049122c62-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Thu, 16 Nov 2023 21:34:56 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
usermatch
ssum-sec.casalemedia.com/ Frame 0857
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3512d162920464f92e884488c55e18bde9901fae8a4db18eec436c03e6461cb3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717cd02e343630-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDub0SrsxgKQiEldNsc1SEc4WNGKZ4zSofvPXME5aDSdEZS0T2urdwJPzGXvkVS1Da0hO8VM0vsjdPg27z92As%2FJbhK0RKmNQsfXj98JD%2F5pzw3pfzhwV27OvCNgvU9UFd1Y3KSI28JaAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717ccfbdca3630-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:55 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w8sn%2FTTTrh3osKCcgmdkX0lt4dNndt%2FLGnsVGOkVvtLD6gwpKEWXS%2FDryDyACUgEmUqTNjllHtB1CiVb4AfojjIQPXnNb3HXD3EdMIZZUBfcpcl7IuQ4QiRB9gmtmOslQef93rDji1hZ2w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 1051
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP010 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Nov 2023 17:34:55 GMT
server
33XP010
x-33x-status
2000208
ixmatch.html
js-sec.indexww.com/um/ Frame A6C2
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
832
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
82717cd0490f2c62-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Thu, 16 Nov 2023 21:34:56 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 1F9F
16 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DPM_UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-228-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143078
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Sat, 18 Nov 2023 09:19:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
/
sync.aralego.com/idSync/ Frame 807A
35 B
413 B
Document
General
Full URL
https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DUCFUID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.203.13 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
35
Content-Type
image/gif
Date
Thu, 16 Nov 2023 17:34:56 GMT
pixel
ap.lijit.com/ Frame CDED
0
0
Document
General
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%24UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Thu, 16 Nov 2023 17:34:55 GMT
X-Sovrn-Pod
ad_ap5ams1
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/loopme/ Frame 6EE0
Redirect Chain
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D%7Bviewer_token%7D
  • https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=dc8afd6f-8f60-4baa-a118-cf16cb2b6c87
0
0
Document
General
Full URL
https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=dc8afd6f-8f60-4baa-a118-cf16cb2b6c87
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cache-control
private, max-age=1296000
cf-cache-status
DYNAMIC
cf-ray
82717cd0dcf01d94-FRA
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin

Redirect headers

content-length
0
date
Thu, 16 Nov 2023 17:34:56 GMT
location
https://ex.ingage.tech/v1/sync/loopme/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=dc8afd6f-8f60-4baa-a118-cf16cb2b6c87
server
_
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6858
16 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-228-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143078
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Sat, 18 Nov 2023 09:19:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
isyn
prebid.a-mo.net/ Frame 0C20
0
0
Document
General
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Thu, 16 Nov 2023 17:34:55 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
0
v1
match.sharethrough.com/universal/ Frame A0EA
Redirect Chain
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
0
0
Document
General
Full URL
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.212.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT

Redirect headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717ccfbb6f1d94-FRA
content-length
0
date
Thu, 16 Nov 2023 17:34:56 GMT
location
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
server
cloudflare
vary
Origin
beacon
ap.lijit.com/ Frame BDD5
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13406715
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Thu, 16 Nov 2023 17:34:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap5ams1
isyn
prebid.a-mo.net/ Frame 5E9E
0
0
Document
General
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Thu, 16 Nov 2023 17:34:55 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
1
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/amx/ Frame FE41
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
  • https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
25 B
81 B
Document
General
Full URL
https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c85f03ee7ffd8a409d628d4b368b63454b8f70fd43c2747f88f41df5dbc23f3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717cd02c021d94-FRA
content-length
25
content-type
application/json; charset=utf-8
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Thu, 16 Nov 2023 17:34:55 GMT
location
https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
server
envoy
x-envoy-upstream-service-time
1
cm
u.openx.net/w/1.0/ Frame C9D6
43 B
112 B
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-length
56
content-type
text/html
date
Thu, 16 Nov 2023 17:34:55 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
rubicon
ex.ingage.tech/v1/syncPage/ Frame 8433
951 B
513 B
Document
General
Full URL
https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717ccfbb711d94-FRA
content-encoding
gzip
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame BA3F
16 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DPM_UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.228.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-228-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143078
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
Sat, 18 Nov 2023 09:19:34 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
rubicon
ex.ingage.tech/v1/syncPage/ Frame 3C2E
951 B
646 B
Document
General
Full URL
https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717ccfbb721d94-FRA
content-encoding
gzip
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin
/
sync.aralego.com/idSync/ Frame 3364
35 B
413 B
Document
General
Full URL
https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3DUCFUID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.203.13 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
35
Content-Type
image/gif
Date
Thu, 16 Nov 2023 17:34:56 GMT
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/amx/ Frame C1E2
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D
  • https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
25 B
78 B
Document
General
Full URL
https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c85f03ee7ffd8a409d628d4b368b63454b8f70fd43c2747f88f41df5dbc23f3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82717cd02c051d94-FRA
content-length
25
content-type
application/json; charset=utf-8
date
Thu, 16 Nov 2023 17:34:56 GMT
server
cloudflare
vary
Origin

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Thu, 16 Nov 2023 17:34:55 GMT
location
https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
server
envoy
x-envoy-upstream-service-time
1
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928320223993
49 B
444 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928320223993
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5140084928320223993
Date
Thu, 16 Nov 2023 17:34:56 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rtset
bh.contextweb.com/bh/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1a1bed38-7d99-43d5-bec5-751de3b970ab&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=MExWczZLLUdmTl82MUxQaS04bVA0QQ&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEEznKE370c-wVYMbhTabGbg&google_cver=1
49 B
486 B
Image
General
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEEznKE370c-wVYMbhTabGbg&google_cver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
content-type
image/gif;charset=iso-8859-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-w6bcp
expires
-1

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEEznKE370c-wVYMbhTabGbg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
334
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
7318ffc0e8fa1d771446
aax-eu.amazon-adsystem.com/x/
47 B
47 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/x/7318ffc0e8fa1d771446
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.226.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:56 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
MYFVS1N79GGHA1TFVP57
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
text/javascript;charset=UTF-8
Connection
keep-alive
Content-Length
47
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID
  • https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=2638324055642456530
49 B
445 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=2638324055642456530
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
an-x-request-uuid
503bea84-9e6f-4ae8-8446-40b90027db9a
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=2638324055642456530
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ID1=1a1bed38-7d99-43d5-bec5-751de3b970ab
d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDc3OTM0OTIvdC8y/kv/
0
0
Image
General
Full URL
https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDc3OTM0OTIvdC8y/kv/ID1=1a1bed38-7d99-43d5-bec5-751de3b970ab
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:678:cb4:bbbb::13 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sonobi
  • https://creativecdn.com/cm-notify?pi=sonobi&tc=1
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=2iUNnjyy0vwCxk3yArncJvSr1j_ghODgUnvNwQZmJxc&pi=sonobi&tc=1
49 B
444 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=2iUNnjyy0vwCxk3yArncJvSr1j_ghODgUnvNwQZmJxc&pi=sonobi&tc=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=2iUNnjyy0vwCxk3yArncJvSr1j_ghODgUnvNwQZmJxc&pi=sonobi&tc=1
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT, Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWExYmVkMzgtN2Q5OS00M2Q1LWJlYzUtNzUxZGUzYjk3MGFi
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEPYIbFqNAht_cGHKtbBDCAo&google_cver=1
49 B
444 B
Image
General
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEPYIbFqNAht_cGHKtbBDCAo&google_cver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEPYIbFqNAht_cGHKtbBDCAo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427&google_hm=ZDFlODcwMDEtYTdkZC00MGYxLTkyYjUtM2VjN2RmY2I4NDI3
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKm3uoBYLcPyVB7hmOZ3CJs&google_cver=1&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427
43 B
146 B
Image
General
Full URL
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKm3uoBYLcPyVB7hmOZ3CJs&google_cver=1&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
18.192.232.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-232-229.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEKm3uoBYLcPyVB7hmOZ3CJs&google_cver=1&ssp=sonobi&bsw_param=d1e87001-a7dd-40f1-92b5-3ec7dfcb8427
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
359
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=286
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=0INoe5JwVz9c6yAyaNKsLNly2hs
49 B
368 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=st&nuid=0INoe5JwVz9c6yAyaNKsLNly2hs
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-152
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=st&nuid=0INoe5JwVz9c6yAyaNKsLNly2hs
Date
Thu, 16 Nov 2023 17:34:56 GMT
Connection
keep-alive
Content-Length
99
Content-Type
text/html; charset=utf-8
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab
42 B
718 B
Image
General
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
52.50.62.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-62-11.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

dcs
dcs-prod-irl1-1-v054-0994aa89c.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
krAOIBoMTJA=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-irl1-2-v054-0a46f06a9.edge-irl1.demdex.com 0 ms
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
4/Qf1q8qQm0=
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=87880&dpuuid=1a1bed38-7d99-43d5-bec5-751de3b970ab
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
ecm3
aax-eu.amazon-adsystem.com/
0
0
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/ecm3?ex=sonobi.com&id=1a1bed38-7d99-43d5-bec5-751de3b970ab
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.226.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

generic
match.adsrvr.org/track/cmf/
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=e315a43aa9&gdpr=0&gdpr_consent=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
server
Kestrel
content-length
70
content-type
image/gif
v1
lb.eu-1-id5-sync.com/lb/
33 B
278 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
618b420941cec3efb5d20609e3189085c21ef91a691ea06e8b00310b370aef7a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame 6858
0
43 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=45693613&p=95054&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
content-length
0
crum
dsum-sec.casalemedia.com/ Frame 0857
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZVZSvyO0oWRlGMviBNFxBwAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEG16SCXBDHXkQ-ZII_oFJsQ&google_cver=1
43 B
735 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEG16SCXBDHXkQ-ZII_oFJsQ&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqCFHE%2BYSfZg2bjm68CgoFPU1I%2Byzk%2BXW0ui6ZeJem%2BAWsOl7ny7JZbwkLhzauccR2UUXbP8RXsmt8manoVuGEhlpedSQtkDUEwGoHzvdoVxbraI9nPh4Y8JwP1XPtivlM6Subi2rjS6tw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd17b2b4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEG16SCXBDHXkQ-ZII_oFJsQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 0857
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 17:34:56 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
YF34YTFXDXWBP2NQ9VJY
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 17:34:56 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
HD7BDERJA3HWDH2BAV8K
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
28292
i6.liadm.com/s/ Frame 0857
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=0c086f2bf6ad4d8eb13518a87f0655dd
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
43 B
548 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:2a62:5dc9:59ae:614 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:57 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Date
Thu, 16 Nov 2023 17:34:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
12
usermatchredir
ssum-sec.casalemedia.com/ Frame 0857
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAzGxqqAIC8Cy1A5AA2-27Q&google_cver=1
43 B
736 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAzGxqqAIC8Cy1A5AA2-27Q&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2k7XViEHoXP8GVvoScGv7hRh0a%2FYuOeHIXhRtpxT%2FpOxxeP99wJfOhfjjPRRxUKQRqUJD5CwQOGUyWVZWIviX3eEwHEQD24MNwHxxkWaQQnA881OsOr7jopMfzebX%2FGcloeDmZBwn0iPLg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd10ab04d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEAzGxqqAIC8Cy1A5AA2-27Q&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ium
ssum-sec.casalemedia.com/ Frame 0857
Redirect Chain
  • https://ids.ad.gt/api/v1/index?cb=https%3A%2F%2Fssum-sec.casalemedia.com%2Fium%3Fsourceid%3D15%26uid%3D
  • https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0ea96lcied6babhbe8g68li86lb8flccc8dabackkc2jl
0
468 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0ea96lcied6babhbe8g68li86lb8flccc8dabackkc2jl
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzmxH4SfJZX3ZMnVF1%2BzlVjvECfSdq7CmJuErL69bwmXSdBhvFL6ruiFaEpHHv85DXU3i3Dt58hA5BQ12BBKPNFfRy1iZNtky2LJqhIBi5v%2FaxprWlbHg8SCRWrb1LgBf0yTcMDSf8rtxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, no-cache, no-store
cf-ray
82717cd32d334d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Thu, 16 Nov 2023 17:34:56 GMT

Redirect headers

location
https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0ea96lcied6babhbe8g68li86lb8flccc8dabackkc2jl
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82717cd17a33915c-FRA
content-type
text/html; charset=utf-8
ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 0857
43 B
602 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:15ac:aaba:5b42:770a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
rum
dsum-sec.casalemedia.com/ Frame 0857
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2654784360710305845
43 B
739 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2654784360710305845
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5UCGNHhUHQBChcKFfpZyJqpQM0NW6fvfwyhlPiMLDNymqvYvXz9mle%2BL85nzmeVGqYnsHRcg2jO8%2BKy%2FXZ4MV7%2BLzfe7WhVCB762uowvXL1QHK0DqWFhvy1yG8XFrts4XP8SNZFSYM5Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd1bb854d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2654784360710305845
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
tp_out
d.adroll.com/cm/index/ Frame 0857
42 B
181 B
Image
General
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe05:681b:cca1:66f3:5e09 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.1
content-length
42
vary
Cookie
content-type
image/gif
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/ix/ Frame 0857
0
53 B
Image
General
Full URL
https://ex.ingage.tech/v1/sync/ix/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
private, max-age=604800
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82717cd0bcbc1d94-FRA
vary
Origin
usync.js
eus.rubiconproject.com/ Frame AB15
46 KB
13 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:56 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2023 12:56:28 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69742
Connection
keep-alive
Content-Length
13230
Expires
Fri, 17 Nov 2023 12:57:18 GMT
28292
i6.liadm.com/s/ Frame 9F4D
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=175131265f43448698e8366e3b96903b
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
43 B
548 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:2a62:5dc9:59ae:614 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:57 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Date
Thu, 16 Nov 2023 17:34:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
casale
match.adsrvr.org/track/cmf/ Frame 9F4D
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
server
Kestrel
content-length
70
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 9F4D
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
43 B
736 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yW4B4ZTlW8%2F1ChH33WnWkcMLeR%2FLptr7zjJGf7YGM5Sqe5yhuvSrNIk19Oqo06mbrh9EpLWwtZP0i3v1HnOFMa6p9u%2BF5JlG8VpPD4YJ02c2et9m%2F6PP0%2FSeFMBVnQ5SaZ1iQgelMIEnLg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd14af94d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
an-x-request-uuid
5dfc14b4-d951-43c3-9208-d2fcadfb44d6
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
user-registering
ads.stickyadstv.com/ Frame 9F4D
43 B
654 B
Image
General
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:4::26 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 17:34:56 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1700156096338081-588
ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 9F4D
43 B
604 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:15ac:aaba:5b42:770a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
rum
dsum-sec.casalemedia.com/ Frame 9F4D
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=OLgzWzu_ZA4j7z8JaL4rXD3rYl8jtDIPOb05duUD
43 B
736 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=OLgzWzu_ZA4j7z8JaL4rXD3rYl8jtDIPOb05duUD
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ka%2FwoX1%2Bc0Wa2fu3H%2Fu88bSmxPIDJX2cz3bM%2F89PLyT6E76xOTh3l7m6zRfKtMIWh9r3jjOzwjpuhbA%2B9f4IroNg7JHQ3l7hubxq11IQjUMBt1LBW9QtxcxTrmkGcGv9V0C0kely1PRscQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd15b0c4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=OLgzWzu_ZA4j7z8JaL4rXD3rYl8jtDIPOb05duUD
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
ix
ad4m.at/ad/sim/ Frame 9F4D
0
0
Image
General
Full URL
https://ad4m.at/ad/sim/ix
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

crum
dsum-sec.casalemedia.com/ Frame 9F4D
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588527496609376
43 B
735 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588527496609376
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KiuZ5ow3Fi25CRumqz1X3GKEWzdqKDe22bw52QP9Rug8J5CU3S2QswMMLkIlTBSFRaMCMOepKyo1MzB2VA%2FvA8DiDKGdrpH8H%2BpJ73bG%2BDvUgGq674ta6s0qVRT4FkXXIQXlcVr35Z37bw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd18b3d4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5144588527496609376
Date
Thu, 16 Nov 2023 17:34:56 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
b61d819e-30fb-4819-aee9-f4dc5b73b772
ex.ingage.tech/v1/sync/ix/ Frame 9F4D
0
35 B
Image
General
Full URL
https://ex.ingage.tech/v1/sync/ix/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fb61d819e-30fb-4819-aee9-f4dc5b73b772%3Fuid%3D&s=192379&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:43d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
private, max-age=604800
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82717cd0dce11d94-FRA
vary
Origin
usync.html
eus.rubiconproject.com/ Frame 3C2E
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
281 B
555 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by
Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 17:34:56 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 16 Nov 2023 17:34:56 GMT
location
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server
AkamaiGHost
369.json
id5-sync.com/g/v2/
251 B
535 B
XHR
General
Full URL
https://id5-sync.com/g/v2/369.json
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
4b2e344b71ebfe679e74b8026bb3e078ac994075f0ab80138a7d9feaf0e9b79f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
usermatch
ssum-sec.casalemedia.com/ Frame 9185
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0401c42c141b6b7447d7b52b48447ef7640137da38f995490bea4958af7bf5f

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717cd0faa04d40-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bu7tV16P7XoaAl3%2B9lWwpKBkxijwlfYRC3VxJ6shCSthZx3IqYnmL2%2FYpCibdPAE0pbdyUUM6aCvjqFMOCSJcUYTBeMAON%2Bqxuax91AKFF1bH%2BvnZkJI6mOnI%2FTTODUm6EAHnAiUvRF%2FIg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usermatch
ssum-sec.casalemedia.com/ Frame ADA1
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b192c86e28dba2639d89459895bd03c41ab1a56e5e37e315eeeff91c149ef0d

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82717cd0faaa4d40-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 17:34:56 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duNpEARYMv2DMcyZ7%2BTaC6pq33DuxhD6tj%2F2sNyEErxV0UU%2BEsoGM8lR3REZMrPDbRUOb8tdF4JsqLZnKLFy8L12K5HmkEF7dNSB8Z927aiVH4tGUWreF5OiEx%2FGEYqVXirp8rm%2FFJxVDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
async_usersync
ib.adnxs.com/ Frame F595
0
597 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
an-x-request-uuid
a26c3034-6dec-40ac-9656-8fe2034f24dd
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame E92C
0
597 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
an-x-request-uuid
4490bf3d-4a08-420b-8819-fc697820cedb
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
khaos.json
token.rubiconproject.com/ Frame AB15
7 B
380 B
XHR
General
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
aca6c52e983509e86b136a052e19be23
Expires
0
usync.html
eus.rubiconproject.com/ Frame 8433
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
281 B
555 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by
Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ex.ingage.tech/v1/syncPage/rubicon?userId=b61d819e-30fb-4819-aee9-f4dc5b73b772&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 17:34:56 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 16 Nov 2023 17:34:56 GMT
location
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server
AkamaiGHost
28292
i6.liadm.com/s/ Frame 9185
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=598ecd43fea2404db733be5c69124556
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
43 B
548 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:2a62:5dc9:59ae:614 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:57 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Date
Thu, 16 Nov 2023 17:34:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
2
ie
match.prod.bidr.io/cookie-sync/ Frame 9185
43 B
433 B
Image
General
Full URL
https://match.prod.bidr.io/cookie-sync/ie
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.4.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-4-179.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
ups.analytics.yahoo.com/ups/55940/ Frame 9185
0
39 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum.casalemedia.com/ Frame 9185
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700242496
43 B
329 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700242496
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6k170Pcjg7ECFntxR9Yy90Rt%2BOID9EWAzaApmn0hOuaJErN0lWOcSWY3QXtHu%2Fb5WWwY560VR9RtQkIGBR5%2BFlLqbGg%2B0gZEkizH3oWRKrboEsVBy1H%2BrW5gKBIbstvkGsViRqhx"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd34a2d3630-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700242496
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
sync
x.bidswitch.net/ Frame 9185
43 B
146 B
Image
General
Full URL
https://x.bidswitch.net/sync?ssp=index
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.232.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-232-229.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 9185
43 B
603 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:15ac:aaba:5b42:770a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
crum
dsum-sec.casalemedia.com/ Frame 9185
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATI...
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
43 B
741 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpTAeTNfaAAGy%2FApk%2F%2F0Udz85SFdqE7nuKyZTU%2Fpa0LUHCvmS1f3YGbND6l2sEyNyhaaJXt3yDFnC38K6UwLXQDTkvKR8Cy0dfVuD4r3UTzJZHVSrzEahnvne%2Fg%2F1%2B2I5GqSu6oUf2Os1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd27c7a4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
date
Thu, 16 Nov 2023 17:34:56 GMT
access-control-allow-credentials
true
x-powered-by
Express
keep-alive
timeout=5
vary
Origin
content-length
0
indexmatch
match.adsby.bidtheatre.com/ Frame 9185
43 B
446 B
Image
General
Full URL
https://match.adsby.bidtheatre.com/indexmatch?gpdr=&gdpr_consent=&us_privacy=&user_id=ZVZSvyO0oWRlGMviBNFxBwAA%262192
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
134.122.57.34 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Date
Thu, 16 Nov 2023 17:34:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
43
Content-Type
image/gif
htw-pixel.gif
cdn.indexww.com/ht/ Frame 9185
43 B
103 B
Image
General
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?ZVZSvyO0oWRlGMviBNFxBwAA%262192
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
49234
etag
"902a3d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82717cd17a822c62-FRA
content-length
43
expires
Fri, 17 Nov 2023 17:34:56 GMT
publishertag.prebid.135.js
static.criteo.net/js/ld/
89 KB
29 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.135.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 24 Feb 2023 07:57:32 GMT
server
nginx
etag
W/"63f86dec-16386"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 17:34:56 GMT
28292
i6.liadm.com/s/ Frame ADA1
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVZSvyO0oWRlGMviBNFxBwAA%262192&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=714a835545ff4e73aa05d0ec9e51aa0a
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
43 B
548 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:2a62:5dc9:59ae:614 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:57 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-WkuJkB0-hlZJHfJvBL9-CRr3G9O176O1SV5vaQ
Date
Thu, 16 Nov 2023 17:34:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
crum
dsum-sec.casalemedia.com/ Frame ADA1
Redirect Chain
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1715880896&external_user_id=05e7a862-27ec-47a8-a6fc-c80d537657b0
43 B
734 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1715880896&external_user_id=05e7a862-27ec-47a8-a6fc-c80d537657b0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62AKRVxeT1mEEmhI65GLiJkqYJyRiAb6iuJGKG80jvL77Dx0Q7NWwEaNRyzR4cInNiOOsUuDaZtITkcuNwj%2F2hb0iA3916zrNR%2BrDcM13SZM1tTPj3A19GzBPvNVOuitjjxaF%2FCNsoAVjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd2ecf74d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Thu, 16 Nov 2023 17:34:56 GMT
via
1.1 google
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*.casalemedia.com
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1715880896&external_user_id=05e7a862-27ec-47a8-a6fc-c80d537657b0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
157
pixelSync
pixel-sync.sitescout.com/dmp/ Frame ADA1
0
187 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software
A /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
cache-control
max-age=0,no-cache,no-store
server
A
expires
Tue, 11 Oct 1977 12:34:56 GMT
crum
dsum-sec.casalemedia.com/ Frame ADA1
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=29
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=2056997978948887281&expiration=1701365696
43 B
736 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=2056997978948887281&expiration=1701365696
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6p4O4%2BWx07j2rPcp2ADf9X4MBFzywHIAjZC7l1ENaCVGqUkX1iyMWyT9LP29G5pQQquYziB2hlA5WTUt5nHRqI%2FquWjc80wKXQgTHVcMYMxu7h6NI%2FbIFiEAXK0M5FWadPVcnOdTKdVpw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd35d6d4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=2056997978948887281&expiration=1701365696
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
tp_out
d.adroll.com/cm/index/ Frame ADA1
42 B
182 B
Image
General
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe05:681b:cca1:66f3:5e09 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.1
content-length
42
vary
Cookie
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame ADA1
Redirect Chain
  • https://cm.ctnsnet.com/int/cm?exc=19
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=805a11e62ea049a3acb762db688175d2&expiration=1702748096
43 B
745 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=805a11e62ea049a3acb762db688175d2&expiration=1702748096
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7RE%2F6unMJ3SLwyG4HnbKk%2FLfjQW7UsPlsrmIr%2FbvvQfbh5cLba%2BO1nCpjgxMf%2Fg4bJZ%2Bk8HzNGczardrQQZCe6swZvz%2FEkWaq%2FvQADhckfk%2BgbhL%2FOackNAzcwb7DmfWYjvpVdULiMdow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd23c104d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:55 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CUR OUR NOR"
status
302
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=805a11e62ea049a3acb762db688175d2&expiration=1702748096
content-type
text/html;charset=UTF-8
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame ADA1
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATI...
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
43 B
734 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2BP23xC%2Fdo0HenfFe4eV8e5PyGxhktikrzuFOpoZAESVnR6RIzIsCvYtYfwGy9vKfSU6Edb3wrsDtfIPYxypr4nwtBafexXfxchad7aDH2Swahj35yD2sI7jBa%2BeSXITNRVDWzaFFmyuXw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd27c7b4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
date
Thu, 16 Nov 2023 17:34:56 GMT
access-control-allow-credentials
true
x-powered-by
Express
keep-alive
timeout=5
vary
Origin
content-length
0
crum
dsum-sec.casalemedia.com/ Frame ADA1
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
43 B
747 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XpR%2BFmkBMhGMWh52q%2BHpK3qWvDvVd%2BMPqFZmpbP7FY3%2BHrFRxv3rTPIw3sJSYF7NgRjANcdIFwtcM%2B%2BPwzeC2CN5f2qINvC%2FtUvJkKDsK3vaA%2BKU%2BtgdeUOF45DubSgOI0U%2BhGuWGhSGCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82717cd1ab6f4d40-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
an-x-request-uuid
99515a53-de19-4db8-8007-39b27a5d98f1
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2638324055642456530
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
htw-pixel.gif
cdn.indexww.com/ht/ Frame ADA1
43 B
230 B
Image
General
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?ZVZSvyO0oWRlGMviBNFxBwAA%262192
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
49234
etag
"902a3d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82717cd17a7f2c62-FRA
content-length
43
expires
Fri, 17 Nov 2023 17:34:56 GMT
publishertag.prebid.js
static.criteo.net/js/ld/
96 KB
31 KB
XHR
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:56 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-1811e"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 17:34:56 GMT
usync.js
eus.rubiconproject.com/ Frame 8433
46 KB
13 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:56 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2023 12:56:28 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69742
Connection
keep-alive
Content-Length
13230
Expires
Fri, 17 Nov 2023 12:57:18 GMT
usync.js
eus.rubiconproject.com/ Frame 3C2E
46 KB
13 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.65.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-65-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 17:34:56 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2023 12:56:28 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69742
Connection
keep-alive
Content-Length
13230
Expires
Fri, 17 Nov 2023 12:57:18 GMT
khaos.json
token.rubiconproject.com/ Frame 8433
7 B
380 B
XHR
General
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
aca6c52e983509e86b136a052e19be23
Expires
0
khaos.json
token.rubiconproject.com/ Frame 3C2E
7 B
380 B
XHR
General
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
aca6c52e983509e86b136a052e19be23
Expires
0
all
csm.eu.criteo.net/ Frame 0662
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=iVR46J27wuzIDsI8s35kxcrrAPxQ-2j4c0BOdp_JkITakxo45YMdkkpVH9I8RnmsmANFuX6i6ZFde9dyCkqnuKvC7ahnB38G1xQo0rDxxMcuYGl6l7luEk03ntrHwiZNM5s2rSpmA5Fp3jfnPBb_zpl46hkxdneNWVMStqsV2IISWGFoRE855img_jdCtUVaGJs2gXNp80V0E3Lm7CU_oCG-rjan6IVJgvcdS6iF-MJoTPyZHzhwEh4dmiyTyoYvFDiNNQ&sds=2&rev=89278&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZVZSvAAOZqoK7cgaAA7S2zCGKCXunLPfF8_YJQ&u=%7C6NZpOCorWY2c81dKW4FiyrurOxxgJiEk5B8msFqrSVg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANVS-lbIgtXXXjpThKacI7W3Sr5eNSGozCHtArFIj_ZGLGAEl4G-yJqOaZ-DVK0PXEVIEwr8YgBa_ur5N_nKD1ZpOstIl6_TL0AvN-XZq-Zj9qjelWOeof9wPcUyI1v34YjhKm6-fSzDsK8CwscQQk1DtxHiBPuwC0Iw8Z4aYXpdyVt59qnaBtGZrOVv7o5bzS2LsY85qk8wiwhhfX0Qg3ENeR8X6V9BXht5ZlvPHJoNBCzFCpxdVCxWT1xZHSlWgyo5ZLhbJUxUm-IoJpHD-Wxv2KGE-HWmGevMxulFy9r_89boRM0l-S2m8up7dgl5Xq85wUX239Rw9yES_D0XjdpAFihiJFjepa4y2iINBTn0Cn7BJBlwor78oyiy2o5tL9Ps19w2rOtUDB1lcp4ywXXrqDn2Zrc_yWD5j9luJNaJCkgsV6QQjRLQZC8sUalHEi_n6qJwCUE01WfjVm57J_yBaq6Gp1wvefxTC8CS4Uo5y65oR9u_KRbNa5I6ndDtGDN_AlWbywlSBNKcl0QJ6X-5rXQtHRRGd-u_FUuDVOde5vYeIQIW4pWk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJVCBvFJWZarNOZqQtwfbpbvwBsme0rFczaOW93DAjbcBEAEgAGCV-viBlAeCARdjYS1wdWItNDE5MTY0NzI0MTQ4Njg4MMgBCakCv9hpvxU0sj6oAwHIAwKqBIMCT9C8sBwNlcU2k7XWnxRSTQiklBbLmHicD8MrW0_A9szirLk8PiVe67tAk0w7c_GYUt52_wQgmPtv7SIb3vGkBPkTiOL7sjw23auW3RoEQMwioh1aQh4HBwR9Pll4CtBTcuokoB2eGxz9dzWFfO26WwtDlbvxF8OpZ303yZunyFNXauGADYQ2382Syf1z84NIjfZ0KylrY5nwp1lo2dZSpFEp7EK9bxiJuobAoAgUt7NKEMjUzFUH-KWLcxvZDvaznWuZ2-SIA0K9_LP_VEcOaXLJHNU5QnDsbNdFSB3psuuiFC1ODC-0-5MTPPuBy_T-BosoKXGS2Q6UEFTb4Gzdlr-I0IAG-IXlwquL4LGCAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0WNVgQevpLZ4wGiHpIXLgI0mEOSg%26client%3Dca-pub-4191647241486880%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 17:34:55 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
async_usersync
ib.adnxs.com/ Frame F595
0
598 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:57 GMT
an-x-request-uuid
db63f074-a3b7-4e38-8fb6-f52c1e456676
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame E92C
0
597 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:57 GMT
an-x-request-uuid
f0bcd433-3766-47f3-a7b1-51a9a330b5c4
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.27; 217.114.218.27; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f2c8ef8c79e7e9ccdb8a5d7d604ff947919f286db30107a83bfa930c40ee9e45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12176
x-xss-protection
0
syncframe
gum.criteo.com/ Frame 4470
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wwwproxy.uscho.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:57 GMT
server
Kestrel
server-processing-duration-in-ticks
808377
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 4470
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=uscho.com&sn=ChromeSyncframe&so=3&topUrl=wwwproxy.uscho.com&bundle=4v_ER19adUUzV1loUENtdjBKeG10TW9rUjVOT0VpS1dWRnlrVFJVbSUyRjJDSWpYJTJCc3Y...
  • https://mug.criteo.com/sid?cpp=vtdLk3wwTURuMzJXTnhBckpWQTAwSk0yS3RNcW1IT002RHRORjJ3YnN3dG4yM3VCdkR0L1p5eklvcUZTNk44Y3o2R04wMDRVRW9ZcFhvKzF5M241SW5Va0ZiSWRNVytVOC8vWXdxUWxHaVRlRHpMQWpHVWNVbldIUGJhVE...
438 B
659 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=vtdLk3wwTURuMzJXTnhBckpWQTAwSk0yS3RNcW1IT002RHRORjJ3YnN3dG4yM3VCdkR0L1p5eklvcUZTNk44Y3o2R04wMDRVRW9ZcFhvKzF5M241SW5Va0ZiSWRNVytVOC8vWXdxUWxHaVRlRHpMQWpHVWNVbldIUGJhVEtqSW5mVjA2YmtPS3FGYTlPdFFWQ0lDQ1pmbWllK2VWM2lpSE5oY0k3djVWbmZ2QzlDSDgxcndMa0ZzV0gvalBIR2gzVi9tZ2wwMXY1Vk03cUR4ek9JKzFXRCtvK3VkdVVtbWIvNkVYWGZPdTc4NElvRy9SbUtvWVhIWURNNHZKREhKWVg5aXZtZEh0a3RNNGRzZzFUN1h4dWM0Y203ZStOVURqMUk2OElTYmVLMEI2Wmgwbz18&cppv=2
Protocol
H2
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
750b243997c1370203a7b2a2a20ae5d20c039ea5514d9c38f327a5defb30c2fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:57 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
860971
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:56 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=vtdLk3wwTURuMzJXTnhBckpWQTAwSk0yS3RNcW1IT002RHRORjJ3YnN3dG4yM3VCdkR0L1p5eklvcUZTNk44Y3o2R04wMDRVRW9ZcFhvKzF5M241SW5Va0ZiSWRNVytVOC8vWXdxUWxHaVRlRHpMQWpHVWNVbldIUGJhVEtqSW5mVjA2YmtPS3FGYTlPdFFWQ0lDQ1pmbWllK2VWM2lpSE5oY0k3djVWbmZ2QzlDSDgxcndMa0ZzV0gvalBIR2gzVi9tZ2wwMXY1Vk03cUR4ek9JKzFXRCtvK3VkdVVtbWIvNkVYWGZPdTc4NElvRy9SbUtvWVhIWURNNHZKREhKWVg5aXZtZEh0a3RNNGRzZzFUN1h4dWM0Y203ZStOVURqMUk2OElTYmVLMEI2Wmgwbz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
284395
content-length
0
expires
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Nov 2023 17:34:57 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 928A
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
13923
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 13:42:54 GMT
expires
Fri, 15 Nov 2024 13:42:54 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 21CB
829 B
560 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f2adc01ef0e432bea964e0a8da7a274ddb163f063083305bbd19195be4d4453a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OCd5Hzflej5M97v6LjESfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-OCd5Hzflej5M97v6LjESfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:34:57 GMT
expires
Thu, 16 Nov 2023 17:34:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 928A
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
10211
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 14:44:46 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 21CB
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=4020746149329059&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

fafdbd90-5bf0-4794-b385-facb449599dc.js
product.instiengage.com/ceu-code/ Frame E201
370 KB
76 KB
Script
General
Full URL
https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2611:3e00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2fb654676deeb5fb4fcf63837bb61856610ee36b07cd5c67b843a38af9fdb948

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
RgoK6s3IHxcELRW_0KrqPleBUChYLUKB
content-encoding
br
via
1.1 b27f21f2e46f0db2d89ec3930dfac728.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 17:34:59 GMT
last-modified
Thu, 21 Sep 2023 06:14:05 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P2
x-amz-server-side-encryption
AES256
etag
W/"7e8e97b261f99657942d007585e57dc1"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=3600,public
x-amz-cf-id
nuzQueVRQjCJX57g_AYDI2HmETKPiAtD6zR-J9sibuBaohCZb5YNbQ==
generate_204
tpc.googlesyndication.com/ Frame 928A
0
12 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?5p9b0Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:34:57 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
region1.analytics.google.com/g/
0
55 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-K9F26MDDX7&gtm=45je3b81v9105504737&_p=1700156091959&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1673431664.1700156093&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEII&sid=1700156092&sct=1&seg=0&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&_s=2&tfd=8873
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=4020746149329059&bg=!AAOlA0zNAAZxrfrxUa07ADQBe5WfOPKNu38k5AD2MM_HG1zQxLp-hraOzFvNw46RA0uuI4s6gp7lpytlkEz0fP5WbcnbAgAAAFhSAAAAAmgBBwoATmL4PcyR3G7xTGaruKbLRGtWnFET60iKhqkL3aNSX2Pqg_Rn3vrzKw8mLwJ-c7kEm-gZaAZzyYNomD7zlp9UTGJAebbihIE2DqHgNeyq9ZkCv6jmFr8p4aGDYfotBspR7B_gLMfmjh9839oQUp6lwbRPS-Pn4lhcFYGO9UMD1QHE1wKKnu5FT67Mqrl5hxN9esBwobiNrXq5quHJMrPrSq2-obGZGYm2_vgO22-oIXFWG3SmQpBaCwHBbgzkNVdlwRD7Dp0nXpQfL_rUAJOD3_eTUQsav9pNX-Pv0W9izouiWl3UevQnWAb3_Z2fBbkvFVtt-DD2a7q7rRl_tKnO2F08C0BeKqOl2W2PCcAzz3Az63T9QLKnrA9KsushuJWx8SFDl576x1pk0Ay5NZuF0SWl-nhthyAsekzUzhD7sOrtssZRrbvfh5Z1Pm2eFW0wCXKqsNpdH33xG3xCW5WWJSZvEFbHf5_iRksXv5Qh5y-dPxGfGj0X_WlCVRLVMR93_ioRRzohcVu--Vx7B8-wX27PNuQjMH8ABEXn531G7nuJpkOGsxNtJ3TLMzk4i4dagk0tcF4uqE3epsBz9UVRzKEPwDTDcDaC_MhxujFxbmevZm1a5fMhHKABCjOMAXgV07RfQNzwj5Jis-Tn5LuBOHvVxpIQfpFx-_S_L1t4aFfCCBja-NJ3gzblENmWML_mCMDewCmMv6UiBce13VpyGBVQeJwIlyi4XBcGEDtjfoziJmtd2AGq5GLHBJCrYEk2Bxk6irgWejQsVfuEbSe4M2XAm4isznEuzWUyH1LgtCLctGs7K8Bro20rm34QWwkfMcHw4kavYybOEJOLHDxdE16ak7pDThx-Tjd2l0DwbyKhy8jeCZuAINml0W0hbmpiLhd3odk0JyIdvvoSKl-K3A7NEzW9qMO_pHg44L487kdX55IwJWeYeNbzOzJAcKYjaPcE5yEjGpHq_52T8672TzFUCH-YFG6XicSVc_6bT-TgoxWxYzzWQhOSbl2-OGiurJplRRA53CKW_7JQTy9X5KM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

collect
www.google-analytics.com/j/
4 B
24 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=604306581&t=pageview&_s=1&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dp=%2Fdca06727-89e0-43d6-81ef-b6dbc6a5c4ec&ul=en-us&de=UTF-8&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAUABAAAAACAAI~&jid=535733435&gjid=233752400&cid=1673431664.1700156093&tid=UA-123718506-11&_gid=849677365.1700156093&_r=1&_slc=1&z=1117597748
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
geoip.instiengage.com/json/ Frame E201
211 B
400 B
XHR
General
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
2100654f3ff0abaa401b1efdb0f4c141f4500aafa8981a9b934bfba938ff8047

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:58 GMT
access-control-allow-credentials
true
x-database-date
Wed, 15 Nov 2023 22:09:49 GMT
content-length
211
vary
Origin
content-type
application/json
logo-insticator-light-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame E201
4 KB
4 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/logo-insticator-light-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ac00:17:5bae:c7c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
T2IjPTIo4qchLnC2G3GrIcEa98kcWaxz
date
Thu, 16 Nov 2023 17:34:09 GMT
via
1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
last-modified
Wed, 13 Jul 2022 16:30:10 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
age
50
etag
"591958545714b5567fc57c2f4c215b1c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
x-amz-replication-status
REPLICA
accept-ranges
bytes
content-length
3973
x-amz-cf-id
UsNnU3V0L6va7TwVFa2xdd6yUvloSC5xjUEmZuLJdXwK5vpBaMhLxg==
icon-check.png
static.instiengage.com/files/images/embed4.0/app/ Frame E201
649 B
1 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/icon-check.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ac00:17:5bae:c7c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
LAzj2T9To4nJbbC7ZHWfpQpTuFxrgcvY
date
Thu, 16 Nov 2023 17:31:38 GMT
via
1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:06 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
age
201
etag
"b673377b664a0b33454c267d911fcfc1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
649
x-amz-cf-id
wun0Q2LeGIzjCsGW66juQuFgIe69cc-QLmid8pEGuVBYq8hy2BWH2g==
graphic-ooc-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame E201
5 KB
5 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/graphic-ooc-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ac00:17:5bae:c7c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
eOMnJSzBI81wb4OK.n4S.oHVD4IqRrSP
date
Thu, 16 Nov 2023 17:31:33 GMT
via
1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:05 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
age
206
etag
"3b5c1361f893cc23b07c2f3cc48cee32"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4833
x-amz-cf-id
pyRneVqd3oopLnQbOeS330I9ykCoU3rhKoI2J1fhGhY0bKg8aVePfw==
contents
cms.instiengage.com/v3/ Frame E201
19 KB
19 KB
XHR
General
Full URL
https://cms.instiengage.com/v3/contents?embed_uuid=fafdbd90-5bf0-4794-b385-facb449599dc&cookie_id=null&content_order=RANDOM&for_embed=true&content_count=20
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
98e6e0b0449873b666714a9228810445a6fef9096b417975444afcccc7a144a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 17:34:58 GMT
access-control-allow-credentials
true
content-length
19746
vary
Origin
content-type
application/json
05132cb7-1afc-47b8-a123-7c3caa41b043
static.instiengage.com/client_logos/c8afe158-72c1-454b-9574-c150e9630cb3/ Frame E201
3 KB
3 KB
Image
General
Full URL
https://static.instiengage.com/client_logos/c8afe158-72c1-454b-9574-c150e9630cb3/05132cb7-1afc-47b8-a123-7c3caa41b043
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ac00:17:5bae:c7c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b815630bf19d827a051c35d8619caf761d0af5df6452ffb8881b353061c79e28

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
9W.sQHDxekc1YnmnD8ftQqLe4NBYJg0Z
date
Thu, 16 Nov 2023 17:35:00 GMT
via
1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 15:10:49 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
etag
"76f767b42fbdb7a25a817ff3c137cb72"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/octet-stream
cache-control
max-age=31536000,public
accept-ranges
bytes
content-length
2623
x-amz-cf-id
cbvVjrQSE7H6iYPFCHyQzhC7eRe5LakcvAw7ntVTWgrMzEaYCFKmMQ==
collect
stats.g.doubleclick.net/j/
4 B
25 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-123718506-11&cid=1673431664.1700156093&jid=535733435&gjid=233752400&_gid=849677365.1700156093&_u=aADAAUABAAAAACAAI~&z=780438137
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 16 Nov 2023 17:34:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-123718506-11&cid=1673431664.1700156093&jid=535733435&_u=aADAAUABAAAAACAAI~&z=460723824
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-123718506-11&cid=1673431664.1700156093&jid=535733435&_u=aADAAUABAAAAACAAI~&z=460723824
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 17:34:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
8d0fcc10-4c33-4f84-830d-85143a01de4e
static.instiengage.com/client_images/c8afe158-72c1-454b-9574-c150e9630cb3/ Frame E201
175 KB
175 KB
Image
General
Full URL
https://static.instiengage.com/client_images/c8afe158-72c1-454b-9574-c150e9630cb3/8d0fcc10-4c33-4f84-830d-85143a01de4e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ac00:17:5bae:c7c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5150f4bc392ede79975eef4fbdf7b092a18b1ac96e46250fa496cd136d68bd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 17:35:00 GMT
x-amz-version-id
WBaITFoLiPAa9lA.I8czl4wIh6_iELT4
via
1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
last-modified
Fri, 09 Jun 2023 15:05:37 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
etag
"7e7a8f9590151caf0e8142628531dbb5"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
application/octet-stream
cache-control
max-age=3600,public
accept-ranges
bytes
content-length
178805
x-amz-cf-id
Bf2YQCJvwQS6MDOLMLVxGDTT2J7aOYqdQEM7DNVQhaINFN9yyEa4Zg==

Verdicts & Comments Add Verdict or Comment

412 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 object| 39 object| 40 object| 41 object| 42 object| 43 object| 44 object| 45 object| 46 object| 47 object| 48 object| 49 object| 50 object| 51 object| 52 object| documentPictureInPicture object| d string| jsonURL string| todayDate string| season object| Insticator object| $jscomp function| $jscomp$lookupPolyfilledValue boolean| headerTagInjected number| insticator_tg boolean| abpStatus object| federatedObj object| instBid object| instBidChunk object| _pbjsGlobals undefined| $ function| jQuery function| createCookie function| readCookie object| insticatorCommentingUnitSettings object| settings object| googletag object| confiant object| ggeac object| google_tag_data object| google_js_reporting_queue object| InsticatorApp string| insticatorHeaderCodeVersion boolean| isPageviewSent function| showdd function| hidedd function| chgWindow function| switchPlayer function| switchTeam function| switchCoaches function| showNext function| showSubmit function| unset function| indicator function| teamdd function| teamddclose function| chgHtml number| ddopen string| logoURL string| scoreURL string| enableDays string| confName number| init number| refreshTime number| scoresWidth object| timer number| gameDay number| scrollInit function| refreshGames function| initLoadScroll function| initScroll function| refreshCurrent function| refreshScores object| bootstrap object| bootstrapTable function| gtag object| dataLayer object| adsbygoogle object| tdwGlobal object| tdBlocksArray function| tdBlock object| tdLocalCache object| td_viewport_interval_list string| tdc_is_installed string| td_ajax_url string| td_get_template_directory_uri string| tds_snap_menu string| tds_logo_on_sticky string| tds_header_style string| td_please_wait string| td_email_user_pass_incorrect string| td_email_user_incorrect string| td_email_incorrect string| tds_more_articles_on_post_enable string| tds_more_articles_on_post_time_to_wait number| tds_more_articles_on_post_pages_distance_from_top string| tds_theme_color_site_wide string| tds_smart_sidebar string| tdThemeName string| td_magnific_popup_translation_tPrev string| td_magnific_popup_translation_tNext string| td_magnific_popup_translation_tCounter string| td_magnific_popup_translation_ajax_tError string| td_magnific_popup_translation_image_tError string| tdBlockNonce string| tdsDateFormat object| tdDateNamesI18n string| td_ad_background_click_link string| td_ad_background_click_target object| block_td_uid_7_65563cc88770a object| block_td_uid_12_65563cc89285f object| block_td_uid_22_65563cc8a3cc5 object| block_td_uid_26_65563cc8c5f55 object| block_td_uid_40_65563cc8d7353 object| block_td_uid_45_65563cc8dbad0 object| block_td_uid_52_65563cc8e284c object| block_td_uid_57_65563cc8e6747 object| _qevents object| scriptParams object| abadiv function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| tdAnalytics object| tdDetect object| tdViewport object| tdMenu object| tdUtil object| tdAffix function| td_smart_list_dropdown object| td_more_articles_box undefined| td_resize_timer_id function| td_done_resizing function| td_resize_videos function| td_mobile_menu function| td_mobile_menu_toogle function| td_retina function| td_read_site_cookie function| td_set_cookies_life boolean| tdIsScrollingAnimation boolean| td_mouse_wheel_or_touch_moved boolean| td_scroll_to_top_is_visible function| td_events_scroll_scroll_to_top function| td_post_template_6_title function| td_smart_lists_magnific_popup function| td_get_document_width function| td_get_document_height function| setMenuMinHeight function| td_comments_form_validation function| td_scroll_to_class function| td_helper_scroll_to_class object| tdLoadingBox object| tdAjaxSearch string| tdModalImageLastEl object| tdBlocks object| tdLogin object| tdLoginMob object| tdDemoMenu object| tdTrendingNow object| td_history object| tdSmartSidebar object| tdInfiniteLoader function| Froogaloop object| tdCustomEvents object| tdEvents object| tdHeader object| tdAjaxCount object| tdYoutubePlayers object| tdVimeoPlayers function| td_resize_smartlist_slides function| td_resize_smartlist_sliders_and_update function| td_resize_normal_slide function| td_resize_normal_slide_and_update object| tdPullDown object| td_fps object| tdAnimationScroll object| tdHomepageFull object| tdBackstr object| tdAnimationStack function| td_compute_parallax_background function| td_compute_backstretch_item object| td_backstretch_items object| tdAjaxLoop object| tdWeather object| tdAnimationSprite function| td_date_i18n object| tdSocialSharing function| tdModalImage function| $f object| __bt object| __bt_intrnl object| __bt_tag_d object| __bt_tag_am boolean| google_measure_js_timing object| Criteo object| __gcse object| google_tag_manager function| Popper number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint string| GoogleAnalyticsObject function| ga function| quantserve function| __qc object| ezt object| _qoptions object| InsticatorXmess function| date boolean| __bt_already_invoked object| regeneratorRuntime object| __uid2SecureSignalProvider object| __uid2 object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol function| _googCsa number| nextSearchboxId object| ox_esp undefined| dates number| game_cnt object| game string| thisGame function| onYouTubeIframeAPIReady object| gaGlobal function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| _33across object| pbjs object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_144 object| Criteo_identitytag_144 object| gaplugins object| gaData function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_oa object| sync16589_xa object| sync16589_ya function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_J function| sync16589_K function| sync16589_L function| sync16589_la function| sync16589_ma function| sync16589_na function| sync16589_M function| sync16589_N function| sync16589_pa function| sync16589_O function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_P function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_wa function| sync16589_Q function| sync16589_R function| sync16589_za function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_Aa function| sync16589_W function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Ea function| sync16589_Ba function| sync16589_1 function| sync16589_Da function| sync16589_Ca function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Ga function| sync16589_Ha function| sync16589_Ja function| sync16589_Fa function| sync16589_7 function| sync16589_Ia function| sync16589_La function| sync16589_Ka function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_Pa function| sync16589_$ function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa function| sync16589_Ta object| lotame_sync_16589 number| googleNDT_ number| googleAltLoader object| google_llp object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| criteo_pubtag_prebid_135 object| Criteo_prebid_135 object| GoogleGcLKhOms object| google_image_requests

87 Cookies

Domain/Path Name / Value
i.liadm.com/s Name: _li_ss
Value: ChMKBgjdARDBFgoJCP____8HEMsW
i6.liadm.com/s Name: _li_ss
Value: CgA
wwwproxy.uscho.com/ Name: instiPubProvided
Value: bf47d81b-cc02-4c20-9c31-b7f71b6fa7bc
wwwproxy.uscho.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.uscho.com/ Name: _pubcid
Value: f59f0b43-c8e0-4098-b7ea-71d97a2b8f13
.uscho.com/ Name: InstiSession
Value: eyJpZCI6ImViMmFlOTAzLWE4OWYtNDEwZS1iNjdhLWQxM2VlOGY5YTk2ZSIsInJlZmVycmVyIjoiIiwiY2FtcGFpZ24iOnsic291cmNlIjpudWxsLCJtZWRpdW0iOm51bGwsImNhbXBhaWduIjpudWxsLCJ0ZXJtIjpudWxsLCJjb250ZW50IjpudWxsfX0=
.uscho.com/ Name: instUid
Value: b61d819e-30fb-4819-aee9-f4dc5b73b772
wwwproxy.uscho.com/ Name: plsVisitorGeo
Value: DE
wwwproxy.uscho.com/ Name: plsVisitorIp
Value: 217.114.218.27
wwwproxy.uscho.com/ Name: plsGeoObj
Value: {"ip":"217.114.218.27","country":"DE","region":"","city":"","zip":"","location":"51.2993,9.491"}
.prebid.a-mo.net/ Name: __amc
Value: 1_1700156092_1700156092
.gumgum.com/ Name: cs
Value: true
.adnxs.com/ Name: icu
Value: ChgI5sRbEAoYASABKAEwvKXZqgY4AUABSAEQvKXZqgYYAA..
.adnxs.com/ Name: uuid2
Value: 2638324055642456530
.rubiconproject.com/ Name: khaos
Value: LP1H1GPQ-11-6NDY
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qp8AQR3z6EbNbU1ZxogGjlwOA+xFj1I9scmP1H4Ec1c+xYq5ehjc4ZKOZl/hmt31kv6UQR17uMz0fPzJ6cr+j5/otPNd4RwIY/EyVNLdBbxACKPLRELhl3x0A+VO7RH1E0=
.go.sonobi.com/ Name: _usd_wwwproxy.uscho.com
Value: 7b73b82c-02dd-4d5f-950d-dbb535983e09
.go.sonobi.com/ Name: __uis
Value: 1a1bed38-7d99-43d5-bec5-751de3b970ab
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: __uin_z1
Value: 1
.go.sonobi.com/ Name: __uir_z1
Value: 27621292
.go.sonobi.com/ Name: __uin_ex
Value: 1
.go.sonobi.com/ Name: __uir_ex
Value: 27621292
.go.sonobi.com/ Name: __uin_a9
Value: 1
.go.sonobi.com/ Name: __uir_a9
Value: 27621292
.uscho.com/ Name: _ga
Value: GA1.2.1673431664.1700156093
.uscho.com/ Name: _gid
Value: GA1.2.849677365.1700156093
.uscho.com/ Name: _gat_gtag_UA_541124_2
Value: 1
.uscho.com/ Name: lotame_domain_check
Value: uscho.com
.quantserve.com/ Name: mc
Value: 655652bc-b9df3-13fd2-94b70
.uscho.com/ Name: __qca
Value: P0-1293308888-1700156092324
.criteo.com/ Name: uid
Value: edc18ad4-a12f-4bfb-bed4-3cbaac29a16c
.uscho.com/ Name: connectId
Value: {"ttl":86400000,"lastUsed":1700156093005,"lastSynced":1700156093005}
.openx.net/ Name: i
Value: 8a1cfc36-3f8d-425b-8d83-4d126581f279|1700156093
.doubleclick.net/ Name: IDE
Value: AHWqTUkEV9g2FAowAJCPJME_aJBymIWKWFin6VNIG0IBXZFqCoVdApG-vvulqgJK66A
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.uscho.com/ Name: __gads
Value: ID=363335e743c6dd12:T=1700156093:RT=1700156093:S=ALNI_MaMGZHEPPfMP449LOKiNdnSlQyLfg
.uscho.com/ Name: __gpi
Value: UID=00000cca06744b41:T=1700156093:RT=1700156093:S=ALNI_MZuxEfSlb7vH8WW_IO7OWRT5tzHCQ
.googleadservices.com/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: DSID
Value: NO_DATA
.uscho.com/ Name: _ga_K9F26MDDX7
Value: GS1.1.1700156092.1.0.1700156094.58.0.0
wwwproxy.uscho.com/ Name: _lr_retry_request
Value: true
wwwproxy.uscho.com/ Name: _lr_env_src_ats
Value: false
.casalemedia.com/ Name: CMID
Value: ZVZSvyO0oWRlGMviBNFxBwAA
.casalemedia.com/ Name: CMPS
Value: 2192
.casalemedia.com/ Name: CMPRO
Value: 2192
.ingage.tech/ Name: instUid
Value: b61d819e-30fb-4819-aee9-f4dc5b73b772
.ads.pubmatic.com/ Name: KCCH
Value: YES
.creativecdn.com/ Name: u
Value: ZBVGXU7lYu1IsKSxrS4e
.creativecdn.com/ Name: g
Value: ZBVGXU7lYu1IsKSxrS4e_1700156096090
.creativecdn.com/ Name: ts
Value: 1700156096
.csync.loopme.me/ Name: viewer_token
Value: 5622d513-ce14-4dca-b66a-4ef733d2e09b
wwwproxy.uscho.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-11-16T17%3A34%3A56%22%7D
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 4bd2ea1428ec139d
.demdex.net/ Name: demdex
Value: 22932157017328362553674623053724731944
.bidswitch.net/ Name: tuuid
Value: d1e87001-a7dd-40f1-92b5-3ec7dfcb8427
.bidswitch.net/ Name: c
Value: 1700156096
.bidswitch.net/ Name: tuuid_lu
Value: 1700156096
.quantserve.com/ Name: d
Value: EGkBDQG4KrjvsQA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA__vFyGtobmBgaGpmYGlmaGkBAGb_pS4QAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjexNDMzsDQ2NxPiM9R1d8nKMHDODCrLL68AANgAHf4lAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjexNDMzsDQ2NxPiM9R1d8nKMHDODCrLL68AANgAHf4lAAAA
.dpm.demdex.net/ Name: dpm
Value: 22932157017328362553674623053724731944
.turn.com/ Name: uid
Value: 2654784360710305845
.yahoo.com/ Name: A3
Value: d=AQABBMBSVmUCEOS7nopkIc0Pjlr2aAkDOaoFEgEBAQGkV2VgZQAAAAAA_eMAAA&S=AQAAAl4ltOZMn-9gPw3azMkaprc
.ctnsnet.com/ Name: cid_805a11e62ea049a3acb762db688175d2
Value: 1
.ads.stickyadstv.com/ Name: UID
Value: cb274118d0d6838df5f6994d3dfbbf9
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZVZSvyO0oWRlGMviBNFxBwAACJAAAAAB
.go.sonobi.com/ Name: HAPLB8G
Value: s86152|ZVZSw
.company-target.com/ Name: tuuid
Value: 05e7a862-27ec-47a8-a6fc-c80d537657b0
.company-target.com/ Name: tuuid_lu
Value: 1700156096|ix:0
.adform.net/ Name: C
Value: 1
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-d083687b-9270-573f-5ceb-203268d2ac2c.yVX0NuDnwGO6rZAerbWC%2F30tiI8jtvJqu%2FWwaSuy8xQ
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-d083687b-9270-573f-5ceb-203268d2ac2c.yVX0NuDnwGO6rZAerbWC%2F30tiI8jtvJqu%2FWwaSuy8xQ
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0INoe5JwVz9c6yAyaNKsLNly2hs.8omT8wW5eQ%2BUKcfhcsm59I3rK2UsGLto8rDcuyB7g9A
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0INoe5JwVz9c6yAyaNKsLNly2hs.8omT8wW5eQ%2BUKcfhcsm59I3rK2UsGLto8rDcuyB7g9A
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIAHdrdrnKhTL6x10ojWX_x2eEetS1eWMyOQxsMRVvNPgEHwYBCDApdmqBjABOgRyABfNQgTP_OTH.kvQ8le%2F0VbeIGhXf7PrNt9mej0WsD8SRUM23URULrwM
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIAHdrdrnKhTL6x10ojWX_x2eEetS1eWMyOQxsMRVvNPgEHwYBCDApdmqBjABOgRyABfNQgTP_OTH.kvQ8le%2F0VbeIGhXf7PrNt9mej0WsD8SRUM23URULrwM
.aralego.com/ Name: gdpr
Value: 1
.aralego.com/ Name: sspid
Value: d9ba0c0f-8a58-363e-b343-3f5348e4fc2c
.adform.net/ Name: uid
Value: 2056997978948887281
.adsby.bidtheatre.com/ Name: __kuid
Value: a1ae291b-4485-40be-b38f-615aa95e907b.469370096
.amazon-adsystem.com/ Name: ad-id
Value: A9mNxjRSJ0jYqh8FtqVTOfI
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.liadm.com/ Name: lidid
Value: 598ecd43-fea2-404d-b733-be5c69124556
.uscho.com/ Name: cto_bundle
Value: Z0-qw19adUUzV1loUENtdjBKeG10TW9rUjVDTVN6aEpGbmFsNms0N2hYVnJabFpUZ2VIUSUyRlpCU29FZCUyQm1KY0lJN3NYRXFRM0hwdnlVdjNtNHN0MzZPJTJCc0Izd2RySktPJTJCRFhDb0lqd1R3WHRqcXRoOFgxeUJuQ2VIMWloaTA5SUhOJTJGQ2RyYmVnJTJCaDYwTTBzeVlZejFwM0xaMWclM0QlM0Q
.uscho.com/ Name: _gat_Insticator_Embed_v4
Value: 1

6 Console Messages

Source Level URL
Text
other warning URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3387156783&adf=3378126847&pi=t.ma~as.7481584504&w=300&lmt=1700156092&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700156092287&bpp=1&bdt=2043&idt=478&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=7796994645410&frm=20&pv=1&ga_vid=1673431664.1700156093&ga_sid=1700156093&ga_hid=604306581&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079629%2C44785295%2C31078297%2C44806139%2C44807764%2C44808148%2C44808285%2C44809053&oid=2&pvsid=4020746149329059&tmod=664251094&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=485
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=88
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDc3OTM0OTIvdC8y/kv/ID1=1a1bed38-7d99-43d5-bec5-751de3b970ab
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://ex.ingage.tech/v1/sync/amx/b61d819e-30fb-4819-aee9-f4dc5b73b772?uid=&gdpr=0
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://aax-eu.amazon-adsystem.com/ecm3?ex=sonobi.com&id=1a1bed38-7d99-43d5-bec5-751de3b970ab
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.eu.criteo.com
ads.pubmatic.com
ads.stickyadstv.com
ap.lijit.com
apex.go.sonobi.com
api.btloader.com
api.rlcdn.com
auth.instiengage.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
btloader.com
c1.adform.net
casale-match.dotomi.com
cat.nl3.eu.criteo.com
cdn-ima.33across.com
cdn.ampproject.org
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.indexww.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdnjs.cloudflare.com
clients1.google.com
cm.ctnsnet.com
cm.g.doubleclick.net
cms.instiengage.com
cms.quantserve.com
connectid.analytics.yahoo.com
creativecdn.com
cse.google.com
csi.gstatic.com
csm.eu.criteo.net
csync.loopme.me
d.adroll.com
d.turn.com
d3lcz8vpax4lo2.cloudfront.net
dis.criteo.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
eus.rubiconproject.com
event.insticator.com
ex.ingage.tech
fastlane.rubiconproject.com
fcbaa128d223004d1193906e064c873a.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
geoip.insticator.com
geoip.instiengage.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
ids.ad.gt
image6.pubmatic.com
imageproxy.eu.criteo.net
insticator-d.openx.net
invstatic101.creativecdn.com
js-sec.indexww.com
json-b.uscho.com
lb.eu-1-id5-sync.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
product.instiengage.com
r1---sn-4g5lzner.gvt1.com
redirector.gvt1.com
region1.analytics.google.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
rules.quantcount.com
s.amazon-adsystem.com
s.company-target.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.criteo.net
static.instiengage.com
stats.g.doubleclick.net
sync.adotmob.com
sync.aralego.com
sync.go.sonobi.com
sync.srv.stackadapt.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
web.hb.ad.cpe.dotomi.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.uscho.com
wwwproxy.uscho.com
x.bidswitch.net
104.18.35.167
104.18.36.155
104.18.38.76
104.248.50.245
13.32.110.83
130.211.23.194
134.122.57.34
141.95.98.65
142.250.185.230
142.250.185.66
145.40.97.67
151.101.129.108
162.19.138.117
167.172.136.17
172.64.151.101
178.250.1.6
178.250.1.9
18.192.232.229
18.195.212.171
185.184.8.90
185.64.189.112
185.64.190.78
185.89.211.116
192.96.203.13
193.0.160.130
2.19.228.187
2.20.65.233
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
208.93.169.131
209.54.182.161
216.52.2.48
23.56.202.187
2600:1f18:ed:550a:2a62:5dc9:59ae:614
2600:9000:211a:fe00:1c:386f:ec80:21
2600:9000:223c:1600:6:44e3:f8c0:93a1
2600:9000:223c:a200:10:dd8:5e40:93a1
2600:9000:2304:ac00:17:5bae:c7c0:93a1
2600:9000:2304:ae00:a:e047:753:a221
2600:9000:2611:3e00:9:78a:e540:93a1
2602:803:c003:200::43
2606:4700:10::6816:43d
2606:4700:10::6816:445
2606:4700:10::6816:4bd8
2606:4700:10::ac43:266a
2606:4700:20::681a:246
2606:4700:20::ac43:4a81
2606:4700:3031::6815:46fa
2606:4700:4400::ac40:90a6
2606:4700::6810:5614
2606:4700::6811:190e
2607:ae80:4::26
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:15::6
2a00:1450:4001:806::200e
2a00:1450:4001:809::2001
2a00:1450:4001:810::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c09::9a
2a00:1450:4019:807::2003
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::9
2a02:2638:3::c
2a02:2638:d::c
2a02:fa8:8806:12::1400
2a02:fa8:8806:21::1780
2a05:d018:cc3:fe05:681b:cca1:66f3:5e09
2a05:d018:d29:3602:15ac:aaba:5b42:770a
3.208.172.61
3.225.50.168
3.75.62.37
34.102.146.192
34.120.107.143
34.120.133.55
34.149.20.76
34.249.27.149
34.249.4.179
34.96.70.87
34.96.71.22
34.98.64.218
35.186.193.173
35.214.220.3
35.71.131.137
37.157.2.229
44.212.103.88
45.137.176.88
52.50.62.11
54.165.249.28
63.34.72.49
67.202.105.23
67.220.226.238
69.166.1.64
69.166.1.67
69.173.144.165
98.98.134.242
01ceac3cb0b0c8905f0b522e43ad391744e0daa2aa5594158b59b6c468da1472
0278dc395ba7873b879d2cad1c304be606bc064928de48e36af8aace0f1e387a
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a17ba6a86af3ed68048863bbdff8366a4c00b37e3811d42351255a58eae8ac1
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0c659c2351251346d80951411cf3e8704b382d17b990f900212543f96faaa44d
0c85f03ee7ffd8a409d628d4b368b63454b8f70fd43c2747f88f41df5dbc23f3
0cae8f6632d5aa082e7b7ef0cc7a82ed2840fa700e6ee3f322006160652a6a21
0cc7088b335b30f7b1fa0903bc8aa143b11cb8408032d62d28d5ab768cc68c88
0d566296c283e164ef207161e0c46c0d3b63c9a52e176af09832cd187a14c891
0e5353c28d3c7b7fa50d3e3315867e003ea63910264032903eb978b1810c0e60
0f6bf4910e65a8b85acba1f90e7dc7396a342e14f110e60da1232a5a043ed509
10c53fec666f188d628fea7bfdd6b30cb24b9a55ac0c9ef3dcf15f562b2fd9a6
11641c9b34bdbf61a762c9b04146ee1da7b01e5bb43d8bae8e1a05dc67978a81
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3
15fda53fec50af3afccaabeddfb604989393a704cbe5f0004bf0822f51b5288b
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001
17113ef298a9d106b208a2676992950fb01858e5d7b1f99f34731941794bb682
172379ec050938e38630653328583ad204ae0b6021e9929513219463c9751cac
17810a53b5ffc8157c46a6192533bf2e567a31e23b31c4bac42d214787e488f7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
1ab6763a92c664d1b1a7b5421ac60834aa5a1e93dd9ade4e1f951723207bc53e
1baff9bf8d69c7de6ea553b53218dc5990e8a58d69200bab0c4763e70639fef4
1d12c1a3dfa6b5a6dcda054067f4f756586710deb639f092babdbfeb2deeb721
1deed95852a49e7f7b4527125ff12e8ce75568fd6e1d91befca131bd595fd5ea
1f539b1fc86ad5fc6f347ac6dfd1ed32319e57fd7ffa6283102cdc713603ac80
1f878b274a38de5001f17126a165d8e990267d5d28b1e8dc3661f1728eb54256
204ad18d0f58ab0b0af424fad9a971ba92ee9aa991ebed7988c067818dc2051d
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
2100654f3ff0abaa401b1efdb0f4c141f4500aafa8981a9b934bfba938ff8047
21faaba4509d48f84287a8b5bbc12b3e110a2bcda9e5df65bc2f0f69ff6c39c7
23fea0a987694a487d5e053345c610b6c2b0cee5943e6c54dffa8c4d3b8c2a27
24fe63307e2903b2a4b2d80c28383d91861dc9ade1b28feac920e9f5f7b7dddd
2520ee7187e14fc429422e3d1d7015b1127ab7e1623d99fead944769b51a0abf
27a6a4c384506bb6ba8cccc622a6be2af700bee269aae7b0644e7b5d29ff9b73
285edf67fede959a3cab4bf23073b3d12dd55d56637c361860afb74f6799d1a0
2be78b8f08d3850add8b13c28029fe126c676a44abfa4810ef4f397e9067fdff
2d17e0c299a3060dbd0415878b38cc80f2f6cad0924001ff8e1d29cd85cf0217
2fb654676deeb5fb4fcf63837bb61856610ee36b07cd5c67b843a38af9fdb948
3016eaf084e598194a0e18a0d4d1ad90d1da1dffe5a0cdde34df5733de975e3e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d27ce00ca4c7af33cf42153d73abce046d25fc5c892fdabc61ec5690ecd0e2
32132009f3bc11d62ae0b55655df18cba0f8d7b6c12d8052291c660255faa29e
3248dbbb0805bbe104f7da2f55582972a7e876c05472371a0cc1aa30d04bc523
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
34539260d07347adab72ff2fa2da52272f37c18f494885f435f033fbfe5c974e
3512d162920464f92e884488c55e18bde9901fae8a4db18eec436c03e6461cb3
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
365cfd79b98ba64e4c3416a89fe146e920009003ffeefd5077ece5c7d49ef3af
37727880f7138cb2008cbebe912218cdf04ebde2d32b2ead6414f4973c168f4e
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
394997f33cb83006a0c9745e99bbf451af2cd6e1b3c896a848582bfdb420c942
3b29eac9127bcd1305d4c5528798e05546a55f55a13d21eaabbef0fc98938094
3bb5a755d2cead52daddbed76beabfe990961f0ff5397eda5b27989a5d7d4deb
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3cd346aff1efcc38119a600f75667ba0089a7a6bece2b905503fb7c0c65ddcb8
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d6aa4a81b663c869b6e9c3ade8ee99bd6d18de18843ac75ae4670819b8d56d9
3e976b279b9ad9976190980603aceb502e89975d5234f3f4d38601fbc4baa6cc
3f8df6f3619442499c34784324159b55d118fbe0f3070c63a8554d766a4f7a9b
3f973d52c2e5dd999a84bc6b9a0e82aed56c24a0b3c34819de4badba69e6ca88
3fd13aa5309882955edefa1157aab289e1542b6cac5b258f7a486ef88ed1d876
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
414d7522b8e0144d710849110145c762ec57019b49a2ec7f7c3d7af420d1d320
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
431097f4f934bdc8ae8ea0d5d33a07573e22cf31f50e02499a1b12b98be7c4a2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4660d82db77d874531415562f4e48bc8bbfc283f489af0fcce4d35847f13c5dd
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
485b7e107282f2bacf10a28bf7a8c5d62d76d4021350698ef27248ede039dee8
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4ad6d02ce0a503f785bd98cef582ee82e731365471f4e598106ad5fbfc919888
4b2e344b71ebfe679e74b8026bb3e078ac994075f0ab80138a7d9feaf0e9b79f
4b8b9c36294e1afd4ad007bb4d834a6cd8415629eb6e69bc5f12d5dcf9340362
4c3a239dc3b7e0a74e2557957294fac25f4cf7f6f9d15bc4af042c251dbc3d13
4c8ee3039642aebe6a0178154c4ef46e40fe62b965922744b8b530edaae4aa2f
4d800359352e3ddb3bab2af277dcea7fd06f99885ee8375157f2b15935eca1b3
4d96c74db017b6c86d35e5c625f7cd65bfb2e923c3866f624b08d1a2cfeb278c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6b27802cd447183a356cc7f824ac7fc4f6f5197cd2b1ee12758236ed505777
4e8a9f91efa071fef1ae36b2178873b6c92e16a7d4a1087468e85609c2e68d85
4f4206ab2f0fb5c89167649b6980f3a4b6c90a30c448d42dcb90960e2c44005c
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
529bdd17318df790516860cd852d100561f0e6abb5f90e23b85bce353dc14435
5409b00c1531cf7e989e59f50a440f3a70c019dbefd5379327661fcb8d16bdc3
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
57532fde1cb53874471267bf48fabe86a64169c134aaa124a1eed5c4cc64fa77
5760268e960a24f33df8d74d270189856f6e2248eff4030f06fe98ef20d25fe4
581e9b691f11ca7c7b803f9bdd70bb110d982213c025de8cc47d8556388ef6f2
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1
5e10801387114a129e9f06d6eedf6def06e1508ff4f53362043dd47a66bd7968
5fa27a71e7530663c8bfb835f67d72d7485a5582a82be83004871a661995e833
618b420941cec3efb5d20609e3189085c21ef91a691ea06e8b00310b370aef7a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f8cc4a9f44ce199de46c6bc9a1ba02ffdacd23a7ae71d800e5364d057ab06c
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
630449d41b41ba38bf6ded286f77e3b04ae2a8dfce0cef7b55a9c00003c2a44b
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
688a83886a5a759614fb53d73736845837de908ce3553b146471782995bc5943
6893f1cd0da336a810d8787c06138ca1787585165bb3f5ea6d8da70f0d3632a3
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6a7cd882bb8944b4b5e40dafbde5f91d051dc6fdf5d924f2ef1c71affa91f790
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4
7231f5d6814a8eb17b1590e4a49895dd69583f31ada43dd63838f868d061af25
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
737066c13a2fa5c69c1d9f4b8ff9e7a4480ce5c0afa9a2f09dcd6518e70ebdaa
743f722963dbcdd3b9cce8a482d994536480dca7f315e7b35ee8a617b595539f
750b243997c1370203a7b2a2a20ae5d20c039ea5514d9c38f327a5defb30c2fc
7588af36baed8ec2c6681c753d85d79d83fa47573473489ce3eff27f16b6688d
76f1b2d0d9a280f7c3bd17fc18e49d195087c94758d9b8591f38c00a110a7815
778ddd1dfc54953dbd0f16c09bb9aa333201fc88187dedec5cc1439a4431b0d9
779249965fcc56df5ccc2c89293a582fbea63f785bc4041c878106b01b725dcb
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561
793bdfab72ad84a40b06db22176e14c6654329c1accc292a36c06228afd662c6
7abab7a5fed6d1eb8dcfed4e7f6bfcbc1a1a1dfbf95d281b008f04245b26c769
7b3b86a9c070155b2cbb0ea45df23d3b69968245a8dab1a442c4c7c25e18e11c
7bf234cb7bfdc714a773781dfd2ea6d49a594d568ba449d271c73b5ec323d4b2
7fcbb849ee8ed3f4a06797012779e04511bd86ce7f68e6e6e55a315bd121e693
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
812d14f997830b2956aaa4040066a6c43bf04d9ea4b64e6c3e64720ef4496d28
81bf165cd84d85784ad1dabd81bb1734f63b60cae108af93f6a42a440faf21df
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
849302d1bef4830623ba271a9f718597e176a9ddadff287ee9ea63708d2b2a62
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068
893b225d99f64a327f9aef2fdd2435d518ad061e98e12675754db3d1f203409d
8b192c86e28dba2639d89459895bd03c41ab1a56e5e37e315eeeff91c149ef0d
8d664e01881d90325f0d0f03bc0a2b3745d130fd309c172119a965d66324976a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fe2117aa4c725f0e3b1a96f6172f46814b450fd315db1d0d2617339e57f025e
902f47bc9eeb026da8cbcef8c7ec51aaa1f73bf7ca587c8694cceb36ff91a92e
9122d35ca0b1532a344f0801f9004b862de73fe3ec70d6eb04a345cc02e8e2a3
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
9362261a59576b70d5c810098495b30a0b7fbf5cbf6eb84647c618caa11f0581
97f9bd999ce227798c30d6b5aea2580e4eac041aa0b1c89b67aa94b4e70c44e9
9838bebcdcd661c8267cc3f244e746a6b11a256bc14e4201a395bfcb06c9188d
98e6e0b0449873b666714a9228810445a6fef9096b417975444afcccc7a144a4
9984cb6b0be2a839539669a0a04a44e515408d658b171b39177397cc061ed845
99c2f32143563b975ad0e4e14a839dae259c8c4901b88a5ae608beebab753f6b
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9b961e9d5506cfd8955dd92d7cfc26bcd31fc34f63fe52b87a570fbdcc3d21d0
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
9c419e3ada62ac8a308cf7a6967d866775a2aa78e89dd4c4698db8a429f8f85a
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a21ba330372da88b834b83b8911e512f7ced6e55c2d2fb69e277c0a86bc39815
a27997ed4b49e43ff9ade9ca0505a27fc8b392a2e1ab6d7e14976f03a737e95f
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
a46e24e96432effddcb0fb1945b98fe889b09bc22c6b4fbb3567c6f4970aa9ff
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a56ff3331dd91c0016db1310c80cb86269f27aa8590ae4d7c1afe1d610eb7fb9
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a8e54ed0c3b85c013a3abe83cf1e95529872363fd907935e78d9b1316f9178f1
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ae9a3e4b6126d41fef61d81df21fe17e5e053bd5bcd52187e43bd67bee0fe214
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af372253d5598edc1e4368bf6ee8e5fc5970eebe66fb7fb91554ee9918214a7d
af4cb1079334e25d083285e5220cd7845056a6c8f69f3739dc86519a06ae4da4
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f275e8c57349ed7e21f7ab7176799e90229135ed5133614811ef887adda03d
b46b0ccab5db6d7b89cb1e70f81752c2113b74834881f495517d095f1df5f71b
b5150f4bc392ede79975eef4fbdf7b092a18b1ac96e46250fa496cd136d68bd7
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b684387f1c956c7a6629558081ab4d015d08918226d4a950271869eb757e31c1
b6fbaa05c45d558628365fb49a71e5521d8883747f8778a370be7540faa19e6c
b8049b940f02850ebdea3e3c0bfeb7a62491111121894e6394cae14bed2a9264
b815630bf19d827a051c35d8619caf761d0af5df6452ffb8881b353061c79e28
b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f
b8ad71582d3ee067161bab292b9f769335be17f818b2a9a8fef4e95a450519bf
b8ae744a57b39fe4ced7328838882eb465d5452d03a7b424dfd9eea9d3849c1f
ba33741f1b945cfb71d6fe3fb60628af0cb4cce7f464f84c43f5d6457b284272
bade98acb28cd2011b43069d33aeda8fb5ec1f24aa3718086f1c380776e9632c
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
bc45e69f487a85721c93631fb656e15fb0e76308912b04193b3f585dfb31bf27
be3e82bac967ae4410e4892709367f57fa7d0c393af8f1818173d0e9f4adcccf
be9a2d123eb12103919c90ff298d8829cc87316197c48f995f4ecef04dd87f4c
bf7ebd4fad51be7d4fee8cfa34c08ef3f62d3cfa386ecce4e85a0c1ce6cb32c0
bf9c4c020ac4280f500779c26abe069e693f9047edef968d7cb27b2aacb0bb4e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2d040825ca177c72048dfbc2a69b92907313e50a8126e04ab9e820edadad11d
c37757fcea357c2078afb149e652876779c1f620f4d9fa7afd424f5362643500
c509aad73831b134cf895163606a337481b3a2bfd483e5331d8e092eb4055c6c
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c71de37124b8ed25baf8af415ec032595c564b5bb3721c63fa68922aae5a6ded
c72923d3540f9c6180ffa2c093b843442c8537d20834dd60a95d4e9e997a33d2
c744a42ecfaf5faa40dc9af8b27a5638ee4cf42ac9261037eac09d8732284b61
c7b0559bee2cbbbf9832b770c7ff15a4c204209b11dd04a1eeadecfb2fad3ae9
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
c9211b98042b17907d74bb76aa84613fe8d9dec0208003af8082899a662a00c4
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cc4c5c8e3d1bf32ad091e720ce9f7c22111ec003e84e6a4570b386b0fb0b210a
cc89945923d38b792886a72514949dc38cccd49e7f246890a2bd3c2b0e643328
cd9818ab6cef998db6194180ff87119e5f076d616a03e51634aa52fa2f1c4a98
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23
d3b15bb28cd20f34c563325aed8b4c50609880405311e5d281b7269566804fba
d3e01853afa2f8a06e0aaf4352b56064214e570b582e12994774bdefe9c1fbc6
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d4dc518e243d06f337b00ed6c623f2aff3c67aa179a08b68f875e470898a5df4
d4f4f288148bdde39d13158af2ca38aa67f3505ee26a0d4fa0776e4a55735e55
d50675d04142e9bfd9a7066718b8f5f9336d4000b1c8dc5542002955d9b002c7
d7e664184b2eeb05112f250badaca2cd8c7b602958c2fe8ec4ca07338d763bbc
d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9da18e732fcddb00703914e2a8de64cdcd4adcd82b95dacc4670fd9b2362fe7
dbf7eb98f997a8df116c6515ce77a2e76be2dafbdbc62cd7feade398544ac0a8
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd73f4e1f4316b52955d52de613c5cbb1034124faf6657ceb6d1e1799979790a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0401c42c141b6b7447d7b52b48447ef7640137da38f995490bea4958af7bf5f
e082e6b7c3dadd692d57462fe0c10ac1007282fbfe4317c06f1136e836694ebc
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e211a998115b886c1779877c3dba314830b1c15906cee58e44fc26d07d1a3536
e28b837296a1fe2b1a7bc0e954587f796408b41b734078552db34477007f186b
e29fc3a132d3a493162fa723f4c13d755394882b8d691629dad715ac4818727c
e315f8d8f66405263b332fe9db7fb6fb284d79ec4b5a0c567dd58f7b2f45621c
e3499c40fb2a828918f50d4d4b1daa09d3b3470a48033136ec99afd3300df608
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4648dcf44a08191d151a06cc363affa8119c5dcd47247cf56d2c4a6d5c49890
e5688319ea093a91c367a5f64f22b2012affd2a2bf80a8e31a6f4e02c67fb1ce
e6f44640021413129ba6c881b570b02a209f008c2261a81889158a8bab259ec9
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
e7ffdc17f9a380f6376691bc77f18787b35359f2bd140b637a4e530bf5606f0a
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e90958ba258edd7d3efaabc4da6dfd25112abd7d7eaf600ee5d18bc5e8630af3
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ec13d6ada1280c8f59b420f94a57f26725f26422667197ff7acf159e7f04e832
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6dcd95c9fbfdb77c4e8532f768c9b5dffba55e028748d3e9176602223ab126
efdb2dcd5af2946175e9696c98804aec751f5ae8640ec9ecf2654145d9e77df3
f12348913c8f7abffd929a4470b9c698f53aee21b242a0292b2477198919c60e
f2adc01ef0e432bea964e0a8da7a274ddb163f063083305bbd19195be4d4453a
f2c8ef8c79e7e9ccdb8a5d7d604ff947919f286db30107a83bfa930c40ee9e45
f2da2efea74f294509c344e246b3b006e8c2081a9e38dbe6396d0a39bc355791
f4690663259de00275761fa1819ddd95bffb6d4a361d7695ec1273ec846ea549
f4f5bc9d6560f0070591a6c76ad815195a2a2530aea7b99c4debe126a0042de4
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a
f71e8066f6e77c1f4c5cd125b90b13988b7bf06a6f43951542f6d566ee8a1af9
f745c6f5fa5259ec3c8d56fd08f1c892dff209e6cff2345436d33535e1da8954
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8793f5ad7c1b32e475dcad3f2fb16081b5023820e10e679e7c3b303b05b3c80
f885ec8a0a68847aff7c6bb94968bf7cb5099c0c449ae1535cf8515cc0ff8e18
f9e21fe0f386e1eb0f9113df90ab2ccbbcf9a2ec39e26130d32fd0b3a5a31ba5
f9f08cfecafa372f4aae0af5dbe536699f3f81e22b838f67ae59cd46100ed6b8
f9fa92416a8ff082c70522274ff0b80b42e47398502f6eb08f593cb379cc07e9
fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e
fd38cc4f5a1af807a9d255a14d926721a64f42f65c61942d20fdc5902fdda86f
fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
fe2c332a9c0f3365c409187c3ada915ae20d99841cd054f20f59c1649c8ca01d
ff17df18c29c83710f08d1add651f127d74dfde3250fc9e83afb69b40047465b
fffd8d1502b0e9b65701a8f70f811bf6fd3450f97af22b6f4f51e3e26d585d0a