metabenefit.com Open in urlscan Pro
5.161.63.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://metabenefit.com/v/cs-direct-net
Submission: On June 23 via manual (June 23rd 2022, 2:24:05 pm UTC) from CH — Scanned from DE

Summary HTTP 118 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 118 HTTP transactions. The main IP is 5.161.63.2, located in United States and belongs to HETZNER-CLOUD2-AS, DE. The main domain is metabenefit.com.
TLS certificate: Issued by R3 on June 3rd 2022. Valid for: 3 months.

This is the only time metabenefit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	5.161.63.2 5.161.63.2	213230 (HETZNER-C...) (HETZNER-CLOUD2-AS)
11 11	2600:9000:249... 2600:9000:2491:3200:16:8bbe:c640:21	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
3 4	198.240.216.40 198.240.216.40	8729 (Credit Su...) (Credit Suisse Group)
20	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4 9	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
118	13

15 5.161.63.2 (United States)

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.2.63.161.5.clients.your-server.de

metabenefit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-only.metabenefit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.metabenefit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2491:3200:16:8bbe:c640:21 (United States) 11 redirects

ASN16509 (AMAZON-02, US)

d1irhuf3z5u61l.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.240.216.40 (Switzerland) 3 redirects

ASN8729 (Credit Suisse Group, CH)
PTR: claridenleu.directnet.com

direct.credit-suisse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	642 KB
19	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54	174 KB
15	metabenefit.com metabenefit.com static-only.metabenefit.com track.metabenefit.com	373 KB
13	gstatic.com fonts.gstatic.com www.gstatic.com	432 KB
11	google.com 4 redirects adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	24 KB
11	cloudfront.net 11 redirects d1irhuf3z5u61l.cloudfront.net	3 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	212 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	4 KB
4	credit-suisse.com 3 redirects direct.credit-suisse.com — Cisco Umbrella Rank: 631528	3 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 7751	914 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	645 B
118	11

	Domain	Requested by
33	tpc.googlesyndication.com	googleads.g.doubleclick.net metabenefit.com tpc.googlesyndication.com pagead2.googlesyndication.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net metabenefit.com
15	pagead2.googlesyndication.com	metabenefit.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
11	static-only.metabenefit.com	metabenefit.com
11	d1irhuf3z5u61l.cloudfront.net	11 redirects metabenefit.com
9	www.google.com	4 redirects d1irhuf3z5u61l.cloudfront.net www.gstatic.com www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com
7	www.gstatic.com	www.google.com googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
5	www.googletagservices.com	googleads.g.doubleclick.net
5	fonts.googleapis.com	metabenefit.com googleads.g.doubleclick.net tpc.googlesyndication.com
4	direct.credit-suisse.com	3 redirects metabenefit.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	track.metabenefit.com	metabenefit.com track.metabenefit.com
2	metabenefit.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
118	16

This site contains links to these domains. Also see Links.

Domain
silktide.com
direct.credit-suisse.com
www.credit-suisse.com
policies.google.com

Subject Issuer	Validity	Valid
metabenefit.com R3	`2022-06-03` - `2022-09-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
track.metabenefit.com R3	`2022-06-03` - `2022-09-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
static-only.metabenefit.com R3	`2022-06-03` - `2022-09-01`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh

This page contains 31 frames:

Primary Page: https://metabenefit.com/v/cs-direct-net
Frame ID: D6FD4EBB1597D8B3268EE46A60B63297
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/zrt_lookup.html
Frame ID: D33FA5E5854F7B60E0C2DDC626A4038C
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: 64829BFBA0B281CEE18D47CE0AC62E77
Requests: 1 HTTP requests in this frame

Frame: https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
Frame ID: 609FDD53D1D2F2C3C0BFE64C80D65554
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: 08846B282F20EFC1E787E116CE4BEF6D
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: F5B0F58DC22F060B4BF9BB4C20177502
Requests: 1 HTTP requests in this frame

Frame: https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
Frame ID: 1F7D701F02A81385B6A4BC39624BDD58
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: F73CE2FEE0B8C013C8176C5E9E2A51AC
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: CDB7C4549385604E0F4E271652E79879
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&adk=1812271804&adf=3025194257&lmt=1655994239&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994238442&bpp=896&bdt=157&idt=1034&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2534002481060&frm=20&pv=2&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1052
Frame ID: 4D6F4F563D6C763CCD65AC61D0A65A5E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=9595405333&adk=4090938585&adf=3574913033&pi=t.ma~as.9595405333&w=1110&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239338&bpp=20&bdt=1054&idt=162&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BQrdBXCH7l&p=https%3A//metabenefit.com&dtd=166
Frame ID: 5D4D75162714531E1ED9C41BD3E6329B
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=3524117708&adk=2953055837&adf=1369198949&pi=t.ma~as.3524117708&w=825&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=825x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239365&bpp=1&bdt=1080&idt=144&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=MxnjiNrOAL&p=https%3A//metabenefit.com&dtd=147
Frame ID: ECF6810DDE1A59277848EE03494D193B
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: 1BA0C244FF4503FA66E47F50FEAFAB3D
Requests: 1 HTTP requests in this frame

Frame: https://static-only.metabenefit.com/static/svg/external-link.svg
Frame ID: 3DC7D8D80F351409E6CF19D7852E9616
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn&co=aHR0cHM6Ly9tZXRhYmVuZWZpdC5jb206NDQz&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&cb=gh2p8qb1ykeg
Frame ID: 69099AEB340C333E6AF6937E429578FD
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10
Frame ID: 19C486FCE713D1C8F4B9C7C8ACC21341
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1
Frame ID: D2A1AD946A65B6F6E1FAF8AC20BD2E37
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1
Frame ID: 2676FD16C969F33BBCEB31DCBF8EE08D
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 0B9014CECF75C89C15C982F86CF96F71
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B2AC1319A7E4DF426287A637A741FABE
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html
Frame ID: ED040B785EE19BF526A111DF7898AA98
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CkuN-f3e0YpjAI9mSygWWlqKACsnautRm0v3z2K0O3NkeEAEguf-mEmCV-qeCsAegAfGi0L8CyAEJqQLCBOjcBqSxPqgDAcgDSKoE_AFP0GAhQSIae9j1VUXLDyJAfuIkeJCGf3U0wz1Ioz61duvBr6nO0mQN37VKRcBsPU6kw8nasNlEQTHT8dSXFWBVdt54588NbfpJRxor5MdZB92pkMDmHvxHQFopAlLzvTDbSPYmQe9FtlLrCD7buBM6Az5nVJRy0QzSSukHkmwPkt9-fSSwuV8qrSz0bh26d97-ydaKg-aBnqis9-7cBL_6m103-8aTZ0CvpkYPBFphSVxlSIn2dVZ4oYazhBvjz7kmEyQjDGW-qGTMB6CII69cHMJ79_chwqyf55gI1X49glrXlDZmuoQWbi4hXMLiR1nfi3VIDvhmi-3UBJ_ABNGdnLbiA5IFBAgEGAGSBQQIBRgEoAYugAf33K_AAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENeEGNIICQiA4YBwEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi02MDI0NDc3MzMzMTk4ODM3GAA&sigh=INuP6ZBkqek&uach_m=[UACH]&template_id=419
Frame ID: E25406EE035D873B8439E5B34A45F305
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B87C77F08C2E3EA69BE9D0EE2270B5B7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: A21E165D90F0228A3F7F946585C81842
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C691FFDF02B9357C37AF351D94B46FDF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: 1E492B62A47E624682B69BC2C98F8581
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: 419B89DB24D6A6DCB40BC3B0237DDFC7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4D9C5A22DC85E4B01BB946B3DA940A5C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: B0AC3206302A9110386515A1F23EACB4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 204D369AB45EBCAC52B34D9340DF31E8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D24551952FA77A03B62C9F3271E46418
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cs Direct Net - Login - Credit Suisse Direct / CSX

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

118
Requests

94 %
HTTPS

77 %
IPv6

11
Domains

16
Subdomains

13
IPs

3
Countries

1861 kB
Transfer

5073 kB
Size

9
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://direct.credit-suisse.com/
Title: Login - Credit Suisse Direct / CSX

Search URL Search Domain Scan URL

URL: https://www.credit-suisse.com/ch/en/private-clients/account-cards/services/online-mobile-banking.html
Title: Online & Mobile Banking | Credit Suisse Switzerland

Search URL Search Domain Scan URL

URL: https://www.credit-suisse.com/microsites/csdirect/en.html?WT.i_short-url=%2Fdirect&WT.i_target-url=%2Fmicrosites%2Fcsdirect%2Fen.html
Title: Credit Suisse Direct

Search URL Search Domain Scan URL

URL: https://direct.credit-suisse.com/dn/c/cls/auth?language=it
Title: Login - Credit Suisse Direct / CSX

Search URL Search Domain Scan URL

URL: https://direct.credit-suisse.com/dn/c/cls/auth?language=de
Title: Login - Credit Suisse Direct / CSX

Search URL Search Domain Scan URL

URL: https://www.credit-suisse.com/ch/de/privatkunden/konto-karten/services/online-mobile-banking.html
Title: Online Banking - eBanking & Mobile Banking | Credit Suisse Schweiz

Search URL Search Domain Scan URL

URL: https://www.credit-suisse.com/ch/it/clienti-privati/conto-carte/servizi/online-mobile-banking.html
Title: Online & Mobile Banking | Credit Suisse Svizzera

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://d1irhuf3z5u61l.cloudfront.net/static/public/css/cbase.12a6ece7.css HTTP 308
https://static-only.metabenefit.com/static/public/css/cbase.12a6ece7.css

Request Chain 4

https://direct.credit-suisse.com/ HTTP 302
https://direct.credit-suisse.com/dn/c/cls/auth HTTP 302
https://direct.credit-suisse.com/cookie-check?trg=F3Qm9vbw1rmOJqOUFXBmuZklg3GpjdyC1rLXgogQQ_faG0Li7uHaZiifVKlwtskFoTH3bbmRbe5bVZDyvPMizw$$ HTTP 302
https://direct.credit-suisse.com/cookie-check/cs/CookieCheckError.html?trg=-9mL71iQT70aX8EycZUeD2rzl-KwIet-Wa1cKF-iwEA$

Request Chain 5

https://d1irhuf3z5u61l.cloudfront.net/static/public/js/cbase.d41abcf9.js HTTP 308
https://static-only.metabenefit.com/static/public/js/cbase.d41abcf9.js

Request Chain 6

https://d1irhuf3z5u61l.cloudfront.net/static/js/cookieconsent_old.min.js HTTP 308
https://static-only.metabenefit.com/static/js/cookieconsent_old.min.js

Request Chain 19

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 21

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 22

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 24

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 25

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 33

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 34

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg HTTP 308
https://static-only.metabenefit.com/static/svg/external-link.svg

Request Chain 88

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 104

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 108

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 110

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 116

https://d1irhuf3z5u61l.cloudfront.net/static/css/cookieconsent_old.min.css HTTP 308
https://static-only.metabenefit.com/static/css/cookieconsent_old.min.css

118 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cs-direct-net Show response
metabenefit.com/v/ 139 KB
85 KB 711ms
472ms Document
text/html 5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://metabenefit.com/v/cs-direct-net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),

Reverse DNS

static.2.63.161.5.clients.your-server.de

Software

Caddy gunicorn/20.0.4 /

Resource Hash

20f735245cd30b9799da2ecd28d9628cff5960f26776bf591cae335667137cfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=432000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 23 Jun 2022 14:23:57 GMT
server: Caddy gunicorn/20.0.4
strict-transport-security: max-age=432000
vary: Cookie Accept-Encoding

GET
H2

200

cbase.12a6ece7.css
static-only.metabenefit.com/static/public/css/
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/public/css/cbase.12a6ece7.css
https://static-only.metabenefit.com/static/public/css/cbase.12a6ece7.css

155 KB
26 KB

637ms
399ms

Stylesheet
text/css

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/public/css/cbase.12a6ece7.css
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: 46b413c88e9bdf0205b930e7baf8152e2ff4e9973165f5b765eb5cb0a9836e2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:58 GMT
content-encoding: gzip
last-modified: Sun, 28 Feb 2021 00:01:43 GMT
server: Caddy, Caddy
etag: "qp7pev3ebm"
vary: Accept-Encoding
content-type: text/css; charset=utf-8

Redirect headers

date: Thu, 23 Jun 2022 14:23:58 GMT
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
location: https://static-only.metabenefit.com/static/public/css/cbase.12a6ece7.css
content-length: 0
x-amz-cf-id: QPh7vt_Jg2KgZUcF1LmrSs_lbKVJbdSSalWW5Uayk_isLu9YqSWHdQ==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 165 KB
56 KB 107ms
40ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6024477333198837

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25ceaa19098d3ffa896379017830bc51d534925bf2604a175e9db75f2c47e387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Origin: https://metabenefit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56526
x-xss-protection: 0
server: cafe
etag: 1296796529905758441
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Jun 2022 14:23:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 87ms
32ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto|Rubik&display=swap

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ebc03471be340e27a10a1af6b8d997a957127df1a61ce7b961bf44613f601cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 14:23:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 23 Jun 2022 14:23:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Jun 2022 14:23:58 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
55 KB 132ms
83ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0086275b718f55494729d300ca69686ded230235bb628046c33d8ba9ffa7fe5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56358
x-xss-protection: 0
server: cafe
etag: 18062683261855880669
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Jun 2022 14:23:59 GMT

GET
H/1.1

200
OK

CookieCheckError.html
direct.credit-suisse.com/cookie-check/cs/
Redirect Chain

https://direct.credit-suisse.com/
https://direct.credit-suisse.com/dn/c/cls/auth
https://direct.credit-suisse.com/cookie-check?trg=F3Qm9vbw1rmOJqOUFXBmuZklg3GpjdyC1rLXgogQQ_faG0Li7uHaZiifVKlwtskFoTH3bbmRbe5bVZDyvPMizw$$
https://direct.credit-suisse.com/cookie-check/cs/CookieCheckError.html?trg=-9mL71iQT70aX8EycZUeD2rzl-KwIet-Wa1cKF-iwEA$

0
0

43ms
43ms

Other
text/html

198.240.216.40
Credit Suisse Group

General

Check archive.org

Show headers Download Go to

Full URL: https://direct.credit-suisse.com/cookie-check/cs/CookieCheckError.html?trg=-9mL71iQT70aX8EycZUeD2rzl-KwIet-Wa1cKF-iwEA$
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: HTTP/1.1
Server: 198.240.216.40 , Switzerland, ASN8729 (Credit Suisse Group, CH),
Reverse DNS: claridenleu.directnet.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Redirect headers

Date: Thu, 23 Jun 2022 14:23:59 GMT
X-Content-Type-Options: nosniff
Server: Credit Suisse Entry Server
X-Frame-Options: sameorigin
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Location: https://direct.credit-suisse.com/cookie-check/cs/CookieCheckError.html?trg=-9mL71iQT70aX8EycZUeD2rzl-KwIet-Wa1cKF-iwEA$
X-Permitted-Cross-Domain-Policies: none
Cache-Control: no-store, no-cache, must-revalidate
Content-Security-Policy: default-src dnmb: 'self' *.credit-suisse.com *.employee-shares.com; script-src dnmb: 'self' 'unsafe-inline' 'unsafe-eval' *.credit-suisse.com *.employee-shares.com; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.employee-shares.com; img-src 'self' data: blob: *.credit-suisse.com *.employee-shares.com; connect-src 'self' wss: ; font-src 'self' data: ; worker-src 'self' blob: dnmb:; child-src 'self' data: blob: dnmb:;
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Robots-Tag: all
Keep-Alive: timeout=15, max=98
Content-Length: 271
X-XSS-Protection: 1; mode=block

GET
H2

200

cbase.d41abcf9.js Show response
static-only.metabenefit.com/static/public/js/
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/public/js/cbase.d41abcf9.js
https://static-only.metabenefit.com/static/public/js/cbase.d41abcf9.js

796 KB
234 KB

734ms
510ms

Script
text/javascript

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/public/js/cbase.d41abcf9.js
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: 5ca35a94f7c60bd9b58d53adbeb39090513a8f249f13a3c9ebe9a3ae114702dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:58 GMT
content-encoding: gzip
last-modified: Sun, 05 Dec 2021 11:19:36 GMT
server: Caddy, Caddy
etag: "r3n3gohgtm"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

Redirect headers

date: Thu, 23 Jun 2022 14:23:58 GMT
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
location: https://static-only.metabenefit.com/static/public/js/cbase.d41abcf9.js
content-length: 0
x-amz-cf-id: scd8fLaEWJlsRYNauQgaymlvHTX8ncWngn6SCSwmcHTOGUxo8hiSgQ==

GET
H2

200

cookieconsent_old.min.js Show response
static-only.metabenefit.com/static/js/
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/js/cookieconsent_old.min.js
https://static-only.metabenefit.com/static/js/cookieconsent_old.min.js

4 KB
2 KB

208ms
208ms

Script
text/javascript

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/js/cookieconsent_old.min.js
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: 190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
last-modified: Sat, 22 Feb 2020 05:27:40 GMT
server: Caddy, Caddy
etag: "q638i43iw"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 1975

Redirect headers

date: Thu, 23 Jun 2022 14:23:59 GMT
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
location: https://static-only.metabenefit.com/static/js/cookieconsent_old.min.js
content-length: 0
x-amz-cf-id: wgbOzgNSjBdL-ItAdVZX2JYlkeYaiIgW6ur2iVnmNNgrB6cSpLDxkQ==

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ 339 KB
120 KB 78ms
50ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6024477333198837&plah=metabenefit.com&bust=31068167

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6024477333198837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce83deef9eb7860fe4254d97cee1e97a5c925dd95adaee9dbbe2444a4f31726d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122381
x-xss-protection: 0
server: cafe
etag: 11599742088050301464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 23 Jun 2022 14:23:59 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/ Frame D33F 10 KB
5 KB 74ms
23ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6024477333198837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 70735
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Jun 2022 18:45:03 GMT
etag: 8616628553774171045
expires: Wed, 06 Jul 2022 18:45:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 matomo.js Show response
track.metabenefit.com/ 60 KB
21 KB 646ms
408ms Script
text/javascript 5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.metabenefit.com/matomo.js
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: d14787e0b55b599553fda8b517a2a441bbcb78e826a0625193850e9f9373be89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
last-modified: Mon, 01 Mar 2021 05:24:36 GMT
server: Caddy, Caddy
etag: "qp9z101bqv"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 75ms
23ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Rubik&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://metabenefit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:07:47 GMT
x-content-type-options: nosniff
age: 270972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:07:47 GMT

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2
fonts.gstatic.com/s/rubik/v20/ 17 KB
17 KB 80ms
28ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Rubik&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7b004c8d1e652b1842dab8c0c30bcd19b2e3a44f120abc72d22d13d7786d94b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://metabenefit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 19:29:40 GMT
x-content-type-options: nosniff
age: 68059
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17188
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:44:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 19:29:40 GMT

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56753a87b73bd8dc2828e2ba4821ef1876ec2a2815aacee716e902776b87368e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c8594b0e2d1918019998da2cc34ff69681ce6ee6008d3646f0be59bd6dd68e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 382190524621819740fc7e9746714a87a0a584bb39e4925c45e5034e9f317356

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef3bf70d129a6af00735bbfa7676ac7aeeb11b786479d03fba0ad0f6f063b333

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 276b55fe437545373492ffe08875019560192c4781346d8a04847a0324c6898c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 490c519c3bbc7938837ec267d96ac4b22c78b34765cfaabd6fc8d206fbd9f6e0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 385611b9440797feafadb200dde8edb4f01f152fa3e0b89cdcd837549350fce8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpg

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame 6482
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
463 B

205ms
205ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:23:59 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: PQA79De_gjsHybPrAgq67ldWHY_smgxcYX6MsaJiXoGjBrRYVsgLRQ==
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront

GET external-link.svg
d1irhuf3z5u61l.cloudfront.net/static/svg/ Frame 609F 0
0

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame 0884
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
437 B

207ms
205ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: rQZZJ54nENor9E7PIv0CAbK9AeKrexHED9lJNvsjiaF6f9VhAFnH9A==
x-amz-cf-pop: FRA56-P7
x-cache: Hit from cloudfront

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame F5B0
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
414 B

207ms
206ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: rruDC91hmigeMFeEMSe7NYooHOaLVdj8AzNzAsa07cFE5DG0KsrESA==
x-amz-cf-pop: FRA56-P7
x-cache: Hit from cloudfront

GET external-link.svg
d1irhuf3z5u61l.cloudfront.net/static/svg/ Frame 1F7D 0
0

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame F73C
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
414 B

302ms
301ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: MedA68uRlh6wNz-EORhlebAx0X64nT_N7yyARZQdwLN0DoOjYGVHhg==
x-amz-cf-pop: FRA56-P7
x-cache: Hit from cloudfront

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame CDB7
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
414 B

300ms
299ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: lndjnZaPzD73C5LhU-GhG08gqOMcpQNawsVujiZJECQceea7P23Acw==
x-amz-cf-pop: FRA56-P7
x-cache: Hit from cloudfront

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
645 B 98ms
32ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=metabenefit.com&callback=_gfp_s_&client=ca-pub-6024477333198837

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6024477333198837&plah=metabenefit.com&bust=31068167

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

fa4ad7c1a844c181b505275dfadf5c31d0386b241940ae7e7dac7611e783166a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 201
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 89ms
31ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=metabenefit.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 95ms
31ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=metabenefit.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4D6F 229 KB
60 KB 498ms
454ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&adk=1812271804&adf=3025194257&lmt=1655994239&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994238442&bpp=896&bdt=157&idt=1034&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2534002481060&frm=20&pv=2&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1052

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a924ad62d9569c2fb554b64309f4c5abecfafb9e433081625117bb1658c722e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 61761
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:23:59 GMT
expires: Thu, 23 Jun 2022 14:23:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5D4D 81 KB
29 KB 606ms
572ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=9595405333&adk=4090938585&adf=3574913033&pi=t.ma~as.9595405333&w=1110&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239338&bpp=20&bdt=1054&idt=162&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BQrdBXCH7l&p=https%3A//metabenefit.com&dtd=166

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a00c85f9b7461a4a755c5de07bdb011a6327b89afac53fcd2893fc21e97ffbae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 29187
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame ECF6 127 KB
41 KB 795ms
769ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=3524117708&adk=2953055837&adf=1369198949&pi=t.ma~as.3524117708&w=825&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=825x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239365&bpp=1&bdt=1080&idt=144&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=MxnjiNrOAL&p=https%3A//metabenefit.com&dtd=147

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

987014e9e31be4e2818fb9b79a9aee2e1aed226de6443266e5414a130d7182d9

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNj7maPjw_gCFVmJsgodFosIoA&gqi=f3e0Yvr_IdWO7_UPoOSkKA&layout=/sadbundle/%24csp%253Der3%24/17490472337298647704/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 42053
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNj7maPjw_gCFVmJsgodFosIoA&gqi=f3e0Yvr_IdWO7_UPoOSkKA&layout=/sadbundle/%24csp%253Der3%24/17490472337298647704/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
996 B 87ms
35ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn

Requested by

Host: d1irhuf3z5u61l.cloudfront.net
URL: https://d1irhuf3z5u61l.cloudfront.net/static/public/js/cbase.d41abcf9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f5da9d222673ec7ac3eecbb70090fb09e5505ee57a0176cb449e303196c84411

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 583
x-xss-protection: 1; mode=block
expires: Thu, 23 Jun 2022 14:23:59 GMT

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame 1BA0
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
414 B

301ms
300ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: eJGwoUkCtsi8ZQTZvWBe85r02N5WsWe5mOe4ZiIscpb2lEB6ODjQCw==
x-amz-cf-pop: FRA56-P7
x-cache: Hit from cloudfront

GET
H2

200

external-link.svg Show response
static-only.metabenefit.com/static/svg/ Frame 3DC7
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg
https://static-only.metabenefit.com/static/svg/external-link.svg

388 B
414 B

301ms
301ms

Document
image/svg+xml

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/svg/external-link.svg
Requested by: Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy Caddy /
Resource Hash: a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 388
content-type: image/svg+xml
date: Thu, 23 Jun 2022 14:24:00 GMT
etag: "q3jrmuas"
last-modified: Fri, 03 Jan 2020 20:01:42 GMT
server: Caddy Caddy

Redirect headers

content-length: 0
date: Thu, 23 Jun 2022 14:23:59 GMT
location: https://static-only.metabenefit.com/static/svg/external-link.svg
server: Caddy
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-id: POUTJxEPgsantBvyj4ZE4MWUxZmwt_fgm5wH1xm2qmNuq-a4CBbxGg==
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ 366 KB
145 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Origin: https://metabenefit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:18:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148046
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 14:18:40 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 6909 42 KB
22 KB 86ms
40ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn&co=aHR0cHM6Ly9tZXRhYmVuZWZpdC5jb206NDQz&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&cb=gh2p8qb1ykeg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

818f58e6d42e5e922b212f2520d9f2b0ac36dd165ed0ec09eeed8e271b1b5c89

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oVDAf3_iRlADSdDPSEjtOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22091
content-security-policy: script-src 'report-sample' 'nonce-oVDAf3_iRlADSdDPSEjtOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ 149 KB
53 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/reactive_library_fy2019.js?bust=31068167

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0deaa6776a82164eb72d0b859f0750a5a1a544b3d2ab771d251810885697ffa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54403
x-xss-protection: 0
server: cafe
etag: 8549741751805535596
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 79ms
32ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=metabenefit.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 74ms
30ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=metabenefit.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 19C4 80 KB
30 KB 445ms
444ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a5e25da11dfb00d57f6442f3f9bc58677a97a6cc3007d6c8f0b283856d4769f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 30195
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 6909 51 KB
24 KB 73ms
26ms Stylesheet
text/css 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn&co=aHR0cHM6Ly9tZXRhYmVuZWZpdC5jb206NDQz&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&cb=gh2p8qb1ykeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:42:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 13:42:36 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 6909 366 KB
145 KB 71ms
24ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:18:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148046
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Jun 2023 14:18:40 GMT

POST
H2 204 matomo.php
track.metabenefit.com/ 0
120 B 314ms
314ms Ping
text/html 5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.metabenefit.com/matomo.php?action_name=Cs%20Direct%20Net%20-%20Login%20-%20Credit%20Suisse%20Direct%20%2F%20CSX&idsite=2&rec=1&r=641997&h=14&m=24&s=0&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&_id=fa7e947b6605b768&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&dimension1=10-50&pv_id=jZgxJO&pf_net=240&pf_srv=471.5&pf_tfr=228.5
Requested by: Host: track.metabenefit.com
URL: https://track.metabenefit.com/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://metabenefit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://metabenefit.com
date: Thu, 23 Jun 2022 14:24:00 GMT
access-control-allow-credentials: true
server: Caddy, Caddy
status: 204 No Response
content-type: text/html; charset=UTF-8

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/ Frame D2A1 10 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 03:54:15 GMT
etag: 8616628553774171045
expires: Thu, 07 Jul 2022 03:54:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/ Frame 2676 10 KB
4 KB 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 03:54:15 GMT
etag: 8616628553774171045
expires: Thu, 07 Jul 2022 03:54:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 5D4D 6 KB
672 B 78ms
31ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=9595405333&adk=4090938585&adf=3574913033&pi=t.ma~as.9595405333&w=1110&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239338&bpp=20&bdt=1054&idt=162&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BQrdBXCH7l&p=https%3A//metabenefit.com&dtd=166

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 14:20:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 23 Jun 2022 14:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 5D4D 2 KB
983 B 95ms
41ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:12:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:12:43 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 5D4D 21 KB
9 KB 75ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:01:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 3673595682727343497
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:01:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 5D4D 3 KB
1 KB 91ms
41ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:38:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D4D 137 KB
43 KB 124ms
43ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 5D4D 17 KB
7 KB 78ms
24ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:52:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:52:09 GMT

GET
H3 200 10f77a9ed5e9dbc13462adf17b625271.js Show response
www.gstatic.com/mysidia/ Frame 5D4D 31 KB
13 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/10f77a9ed5e9dbc13462adf17b625271.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f570d3cfc5df9a889452f6a2e8ea3ea6c3e6691824d54106d8928efc3abf8600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12964
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 22:50:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Sep 2022 13:56:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5D4D 0
0 67ms
67ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWW-kf3e0YtWEI7aA1fAPxYGBgAnFqKrfaonBw82vENzZHhABILn_phJglfqngrAHoAGozsaNA8gBCakCompz536bsT6oAwHIA8sEqgTVAU_Q9LOg_GZChQmV6kZe-NsCh8-OvEzHszijIO0-YSpyD10vZ9SKcUkyZNgvFqJQtsAiFz8aOqBEHqrhAC3J52ZGbynm7ONRPIwUWmd7kuGcHvZB8VsiZtdApKxe0yd8y79A4P7GTrHrlO889DK5ROlOZIKJKHHWs4KOWH-B5QpIOCyrlvHO4bIG3Vk0u_ymto1-kma_ejbD1p2WGpNplh1zl1L0l0JPUuoX_8cl72-UONrA4bEveqRUhtpi4O7tViqmtH6DrIsz7C33OULRD79Z-4dFPMAEnY_BsfsDkgUECAQYAZIFBAgFGASgBi6AB8CxuXKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCr3hLSCAkIgOGAcBABGB-ACgHICwG4E-QD2BMM0BUBmBYBgBcBshccChoIABIUcHViLTYwMjQ0NzczMzMxOTg4MzcYAA&sigh=58a93uWMZ1A&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=9595405333&adk=4090938585&adf=3574913033&pi=t.ma~as.9595405333&w=1110&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239338&bpp=20&bdt=1054&idt=162&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=BQrdBXCH7l&p=https%3A//metabenefit.com&dtd=166
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10148193061685785250/ Frame 5D4D 15 KB
15 KB 90ms
43ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10148193061685785250/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfc85b207642f778a4378c93a5de477dd7f2616d9f736a41f23657ea712775e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 10:43:14 GMT
x-content-type-options: nosniff
age: 99646
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15332
x-xss-protection: 0
last-modified: Wed, 08 Jun 2022 09:33:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Jun 2023 10:43:14 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15426567621431639022/ Frame 5D4D 2 KB
2 KB 89ms
42ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15426567621431639022/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6252cfd5b7106b181afcd4afb5c72afd17cb82c97c65c722ed9e18cd615288d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 21 Jun 2022 19:29:56 GMT
x-content-type-options: nosniff
age: 154444
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2114
x-xss-protection: 0
last-modified: Mon, 06 May 2019 14:46:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 21 Jun 2023 19:29:56 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame D2A1 4 KB
636 B 35ms
34ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 14:23:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 23 Jun 2022 14:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D2A1 205 B
229 B 23ms
22ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:28:18 GMT
x-content-type-options: nosniff
age: 3342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 23 Jun 2023 13:28:18 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D2A1 604 B
628 B 24ms
22ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 11:52:44 GMT
x-content-type-options: nosniff
age: 9076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 23 Jun 2023 11:52:44 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/ Frame D2A1 19 KB
8 KB 30ms
27ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:15:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8263
x-xss-protection: 0
server: cafe
etag: 17157773748623750166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:15:13 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2676 0
0 66ms
65ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CykRsf3e0Yq-XI6TUxgOewoyQA6HRxMRpz4i8x6kPwp7YrrMKEAEguf-mEmCV-qeCsAegAePPmb8DyAECqAMByAPJBKoE0gFP0L6bZzgwlFRe8Ga9ENDgt4shhgdjrXW7aHNfQ2wOXTJVBt8ruUDjvZC8vrD30pO8PgKm4BWSCUpKuCzHTgZtaxhu3im1pX6ailNuwUWX5hOavd-v6plx3O_UEus6vUrG574FA81RxnMiAIh2FEJ_dq8izid5idlFhBwjwhGcWIkABXr5YAUVzowazc4nrUxB1FTi9cQwECg8fkK1YPsdly0-o3BykiGeWq1yea1PCDbyjs2LtIG-kJmx7GtwZVDqY7HkB8DJYav7HvL-qqng37zABJDCq8LbApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAfd9pMwqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ-Ogh0ggJCIDhgHAQARgfgAoByAsB2BMK0BUBgBcBshccChoIABIUcHViLTYwMjQ0NzczMzMxOTg4MzcYAA&sigh=t4w33K7uv0Y&uach_m=[UACH]

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 2676 21 KB
9 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:01:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 3673595682727343497
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:01:16 GMT

GET
H2 200 4710562919261446122
tpc.googlesyndication.com/simgad/ Frame 2676 27 KB
27 KB 54ms
53ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4710562919261446122?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlmzlJWe9YkVa7P1u8dO7ImHNuEfQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

363ec5d13018d84e12db74fb6eae70c5b9b06f0738c36ed8bf188785df9f658c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 08:50:21 GMT
x-content-type-options: nosniff
age: 106419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27982
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 12:18:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Jun 2023 08:50:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 2676 3 KB
1 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:38:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2676 137 KB
42 KB 93ms
70ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 2676 17 KB
7 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:52:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:52:09 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 2676 31 KB
13 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b646046bdeb2be0b6b891bdbaf638b9ffa022cd42dc7907d04a431471cb60a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 06:03:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12864
x-xss-protection: 0
server: cafe
etag: 4287797001720200766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 06:03:23 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 6909 102 B
132 B 30ms
30ms Other
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

36bc338d4454d68ba19d0b4ad84e5b9bd5cc04d8f1f97d0a6481a8044b76fa95

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeIk-AUAAAAAO0kwrAjOBYavrcD1xsrCoqtGjMn&co=aHR0cHM6Ly9tZXRhYmVuZWZpdC5jb206NDQz&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&cb=gh2p8qb1ykeg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 1; mode=block
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
DATA 200
OK truncated
/ Frame 5D4D 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1237ebca9e953fe8fac0f9fb790deab5f73746be5158c4ff7221daad37c9ce6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 0B90 8 KB
893 B 34ms
34ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 12:51:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 23 Jun 2022 14:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 0B90 2 KB
902 B 71ms
26ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:12:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:12:43 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 0B90 21 KB
8 KB 72ms
28ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 3673595682727343497
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:17:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 0B90 3 KB
1 KB 80ms
35ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1007
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:07:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0B90 137 KB
42 KB 77ms
33ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 0B90 17 KB
7 KB 79ms
35ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:55:35 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 0B90 31 KB
13 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 00:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Sep 2022 00:25:33 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B2AC 143 B
163 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:08:25 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5D4D 15 KB
15 KB 84ms
37ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 268603
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:47:17 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5D4D 15 KB
16 KB 68ms
23ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 08:44:49 GMT
x-content-type-options: nosniff
age: 106751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 08:44:49 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5D4D 15 KB
15 KB 72ms
28ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:07:47 GMT
x-content-type-options: nosniff
age: 270973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 11:07:47 GMT

GET
DATA 200
OK truncated
/ Frame 2676 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e06b7c7343d64d68b4bed5e6998e94521026ad796c6098a0516e49f51ae23172

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/ Frame ED04 95 KB
20 KB 23ms
23ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdacfe1f3ed7d80815826f3efa2f1b3b50a0111f54ffb0871b51399c2faf712d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 54146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20922
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Jun 2022 23:21:34 GMT
expires: Thu, 22 Jun 2023 23:21:34 GMT
last-modified: Mon, 22 Nov 2021 12:50:36 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E254 0
0 66ms
66ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CkuN-f3e0YpjAI9mSygWWlqKACsnautRm0v3z2K0O3NkeEAEguf-mEmCV-qeCsAegAfGi0L8CyAEJqQLCBOjcBqSxPqgDAcgDSKoE_AFP0GAhQSIae9j1VUXLDyJAfuIkeJCGf3U0wz1Ioz61duvBr6nO0mQN37VKRcBsPU6kw8nasNlEQTHT8dSXFWBVdt54588NbfpJRxor5MdZB92pkMDmHvxHQFopAlLzvTDbSPYmQe9FtlLrCD7buBM6Az5nVJRy0QzSSukHkmwPkt9-fSSwuV8qrSz0bh26d97-ydaKg-aBnqis9-7cBL_6m103-8aTZ0CvpkYPBFphSVxlSIn2dVZ4oYazhBvjz7kmEyQjDGW-qGTMB6CII69cHMJ79_chwqyf55gI1X49glrXlDZmuoQWbi4hXMLiR1nfi3VIDvhmi-3UBJ_ABNGdnLbiA5IFBAgEGAGSBQQIBRgEoAYugAf33K_AAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENeEGNIICQiA4YBwEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi02MDI0NDc3MzMzMTk4ODM3GAA&sigh=INuP6ZBkqek&uach_m=[UACH]&template_id=419

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=3524117708&adk=2953055837&adf=1369198949&pi=t.ma~as.3524117708&w=825&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=825x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239365&bpp=1&bdt=1080&idt=144&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=MxnjiNrOAL&p=https%3A//metabenefit.com&dtd=147
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame E254 21 KB
8 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=3524117708&adk=2953055837&adf=1369198949&pi=t.ma~as.3524117708&w=825&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=825x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239365&bpp=1&bdt=1080&idt=144&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=MxnjiNrOAL&p=https%3A//metabenefit.com&dtd=147

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 3673595682727343497
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:17:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame E254 3 KB
1 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1007
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:07:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E254 137 KB
42 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame E254 17 KB
7 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:55:35 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B87C 143 B
163 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:08:25 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B2AC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

62ms
61ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame A21E 35 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame ED04 2 KB
529 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:500

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

60d223b366353445c3ac8665f6b6700db6cc91c8d7f95fbb6138b4ae704c10a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 13:17:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 23 Jun 2022 14:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame ED04 16 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 23:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 23 Jun 2022 23:28:27 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame ED04 26 KB
10 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 16:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79818
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 23 Jun 2022 16:13:42 GMT

GET
H3 200 16302109029564430968
tpc.googlesyndication.com/simgad/ Frame 19C4 24 KB
24 KB 25ms
24ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16302109029564430968?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkPVjUT3NBJMYOcRYrHExbMLEg14g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81350c5db25685f3b5a8d695227313f31268d6be77ce12ccdec5f0fcbfd3781b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 06:32:56 GMT
x-content-type-options: nosniff
age: 287464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24999
x-xss-protection: 0
last-modified: Thu, 14 Nov 2019 09:18:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 20 Jun 2023 06:32:56 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 19C4 21 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 3673595682727343497
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:17:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 19C4 3 KB
1 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1007
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 14:07:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 19C4 137 KB
42 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 19C4 17 KB
7 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 13:55:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 19C4 0
0 31ms
31ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRh_tgebNOq1ymCsCqe9QjJdq-GL9bJEMd-ut19rvSGvYICQ71lVA1fxcCRkuIVx293EtJn
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/ Frame 19C4 31 KB
13 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220616/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b646046bdeb2be0b6b891bdbaf638b9ffa022cd42dc7907d04a431471cb60a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 06:03:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12864
x-xss-protection: 0
server: cafe
etag: 4287797001720200766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Jul 2022 06:03:23 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C691 143 B
163 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=280&slotname=3524117708&adk=2953055837&adf=1369198949&pi=t.ma~as.3524117708&w=825&fwrn=4&fwrnh=100&lmt=1655994239&rafmt=1&psa=0&format=825x280&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994239365&bpp=1&bdt=1080&idt=144&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=MxnjiNrOAL&p=https%3A//metabenefit.com&dtd=147
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:08:25 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E254 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a42bc9eacb3f7048f6925c605fd10c8739d45f5d4247901ab88c580701cd1fb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E49 35 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 19C4 0
0 63ms
63ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGAArgHe0YpTlBcbPywWEhqeACvfQlclq5sSP_e0P3NkeEAEguf-mEmCV-qeCsAegAa7gk6MDyAECqQKianPnfpuxPqgDAcgDyQSqBNQBT9AXKM9T0frqGB-t4LsLiExSuFWERn0fuZWVp0ad9IAD682f-X6xo6eK9zH8jvY9wuo0qzKi4wEPOamjMFH8EeYD6p4lIXs1yMyeoOUjgBbOD8ztEoFNxQbcEzDcS8mQjWD8egzvELu4UjKbQ6B5jj5EznRHTcj2JbZroQEg4AsdN9QtjdGjtAiX4we1U8n7AMNvMy7YKijd7AvK3kAQ8tBYgrOKAMcxsyXIoGsBtJ-MVukvHzdkGSZObg2Wq4VNsU8QMyzLphdpq5Zhz__rtp8D1w7ABOb4p5L2A5IFBAgEGAGSBQQIBRgEoAYCgAe6n-xcqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQwf8V0ggRCIDhgHAQARgfMgLrAjoCgECACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNjAyNDQ3NzMzMzE5ODgzNxgA&sigh=_tNkJrbI6N8&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B87C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

100ms
100ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 419B 35 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: metabenefit.com
URL: https://metabenefit.com/v/cs-direct-net

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4D9C 143 B
163 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024477333198837&output=html&h=259&adk=1376253801&adf=4159685414&pi=t.aa~a.1667047649~rp.4&w=825&lmt=1655994240&nsk=6b70421&rafmt=11&pwprc=8021995431&psa=0&ad_type=text_image&format=825x259&url=https%3A%2F%2Fmetabenefit.com%2Fv%2Fcs-direct-net&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655994240038&bpp=1&bdt=1753&idt=1&shv=r20220616&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc88ae62927e92252-22d2079ffcd200c6%3AT%3D1655994239%3ART%3D1655994239%3AS%3DALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ&prev_fmts=0x0%2C1110x280%2C825x280&nras=2&correlator=2534002481060&frm=20&pv=1&ga_vid=208547157.1655994239&ga_sid=1655994239&ga_hid=62857051&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1757&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068167&oid=2&pvsid=4104298119976664&tmod=1369120726&uas=0&nvt=1&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=lpLjd8OrMZ&p=https%3A//metabenefit.com&dtd=10
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:08:25 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v24/ Frame ED04 12 KB
12 KB 22ms
22ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v24/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1fc21927293f00261a8795efadbdfa16d14521479402d72328c00482a6ba6b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 21 Jun 2022 17:12:00 GMT
x-content-type-options: nosniff
age: 162720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12748
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 14:37:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Jun 2023 17:12:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C691
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

71ms
70ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
expires: Thu, 23 Jun 2022 14:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 19C4 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 71ba1ab0b581fc82e277e5e9231c47fca32d2c738bccb03bc1e00e8b5250293f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4D9C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

74ms
74ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:01 GMT
expires: Thu, 23 Jun 2022 14:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Jun 2022 14:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame B0AC 35 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame ED04 35 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 200 Bock.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/ Frame ED04 5 KB
5 KB 24ms
23ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/Bock.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01abe74aeee65951cf4cbb619765d55c557d561ac48a63eb808f83276d97356a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 402978
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 12:50:36 GMT
server: sffe
date: Sat, 18 Jun 2022 22:27:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Jun 2023 22:27:42 GMT

GET
H3 200 V_Check_Logo_RGB_V01_klein_Kopie_3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/ Frame ED04 7 KB
7 KB 28ms
27ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/V_Check_Logo_RGB_V01_klein_Kopie_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bef1f85551e5d35e2c96994b13906a095fe7fa60606bf14c8e031bdd7b169ff9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 402978
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7028
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 12:50:36 GMT
server: sffe
date: Sat, 18 Jun 2022 22:27:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Jun 2023 22:27:42 GMT

GET
H3 200 Siegel.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/ Frame ED04 17 KB
17 KB 24ms
24ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17490472337298647704/Siegel.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c0148c8c95e6d0722500d254f23ec36f52ab7e8f3062b6a3d39900ac5e3155b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 402978
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17849
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 12:50:36 GMT
server: sffe
date: Sat, 18 Jun 2022 22:27:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Jun 2023 22:27:42 GMT

GET
H2

200

cookieconsent_old.min.css
static-only.metabenefit.com/static/css/
Redirect Chain

https://d1irhuf3z5u61l.cloudfront.net/static/css/cookieconsent_old.min.css
https://static-only.metabenefit.com/static/css/cookieconsent_old.min.css

3 KB
941 B

206ms
206ms

Stylesheet
text/css

5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-only.metabenefit.com/static/css/cookieconsent_old.min.css
Protocol: H2
Server: 5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS: static.2.63.161.5.clients.your-server.de
Software: Caddy, Caddy /
Resource Hash: 3f61628161b0a03b78db134ab16c8af86081f71c3d27bd256ce9947722f48fc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:01 GMT
content-encoding: gzip
last-modified: Sat, 27 Feb 2021 15:22:28 GMT
server: Caddy, Caddy
etag: "qp71dg2bt"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
content-length: 853

Redirect headers

date: Thu, 23 Jun 2022 14:24:01 GMT
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
location: https://static-only.metabenefit.com/static/css/cookieconsent_old.min.css
content-length: 0
x-amz-cf-id: NQseExcIcd_xAZoreb-UStKnhJkiy3T3f4h3V_aGn1iutLhxR7YbMA==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 81ms
37ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220616&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7c67fda6174b50706f513408c9ad87f27469184200fe0cb2115aeaa6a282f2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 23 Jun 2022 14:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10613
x-xss-protection: 0

GET
H2 200 track
metabenefit.com/ 0
118 B 360ms
360ms Image
text/html 5.161.63.2
HETZNER-CLOUD2-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metabenefit.com/track?l=xuAigt5rxCs_XAkh7G9afHcn1r22cXYF8zT-kzj5gVwVyYnaUMDtm0bddmfzsOJYqn1UZiXHIs72DWpitRv1dC5EZGNONlNWaUxzSkVhZFhoOEVpSEhQYnZMN3M%3D&r=&width=1600&height=1200&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.53%20Safari%2F537.36&hl=2&ce=y&uv=1&rv=0&f=1208281876&adp=y&adblp=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

5.161.63.2 , United States, ASN213230 (HETZNER-CLOUD2-AS, DE),

Reverse DNS

static.2.63.161.5.clients.your-server.de

Software

Caddy, gunicorn/20.0.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=432000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/v/cs-direct-net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:01 GMT
server: Caddy, gunicorn/20.0.4
content-length: 0
strict-transport-security: max-age=432000
content-type: text/html; charset=utf-8

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Jun 2022 14:24:01 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 204D 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2451
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 13:43:10 GMT
expires: Fri, 23 Jun 2023 13:43:10 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D245 783 B
534 B 31ms
31ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

218baf5f9799fd3e86dddf8c1b27ad4c8d10cd9d7e48b29e90748d7531b00391

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X5yQO8EOtfHllpzmUdpvwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metabenefit.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-X5yQO8EOtfHllpzmUdpvwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 23 Jun 2022 14:24:01 GMT
expires: Thu, 23 Jun 2022 14:24:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 204D 35 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 13:56:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Jun 2023 13:56:16 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D245 0
0 64ms
63ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220616&jk=4104298119976664&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 204D 0
9 B 26ms
26ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bGbnyQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 14:24:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2676 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvslUR_K_Ozp3SbnJFpZpr6_ngNLM94vyUxIaVZOk7bWq6iK8esziMztrsSCDAOtwRMFFYYIemA8cmF5ATlq9MOPrbEe1Q2dAo46PP67gee72r6w0cDUHeNkzWLeZI&sai=AMfl-YTtF1N_JjhSOMcWXs1oa0p9H7V-mNFIag_enW5Mj5tsnepDq2bVBlWcOyibtCPUrCuEHTqN-b9kQLuu&sig=Cg0ArKJSzOkTsUHUDvP4EAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=108,750,1000,1059,1101&tos=108,642,250,59,42&v=20220622&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1655994240107&rpt=296&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jun 2022 14:24:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5D4D 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSUs6SUskFq5crtIVHqU3v9AELe48fTwpXupyJWj34EoF1oK8AQBg1zZh6JuOdKbyV8N1gOZTOub9EQiVEodo1C6Ow-3_H6aZOX_tNP_aPaUsgnXk0UHPdpUkSUtA&sai=AMfl-YSfo0nggEtG7x-lJfx2CYhmtctQOeeHhvFHj5ts9KTg-uKJip_3UiP47WcW-ttZZFCqYluI4PQiYlPj&sig=Cg0ArKJSzKRmokWaW5G1EAE&id=lidar2&mcvt=1000&p=0,0,280,1110&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4090938585&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1655994239505&rpt=1045&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Jun 2022 14:24:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
74ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220616&jk=4104298119976664&bg=!Q0ClQATNAAZlcKWdRXA7ACkAdvg8WpcHRmqYOa3uoKDr-R-vpcrEPzHnAlR7iZ-hGW-dsODlK1wMggIAAABDUgAAAAJoAQcKAB2t99RZYGXQdZvXwurzJmfVb0XYtHDLqixhScDn0pkCn-eVn2cuoyUsFjJuh4itNuFZimWXUN5gLffWYqMlhwvFot9w1aPyM40XppJ0qWjOPStBjYkvaNRo0geBCnZ3qp7sKygxmT8Qbu456YUCigZ_UIyXeTx942NdrVnpVLR7pTeDEenprvdUHrkb_T-Xim_ZXr2Fwh0yw_KIS8ZbKVgB5XIsr2ieF06o-4OP7ukgc9TaF4zaQmadNyfj-xEPPfS8Lmgj7ZuVUdx6RN7rmIC7e6X0TEcNzpPrv3w8AV7OAJd8x54GQ4-dvUuM8YE8aSOiC50S8sUJNKl6qXwATvMlKJ5NoH6_v5INSyFOpYv3L4dpmHvNzzRi4uyXQpXdc3S4zMv-YQMb_Td_4MysIjt1mdtUofEYOX5yMNczPpc0jPZzq3tJrh4tI5BnnvLB6Id6d1NwotPA_4KXCkswAhjQ50AoPnjT2Ua4QNfDDVPnIGZqtVqyCb6gsUIbK-ZD_EkL7pyVKKJ3wFixJacSEVYtmUeNMheqPxZXEdyruCNrH-4Z4cHo0Kltzn2-445tOtu7R9DftiJVBnBWTNtybiWM4X9t3KWmui4z1SWpiynhIbgPdCr36-s3p-B9w9fAAhONH4KSBuvoKi7ztNOaegRGGP9CUd2X1q7bJhLni-fHD707gJXFTYQijxCiLoKQQ61NisAjJiuXsvSOG0VDSw0EUJUwDqCM-n3BULc3FTYrkE8_2DWBJ3CVNWFXm9Jhx2A6EV9Ts_gyNh4L73SbQJXrfpZxAsecZwtZRAf6UaGKXTDyd4N4JUfG0qGZRkzbOtJCsEFnSMOG1_UGD7jV1oRxWYuQbTR20fq4fDW2X6-Ps0zDBVyk2z3KXp5SeWVEQKUGonGLd1yejd249WaZcxvVYcp3UWsgdujpWGFRumkp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://metabenefit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d1irhuf3z5u61l.cloudfront.net
URL: https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg

Domain: d1irhuf3z5u61l.cloudfront.net
URL: https://d1irhuf3z5u61l.cloudfront.net/static/svg/external-link.svg

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
metabenefit.com/	1970-01-20 04:07:06	Name: _csrf_token Value: 5b2a033b15ff02d5292d25ab2d4e112bc3bb3fb73e2cd0ec92e4affe710fdc62
metabenefit.com/	1970-01-20 03:59:57	Name: session Value: 952903a4-7f5f-4faa-ab3d-07c67f928bd8
.metabenefit.com/	1970-01-20 13:21:30	Name: __gads Value: ID=c88ae62927e92252-22d2079ffcd200c6:T=1655994239:RT=1655994239:S=ALNI_MYETyG-iMeRdBeB6epWIR7ikMh6BQ
metabenefit.com/	1970-01-20 13:25:49	Name: _pk_id.2.b8ff Value: fa7e947b6605b768.1655994240.
metabenefit.com/	1970-01-20 03:59:56	Name: _pk_ses.2.b8ff Value: 1
.doubleclick.net/	1970-01-20 13:21:30	Name: IDE Value: AHWqTUlMPbbOXvQYu-e4B4k7qnAToplkY_b8JB-AS6Cnl9zL6oszUOKsX3QCNpfJyaw
.doubleclick.net/	1970-01-20 03:59:57	Name: DSID Value: NO_DATA
metabenefit.com/	1970-01-25 20:05:16	Name: _return_vis_log Value: 1
metabenefit.com/	1970-01-20 04:01:20	Name: _vis_log Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=432000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
d1irhuf3z5u61l.cloudfront.net
direct.credit-suisse.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
metabenefit.com
pagead2.googlesyndication.com
partner.googleadservices.com
static-only.metabenefit.com
tpc.googlesyndication.com
track.metabenefit.com
www.google.com
www.googletagservices.com
www.gstatic.com
d1irhuf3z5u61l.cloudfront.net
172.217.18.98
198.240.216.40
2600:9000:2491:3200:16:8bbe:c640:21
2a00:1450:4001:800::2003
2a00:1450:4001:809::200a
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2004
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2002
5.161.63.2
0086275b718f55494729d300ca69686ded230235bb628046c33d8ba9ffa7fe5d
01abe74aeee65951cf4cbb619765d55c557d561ac48a63eb808f83276d97356a
0a924ad62d9569c2fb554b64309f4c5abecfafb9e433081625117bb1658c722e
0deaa6776a82164eb72d0b859f0750a5a1a544b3d2ab771d251810885697ffa1
1237ebca9e953fe8fac0f9fb790deab5f73746be5158c4ff7221daad37c9ce6f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0
20f735245cd30b9799da2ecd28d9628cff5960f26776bf591cae335667137cfc
218baf5f9799fd3e86dddf8c1b27ad4c8d10cd9d7e48b29e90748d7531b00391
25ceaa19098d3ffa896379017830bc51d534925bf2604a175e9db75f2c47e387
276b55fe437545373492ffe08875019560192c4781346d8a04847a0324c6898c
363ec5d13018d84e12db74fb6eae70c5b9b06f0738c36ed8bf188785df9f658c
36bc338d4454d68ba19d0b4ad84e5b9bd5cc04d8f1f97d0a6481a8044b76fa95
382190524621819740fc7e9746714a87a0a584bb39e4925c45e5034e9f317356
385611b9440797feafadb200dde8edb4f01f152fa3e0b89cdcd837549350fce8
3f61628161b0a03b78db134ab16c8af86081f71c3d27bd256ce9947722f48fc7
46b413c88e9bdf0205b930e7baf8152e2ff4e9973165f5b765eb5cb0a9836e2e
490c519c3bbc7938837ec267d96ac4b22c78b34765cfaabd6fc8d206fbd9f6e0
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56753a87b73bd8dc2828e2ba4821ef1876ec2a2815aacee716e902776b87368e
592a588b519b72fbab39bfde9bf9b12fc6a59a380a221578d87c9492e7b16f12
5c0148c8c95e6d0722500d254f23ec36f52ab7e8f3062b6a3d39900ac5e3155b
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c8594b0e2d1918019998da2cc34ff69681ce6ee6008d3646f0be59bd6dd68e9
5ca35a94f7c60bd9b58d53adbeb39090513a8f249f13a3c9ebe9a3ae114702dc
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60d223b366353445c3ac8665f6b6700db6cc91c8d7f95fbb6138b4ae704c10a8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6252cfd5b7106b181afcd4afb5c72afd17cb82c97c65c722ed9e18cd615288d7
6b646046bdeb2be0b6b891bdbaf638b9ffa022cd42dc7907d04a431471cb60a7
71ba1ab0b581fc82e277e5e9231c47fca32d2c738bccb03bc1e00e8b5250293f
7a5e25da11dfb00d57f6442f3f9bc58677a97a6cc3007d6c8f0b283856d4769f
81350c5db25685f3b5a8d695227313f31268d6be77ce12ccdec5f0fcbfd3781b
818f58e6d42e5e922b212f2520d9f2b0ac36dd165ed0ec09eeed8e271b1b5c89
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
987014e9e31be4e2818fb9b79a9aee2e1aed226de6443266e5414a130d7182d9
a00c85f9b7461a4a755c5de07bdb011a6327b89afac53fcd2893fc21e97ffbae
a3fb50298000a40f383846a8968e6ada7709a1d8d9f945396e3131e074448fb5
a42bc9eacb3f7048f6925c605fd10c8739d45f5d4247901ab88c580701cd1fb9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
bef1f85551e5d35e2c96994b13906a095fe7fa60606bf14c8e031bdd7b169ff9
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c7c67fda6174b50706f513408c9ad87f27469184200fe0cb2115aeaa6a282f2b
cdacfe1f3ed7d80815826f3efa2f1b3b50a0111f54ffb0871b51399c2faf712d
ce83deef9eb7860fe4254d97cee1e97a5c925dd95adaee9dbbe2444a4f31726d
d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036
d14787e0b55b599553fda8b517a2a441bbcb78e826a0625193850e9f9373be89
d1fc21927293f00261a8795efadbdfa16d14521479402d72328c00482a6ba6b9
d7b004c8d1e652b1842dab8c0c30bcd19b2e3a44f120abc72d22d13d7786d94b
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
dfc85b207642f778a4378c93a5de477dd7f2616d9f736a41f23657ea712775e4
e06b7c7343d64d68b4bed5e6998e94521026ad796c6098a0516e49f51ae23172
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebc03471be340e27a10a1af6b8d997a957127df1a61ce7b961bf44613f601cd6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3bf70d129a6af00735bbfa7676ac7aeeb11b786479d03fba0ad0f6f063b333
f570d3cfc5df9a889452f6a2e8ea3ea6c3e6691824d54106d8928efc3abf8600
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5da9d222673ec7ac3eecbb70090fb09e5505ee57a0176cb449e303196c84411
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fa4ad7c1a844c181b505275dfadf5c31d0386b241940ae7e7dac7611e783166a

metabenefit.com Open in urlscan Pro 5.161.63.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

118 Requests

94 %HTTPS

77 %IPv6

11 Domains

16 Subdomains

13 IPs

3 Countries

1861 kBTransfer

5073 kBSize

9 Cookies

10 Outgoing links

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

metabenefit.com Open in urlscan Pro
5.161.63.2 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

94 %
HTTPS

77 %
IPv6

11
Domains

16
Subdomains

13
IPs

3
Countries

1861 kB
Transfer

5073 kB
Size

9
Cookies

118 HTTP transactions
11 data transactions