www.officeholidays.com Open in urlscan Pro
2606:4700:20::6819:c73e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://officeholidays.com/
Effective URL:
https://www.officeholidays.com/
Submission: On December 29 via manual (December 29th 2021, 10:50:25 pm UTC) from US — Scanned from US

Summary HTTP 331 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 73 IPs in 7 countries across 58 domains to perform 331 HTTP transactions. The main IP is 2606:4700:20::6819:c73e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.officeholidays.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2021. Valid for: a year.

This is the only time www.officeholidays.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 37	2606:4700:20:... 2606:4700:20::6819:c73e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	99.86.38.72 99.86.38.72	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	23.208.216.126 23.208.216.126	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
1	23.52.163.40 23.52.163.40	16625 (AKAMAI-AS) (AKAMAI-AS)
11	18.214.233.191 18.214.233.191	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.193.194 151.101.193.194	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
4	2600:9000:20b... 2600:9000:20be:6600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
4	99.86.32.39 99.86.32.39	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:402... 2607:f8b0:4023:1404::9c	15169 (GOOGLE) (GOOGLE)
2 3	142.250.65.230 142.250.65.230	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
1	54.144.110.34 54.144.110.34	14618 (AMAZON-AES) (AMAZON-AES)
8	34.225.113.77 34.225.113.77	14618 (AMAZON-AES) (AMAZON-AES)
1	34.207.4.184 34.207.4.184	14618 (AMAZON-AES) (AMAZON-AES)
3 9	68.67.178.10 68.67.178.10	29990 (ASN-APPNEX) (ASN-APPNEX)
2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
5	44.193.114.165 44.193.114.165	14618 (AMAZON-AES) (AMAZON-AES)
14	3.230.217.116 3.230.217.116	14618 (AMAZON-AES) (AMAZON-AES)
1	69.166.1.15 69.166.1.15	27630 (AS-XFERNET) (AS-XFERNET)
3	2602:803:c002... 2602:803:c002:200::41	26667 (RUBICONPR...) (RUBICONPROJECT)
3	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
1	23.199.204.79 23.199.204.79	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20b... 2600:9000:20be:f800:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1 4	209.54.176.128 209.54.176.128	16509 (AMAZON-02) (AMAZON-02)
2 2	52.116.221.248 52.116.221.248	36351 (SOFTLAYER) (SOFTLAYER)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
26	2607:f8b0:400... 2607:f8b0:4006:820::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:81d::2004	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
1 2	174.129.162.246 174.129.162.246	14618 (AMAZON-AES) (AMAZON-AES)
16 20	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
6 13	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	142.250.123.155 142.250.123.155	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20b... 2600:9000:20be:dc00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	3.212.141.148 3.212.141.148	14618 (AMAZON-AES) (AMAZON-AES)
6	142.250.81.226 142.250.81.226	15169 (GOOGLE) (GOOGLE)
33	2607:f8b0:400... 2607:f8b0:4006:823::2006	15169 (GOOGLE) (GOOGLE)
2	142.251.35.163 142.251.35.163	15169 (GOOGLE) (GOOGLE)
1	184.50.205.90 184.50.205.90	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.52.160.130 23.52.160.130	16625 (AKAMAI-AS) (AKAMAI-AS)
7 7	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
1 2	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
3	23.52.161.180 23.52.161.180	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.105.42.146 104.105.42.146	16625 (AKAMAI-AS) (AKAMAI-AS)
9	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	74.121.140.14 74.121.140.14	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4	69.166.1.10 69.166.1.10	27630 (AS-XFERNET) (AS-XFERNET)
2 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1	162.254.186.187 162.254.186.187	33695 (SCALEMATRIX) (SCALEMATRIX)
2 2	199.127.204.142 199.127.204.142	26120 (RHYTHMONE) (RHYTHMONE)
4 4	2606:ae80:147... 2606:ae80:1471:18::1400	25751 (VALUECLICK) (VALUECLICK)
1 1	199.38.167.129 199.38.167.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
7 7	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
1	104.36.115.113 104.36.115.113	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	68.67.160.25 68.67.160.25	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	34.194.7.56 34.194.7.56	14618 (AMAZON-AES) (AMAZON-AES)
3 3	52.45.33.138 52.45.33.138	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.234.8.115 34.234.8.115	14618 (AMAZON-AES) (AMAZON-AES)
1 1	198.24.170.50 198.24.170.50	19437 (SS-ASH) (SS-ASH)
1 1	54.174.90.60 54.174.90.60	14618 (AMAZON-AES) (AMAZON-AES)
1 1	23.211.130.59 23.211.130.59	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	52.205.171.189 52.205.171.189	14618 (AMAZON-AES) (AMAZON-AES)
5	34.117.239.71 34.117.239.71	15169 (GOOGLE) (GOOGLE)
1 2	185.167.164.37 185.167.164.37	198622 (ADFORM) (ADFORM)
3 3	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
3	104.36.115.109 104.36.115.109	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	52.204.3.213 52.204.3.213	14618 (AMAZON-AES) (AMAZON-AES)
1	52.18.40.211 52.18.40.211	16509 (AMAZON-02) (AMAZON-02)
1	104.36.115.114 104.36.115.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
5	8.39.36.142 8.39.36.142	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:1f18:4e9... 2600:1f18:4e9:5a02:b6fc:4de6:8023:56cb	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4998:14:... 2001:4998:14:800::1000	14777 (YAHOO) (YAHOO)
1 1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
1	8.28.7.84 8.28.7.84	() ()
331	73

37 2606:4700:20::6819:c73e (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

officeholidays.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.officeholidays.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.officeholidays.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.38.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-38-72.sea19.r.cloudfront.net

tags-cdn.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.208.216.126 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-208-216-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.163.40 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-163-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.214.233.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-233-191.compute-1.amazonaws.com

e.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.65.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20be:6600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.32.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-32-39.sea19.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4023:1404::9c (Columbus, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.65.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.110.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-110-34.compute-1.amazonaws.com

apis.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.225.113.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-113-77.compute-1.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.207.4.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-207-4-184.compute-1.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 68.67.178.10 (Secaucus, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 44.193.114.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-114-165.compute-1.amazonaws.com

c.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 3.230.217.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-217-116.compute-1.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.15 (United States)

ASN27630 (AS-XFERNET, US)

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c002:200::41 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.199.204.79 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-199-204-79.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

snapsort-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20be:f800:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 209.54.176.128 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.116.221.248 (United States) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: f8.dd.7434.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2607:f8b0:4006:820::2001 (United States)

ASN15169 (GOOGLE, US)

2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81d::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.129.162.246 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-162-246.compute-1.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.65.226 (United States) 16 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.52.162.21 (New York, United States) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.123.155 (United States)

ASN15169 (GOOGLE, US)
PTR: gh-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20be:dc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.212.141.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-141-148.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.81.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2607:f8b0:4006:823::2006 (United States)

ASN15169 (GOOGLE, US)

s2.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.35.163 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f3.1e100.net

p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.50.205.90 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-50-205-90.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.160.130 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-160-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.23 (United States) 7 redirects

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.32 (United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.52.161.180 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-161-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.105.42.146 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-105-42-146.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.16.68.69 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.121.140.14 (Reston, United States) 4 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.166.1.10 (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.254.186.187 (Temecula, United States)

ASN33695 (SCALEMATRIX, US)
PTR: www.abcbymebath.com

demand.trafficroots.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.127.204.142 (United States) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:ae80:1471:18::1400 (United States) 4 redirects

ASN25751 (VALUECLICK, US)

sortable-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
33across-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.38.167.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:112:f002:bbbb::21 (United States) 2 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.211.178.172 (North Charleston, United States) 7 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.113 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.160.25 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 563.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.194.7.56 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-7-56.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.45.33.138 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.234.8.115 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-8-115.compute-1.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.24.170.50 (Ashburn, United States) 1 redirects

ASN19437 (SS-ASH, US)

server.cpmstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.174.90.60 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-90-60.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.211.130.59 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-211-130-59.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.171.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-171-189.compute-1.amazonaws.com

cms-xch.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.117.239.71 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 71.239.117.34.bc.googleusercontent.com

cms-xch-chicago.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.167.164.37 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.3.213 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-3-213.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.40.211 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-40-211.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.114 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.190.66 (None, )

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.39.36.141 (Los Angeles, United States) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:4e9:5a02:b6fc:4de6:8023:56cb (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4998:14:800::1000 (Ashburn, United States)

ASN14777 (YAHOO, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.84 (None, )

ASN- ()

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googlesyndication.com pagead2.googlesyndication.com 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com tpc.googlesyndication.com	292 KB
42	doubleclick.net 18 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net bid.g.doubleclick.net googleads4.g.doubleclick.net	298 KB
37	officeholidays.com 3 redirects officeholidays.com www.officeholidays.com static.officeholidays.com	380 KB
33	2mdn.net s2.2mdn.net s0.2mdn.net	822 KB
19	yahoo.com 4 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com ads.yahoo.com	7 KB
18	deployads.com tags-cdn.deployads.com e.deployads.com c.deployads.com	308 KB
17	rubiconproject.com 5 redirects fastlane.rubiconproject.com eus.rubiconproject.com secure-assets.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com pixel-us-east.rubiconproject.com	31 KB
16	33across.com 8 redirects ssc.33across.com ssc-cms.33across.com cms-xch.33across.com cms-xch-chicago.33across.com	6 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com	185 KB
13	casalemedia.com 6 redirects htlb.casalemedia.com dsum-sec.casalemedia.com	49 KB
12	pubmatic.com ads.pubmatic.com image6.pubmatic.com simage2.pubmatic.com image4.pubmatic.com image2.pubmatic.com simage4.pubmatic.com	30 KB
12	adnxs.com 3 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	38 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	99 KB
10	districtm.io cdn.districtm.io dmx.districtm.io	5 KB
9	sharethrough.com 1 redirects btlr.sharethrough.com match.sharethrough.com	15 KB
8	amazon-adsystem.com 1 redirects c.amazon-adsystem.com s.amazon-adsystem.com	43 KB
7	bidswitch.net 7 redirects x.bidswitch.net	4 KB
6	google.com adservice.google.com www.google.com	2 KB
6	consensu.org quantcast.mgr.consensu.org apis.quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org	148 KB
6	addthis.com s7.addthis.com m.addthis.com	247 KB
5	googleapis.com fonts.googleapis.com	3 KB
5	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	6 KB
4	dotomi.com 4 redirects sortable-match.dotomi.com 33across-match.dotomi.com	1 KB
4	mathtag.com 4 redirects sync.mathtag.com	2 KB
4	googletagservices.com www.googletagservices.com	147 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com id.rlcdn.com	823 B
3	everesttech.net 3 redirects sync-tm.everesttech.net	891 B
3	adsrvr.org 3 redirects match.adsrvr.org	2 KB
2	krxd.net 1 redirects usermatch.krxd.net beacon.krxd.net	506 B
2	pippio.com 2 redirects pippio.com	854 B
2	adform.net 1 redirects c1.adform.net	949 B
2	advertising.com 2 redirects pixel.advertising.com	675 B
2	turn.com 2 redirects ad.turn.com	911 B
2	contextweb.com 2 redirects bh.contextweb.com	1 KB
2	tynt.com 1 redirects de.tynt.com	3 KB
2	simpli.fi 2 redirects um.simpli.fi	1 KB
2	openx.net snapsort-d.openx.net u.openx.net	475 B
2	lijit.com ap.lijit.com	748 B
2	fastly.net confiant-integrations.global.ssl.fastly.net	70 KB
2	btloader.com btloader.com api.btloader.com	9 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	cpmstar.com 1 redirects server.cpmstar.com	611 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	575 B
1	rfihub.com 1 redirects p.rfihub.com	753 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	593 B
1	1rx.io 1 redirects sync.1rx.io	724 B
1	trafficroots.com demand.trafficroots.com
1	indexww.com js-sec.indexww.com	1 KB
1	bluekai.com stags.bluekai.com	821 B
1	yieldmo.com ads.yieldmo.com	359 B
1	addthisedge.com v1.addthisedge.com	1 KB
1	ad-delivery.net ad-delivery.net	938 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	moatads.com z.moatads.com	1 KB
1	cloudflare.com cdnjs.cloudflare.com	11 KB
1	jquery.com code.jquery.com	29 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
0	id5-sync.com Failed id5-sync.com Failed
331	58

	Domain	Requested by
32	s0.2mdn.net	www.officeholidays.com s0.2mdn.net
25	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com googleads.g.doubleclick.net fw.adsafeprotected.com s0.2mdn.net www.googletagservices.com
23	www.officeholidays.com	1 redirects www.officeholidays.com
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
20	cm.g.doubleclick.net	16 redirects googleads.g.doubleclick.net
14	c2shb.ssp.yahoo.com	www.officeholidays.com
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	static.officeholidays.com	www.officeholidays.com
11	e.deployads.com	tags-cdn.deployads.com
9	ib.adnxs.com	3 redirects www.officeholidays.com googleads.g.doubleclick.net acdn.adnxs.com
9	fonts.gstatic.com	www.officeholidays.com fonts.googleapis.com
8	dmx.districtm.io	cdn.districtm.io
8	dt.adsafeprotected.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
8	btlr.sharethrough.com	www.officeholidays.com
7	x.bidswitch.net	7 redirects
7	ssc-cms.33across.com	7 redirects
6	googleads4.g.doubleclick.net	googleads.g.doubleclick.net www.officeholidays.com
6	googleads.g.doubleclick.net	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com www.officeholidays.com
5	pixel.rubiconproject.com
5	cms-xch-chicago.33across.com	de.tynt.com
5	fonts.googleapis.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com s0.2mdn.net
5	www.google.com	tpc.googlesyndication.com 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
5	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	c.deployads.com	www.officeholidays.com ads.pubmatic.com
5	securepubads.g.doubleclick.net	tags-cdn.deployads.com securepubads.g.doubleclick.net
4	sync.go.sonobi.com
4	sync.mathtag.com	4 redirects
4	eus.rubiconproject.com	www.officeholidays.com eus.rubiconproject.com de.tynt.com
4	www.googletagservices.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
4	s.amazon-adsystem.com	1 redirects c.amazon-adsystem.com s.amazon-adsystem.com
4	c.amazon-adsystem.com	www.officeholidays.com c.amazon-adsystem.com
4	quantcast.mgr.consensu.org	tags-cdn.deployads.com quantcast.mgr.consensu.org
4	s7.addthis.com	www.officeholidays.com s7.addthis.com
3	token.rubiconproject.com	3 redirects
3	image2.pubmatic.com	ads.pubmatic.com
3	simage2.pubmatic.com	ads.pubmatic.com
3	sync-tm.everesttech.net	3 redirects
3	match.adsrvr.org	3 redirects
3	ups.analytics.yahoo.com	3 redirects
3	ads.pubmatic.com	www.officeholidays.com de.tynt.com ads.pubmatic.com
3	www.gstatic.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
3	ssc.33across.com	www.officeholidays.com
3	fastlane.rubiconproject.com	www.officeholidays.com
3	ad.doubleclick.net	2 redirects www.officeholidays.com
2	pippio.com	2 redirects
2	idsync.rlcdn.com	2 redirects
2	c1.adform.net	1 redirects ads.pubmatic.com
2	33across-match.dotomi.com	2 redirects
2	pixel.advertising.com	2 redirects
2	ad.turn.com	2 redirects
2	sortable-match.dotomi.com	2 redirects
2	bh.contextweb.com	2 redirects
2	cdn.districtm.io	www.officeholidays.com cdn.districtm.io
2	de.tynt.com	1 redirects www.officeholidays.com
2	acdn.adnxs.com	www.officeholidays.com
2	p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com
2	fw.adsafeprotected.com	1 redirects 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
2	um.simpli.fi	2 redirects
2	ap.lijit.com	www.officeholidays.com
2	m.addthis.com	s7.addthis.com
2	confiant-integrations.global.ssl.fastly.net	tags-cdn.deployads.com confiant-integrations.global.ssl.fastly.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	tags-cdn.deployads.com	www.officeholidays.com code.jquery.com
2	officeholidays.com	2 redirects
1	simage4.pubmatic.com	ads.pubmatic.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	ads.yahoo.com
1	id.rlcdn.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	beacon.krxd.net	ads.pubmatic.com
1	usermatch.krxd.net	1 redirects
1	cms-xch.33across.com	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	match.sharethrough.com	1 redirects
1	server.cpmstar.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	secure.adnxs.com	acdn.adnxs.com
1	image6.pubmatic.com	ads.pubmatic.com
1	p.rfihub.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	demand.trafficroots.com
1	js-sec.indexww.com	www.officeholidays.com
1	u.openx.net	www.officeholidays.com
1	stags.bluekai.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
1	s2.2mdn.net	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
1	static.adsafeprotected.com	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	test.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	snapsort-d.openx.net	www.officeholidays.com
1	htlb.casalemedia.com	www.officeholidays.com
1	apex.go.sonobi.com	www.officeholidays.com
1	ads.yieldmo.com	www.officeholidays.com
1	v1.addthisedge.com	s7.addthis.com
1	apis.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	api.btloader.com	btloader.com
1	ad-delivery.net	www.officeholidays.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn.jsdelivr.net	www.officeholidays.com
1	btloader.com	tags-cdn.deployads.com
1	z.moatads.com	s7.addthis.com
1	cdnjs.cloudflare.com	www.officeholidays.com
1	code.jquery.com	www.officeholidays.com
1	www.googletagmanager.com	www.officeholidays.com
0	id5-sync.com Failed
331	107

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
uk.pinterest.com
blog.officeholidays.com
www.thereisadayforthat.com
officetimezones.com
www.addthis.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.deployads.com Amazon	`2021-06-03` - `2022-07-02`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2021-12-25` - `2022-03-25`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.yieldmo.com Amazon	`2021-10-12` - `2022-11-10`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-11-24` - `2022-04-26`	5 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.trafficroots.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-22` - `2022-03-23`	2 years	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh

This page contains 39 frames:

Primary Page: https://www.officeholidays.com/
Frame ID: 30F7B0E90B18575CAF98F46A18CC9D70
Requests: 135 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: E756350045D426ECA659B23D4D81954E
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 6D0B79396A078686926C6F61D67F8FA0
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t
Frame ID: E8F11D5BFF7E72B8CB4FE09C01997255
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-simpli.fi&fv=1.0&a=cm&cm3ppd=1
Frame ID: E677C42D26BB16C16D917830D8445C59
Requests: 2 HTTP requests in this frame

Frame: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F9D65AA29F21F70EA6666886D7B04B75
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EDA2A7D7FB57E7F56BA53C10B7BD7444
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F773E9D36803E5C821211A7E1986F54B
Requests: 2 HTTP requests in this frame

Frame: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D2067EE31BBDF518F524FA186CA2DA34
Requests: 5 HTTP requests in this frame

Frame: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0BC259DD0B8D9583474D074BAB0A0F53
Requests: 26 HTTP requests in this frame

Frame: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9A4FD7A5458055D1226B1FE38AE79F2B
Requests: 14 HTTP requests in this frame

Frame: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D58FDE068BFA28AF68DC428FA5C8BFF9
Requests: 15 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C90DA0981A3C99C684A22A61F55D74E6
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARjviYOcATAB&v=APEucNU0URU0J_pEFN80riZbcyU8Qv-4XNYwxu3vX_8K16UEvFInzee-x0LtFS5kz3966-V0NjyIVh3a6N7AhJRZ5hDFTlMzckAjfSlG8sFIeUveOj9CoVI
Frame ID: 59385D0BABE996E74B68279A33F75606
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBENbEmQEYs5vxsQEwAQ&v=APEucNXoiLkFeeCdMyIMCcua90c1-m_64Za3DUhcI_ND96ngXJfpYXSNJTRdQHQdz0HS1UeuhELZuKDYARBwRtwcSuvqXFXXEuOeoKKOkgeGjKRS2S5fREA
Frame ID: ADF0E175AD98F1C9013646AC3F7DA452
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBEJ-hFBiR6d27ATAB&v=APEucNXj4ykVuirEfPyYq2xoJuxuVr0IimYes4Dp6ecQGj_NcnGWRRi9MKm9cM7pU1lVFvaEIkJFgZT0VL8ta6EhK-Z63173O9iK9nDSadxC7byL0MnOPBU
Frame ID: 5F25DF9FD0C4CDAE6B4CBAC4A8445725
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 9E35AC578ADE8BDA86379EE0F63C2DB4
Requests: 1 HTTP requests in this frame

Frame: https://p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: BC31D4ECED9C3D1384578979EC8B312F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6F6996104677D0AEDF55889AFD74459C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F4E41E0E1F14FD1DC24589EE88703BC6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2608AB13DFCA50657F16AA0ED4A2C21C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
Frame ID: 4F0BB8ECD2FE29FA4ADD8C9509362AA6
Requests: 22 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
Frame ID: 8C7BCB73C66CCCADCFF6C7A2FA09F6CD
Requests: 22 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: 2B3B577C00FE065364DCCD7250DA5F23
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: BCD4C4FDB45F61041C794FCC6A66A883
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?us_privacy=1---
Frame ID: 0AEE5B95C50B93B7C259678A750613C9
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 15D8AE48A225FA75E01A94E1B17568D9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D9DDF71D2E62FF06ECA1DAF661895EB6
Requests: 2 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Frame ID: 11BA3F4074C120B4DD23CA7F67B50CE3
Requests: 5 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Frame ID: 8F97F47D5F4C2567E4E9562F7A643345
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Frame ID: 5DE7CA6E485E9EA9307A1C40202EE037
Requests: 10 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 59D5E60DEFAAD3DB5009469398941B6D
Requests: 9 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?us_privacy=1---&informer=9465460
Frame ID: 5AF1C947F8695A1ABC53483838A82B6F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 8C353E5F4FEE7B12094701B3AC6E65E4
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---
Frame ID: B9B377560E7CA040602ACC8AF8A97004
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=1---&predirect=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D25%26external_user_id%3D
Frame ID: B1933CDB1B11CE918670E1B05E72B133
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208
Frame ID: 042E896AA694DECACF6D59CBB9D1EE7C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm
Frame ID: 9E4118C3CB1005A6486639066B8F0C9B
Requests: 1 HTTP requests in this frame

Frame: https://c.deployads.com/cs/pubm?b=03ABEA37-B440-463C-BB9F-909645C52208
Frame ID: 1BDCF0AB7EA4BF3D555FBB9BEE702F2C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Calendars of public holidays and bank holidays | Office Holidays

Page URL History Show full URLs

http://officeholidays.com/ HTTP 301
https://officeholidays.com/ HTTP 301
https://www.officeholidays.com/ Page URL

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

331
Requests

85 %
HTTPS

28 %
IPv6

58
Domains

107
Subdomains

73
IPs

7
Countries

3323 kB
Transfer

8142 kB
Size

112
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/officeholidays

Search URL Search Domain Scan URL

URL: https://twitter.com/officeholidays

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/office-holidays

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCdav48fWCT1EMokkrsVfGtw

Search URL Search Domain Scan URL

URL: https://uk.pinterest.com/officeholidays/

Search URL Search Domain Scan URL

URL: https://blog.officeholidays.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.thereisadayforthat.com/
Title: There is a Day for That!

Search URL Search Domain Scan URL

URL: https://officetimezones.com/
Title: Time Zones

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Marketing%20tool%20logo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://officeholidays.com/ HTTP 301
https://officeholidays.com/ HTTP 301
https://www.officeholidays.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://www.officeholidays.com/images/icons/home.png HTTP 301
https://static.officeholidays.com/images/icons/home.png

Request Chain 114

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t

Request Chain 118

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?id=7F2FCDF0C65740BE9AC81D5744563E67&ex=simpli.fi&status=ok

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

Request Chain 172

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

Request Chain 180

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Request Chain 182

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Request Chain 184

https://fw.adsafeprotected.com/rfw/bgd/549590/52686815/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ&adsafe_url=https%3A%2F%2Fwww.officeholidays.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:78f08659-13a4-c2bd-48ed-ae73c454071f,c:yeffsk,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-847b8989c9-nhtlb,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:b27cee26-68f9-11ec-9879-9675100f7e97,v:19.8.273,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ

Request Chain 230

https://ad.doubleclick.net/ddm/ad/N5295.275509.TESTSITE/B11222446.149473255;sz=1x1;ord=111223147557;u=Buy:25117529%7CPID:311061394%7CAID:484134565%7CCID:137899826%7Cfeatureus-dr-feature-pixel5a-preparing-to-buy,ready-to-buy-20211227-20220401-970x250-8 HTTP 302
https://ad.doubleclick.net/ddm/ad/N5295.275509.TESTSITE/B11222446.149473255;dc_pre=CJr0npmMivUCFY-8swodohAKOQ;sz=1x1;ord=111223147557;u=Buy:25117529%7CPID:311061394%7CAID:484134565%7CCID:137899826%7Cfeatureus-dr-feature-pixel5a-preparing-to-buy,ready-to-buy-20211227-20220401-970x250-8 HTTP 302
https://s0.2mdn.net/2537204/2-1x1.jpg

Request Chain 276

https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1--- HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1--- HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1

Request Chain 282

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=558661cc-e62d-4700-ade9-dfe73f377cca

Request Chain 283

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d237a970-b0c0-4241-b196-f25e8b25f827&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=aXZhaFQ4cGpQTTV1T0M5dTd2dnphZw&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEMMJSQe0o5PFMVDseJzrec8&google_cver=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kKLvhsdg4nDb

Request Chain 285

https://sync.1rx.io/usersync2/sortable?us_privacy=1--- HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005?redir=https%3A%2F%2Fc.deployads.com%2Fcs%2Fr1%3Fb%3DRX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005%26us_privacy%3D1--- HTTP 302
https://c.deployads.com/cs/r1?b=RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005&us_privacy=1---

Request Chain 286

https://sortable-match.dotomi.com/match/bounce/current?networkId=64743&version=1&us_privacy=1--- HTTP 302
https://sortable-match.dotomi.com/match/bounce/current?DotomiTest=6905d54e0c7a08ef&is_secure=true&networkId=64743&version=1&us_privacy=1--- HTTP 302
https://c.deployads.com/cs/CNVT?b=AAADLIcwUvSDHANEhez0AAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1---

Request Chain 287

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=fb9580c293&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=fb9580c293&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=9b404231-23ab-467b-a268-f4f258cb6e8b&pubid=fb9580c293 HTTP 302
https://id5-sync.com/s/434/9.gif?puid=d237a970-b0c0-4241-b196-f25e8b25f827&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/434/434/9/1.gif?puid=d237a970-b0c0-4241-b196-f25e8b25f827&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/434/2/8/2.gif?puid=5281263057379193593&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/434/3/7/3.gif?puid=558661cc-e62d-4700-ade9-dfe73f377cca&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/k/264.gif?puid=9b404231-23ab-467b-a268-f4f258cb6e8b&ttl=%%TTL%% HTTP 302
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY HTTP 303
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESEO60M9U4p82FjJb0Il7b07Q&google_cver=1 HTTP 303
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEO60M9U4p82FjJb0Il7b07Q&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 302
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=5281263057379193593&opid=apx&ops=&utidl=tech:goo:CAESEO60M9U4p82FjJb0Il7b07Q&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 303
https://id5-sync.com/qp/18.gif?puid=vec%3A23994171262&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F4%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F4%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/cq/434/916/4/6.gif?puid=8e0bcac4-1871-4742-bc72-03f582e3e215&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

Request Chain 288

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758876085678044

Request Chain 289

https://ad.turn.com/r/cs?pid=56&us_privacy=1--- HTTP 302
https://c.deployads.com/cs/AMOB?b=8370084033819338431

Request Chain 290

https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=86af9886-5932-44b0-a103-d403cbdc6a7c&google_hm=ODZhZjk4ODYtNTkzMi00NGIwLWExMDMtZDQwM2NiZGM2YTdj HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJKaL-hyVva8e2KMTGA8US8&google_cver=1&ssp=sonobi&bsw_param=86af9886-5932-44b0-a103-d403cbdc6a7c HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=86af9886-5932-44b0-a103-d403cbdc6a7c

Request Chain 296

https://sync.srv.stackadapt.com/sync?nid=132 HTTP 302
https://dmx.districtm.io/s/10026/mxubsQJATC1TvDUj7p_ja1x3E0k

Request Chain 297

https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent= HTTP 302
https://dmx.districtm.io/s/10057/y-KpChjp9E2uEtA2ZYx.X2soZHMlu5ObuG_HZTeeM-~A

Request Chain 298

https://pixel.advertising.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf HTTP 302
https://dmx.districtm.io/s/10051/y-iypMXUJE2uHG_.P8_dq8JwWnxIJz8BX7~A~UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf

Request Chain 299

https://x.bidswitch.net/sync?ssp=districtm&user_id=22ymV7OIuNmZY4PbgXB2IS2Wlv8 HTTP 302
https://server.cpmstar.com/usersync.aspx?bsw_custom_parameter=86af9886-5932-44b0-a103-d403cbdc6a7c&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D440%26ssp%3Ddistrictm%26user_id%3D%24UID HTTP 302
https://x.bidswitch.net/sync?dsp_id=440&ssp=districtm&user_id=y-sfm0vYgBt64MXqdRV10 HTTP 302
https://dmx.districtm.io/s/10009/86af9886-5932-44b0-a103-d403cbdc6a7c

Request Chain 300

https://match.sharethrough.com/1PQ8qgv7/v1/ HTTP 302
https://dmx.districtm.io/s/10059/c823a97a-46b2-4e5c-9a9f-0de433db094e

Request Chain 301

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=1--- HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---

Request Chain 302

https://ssc-cms.33across.com/ps/?us_privacy=1---&ts=1640818221663.6&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predirect%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D25%2526external_user_id%253D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=1---&predirect=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D25%26external_user_id%3D

Request Chain 303

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=1--- HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=the33across&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=93&user_id=9b404231-23ab-467b-a268-f4f258cb6e8b&expires=30&ssp=the33across&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
https://ssc-cms.33across.com/ps/?gdpr_consent=&ri=10&ru=https%3A%2F%2Fcms-xch.33across.com%2Fmatch%3Fgdpr_58%3D%24gdpr_58%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D%26bidder_id%3D10%26external_user_id%3D86af9886-5932-44b0-a103-d403cbdc6a7c HTTP 302
https://cms-xch.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c HTTP 301
https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c

Request Chain 304

https://ssc-cms.33across.com/ps/?us_privacy=1---&ts=1640818221663.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
https://sync.mathtag.com/sync/img?us_privacy=1---&mt_exid=73&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://cms-xch-chicago.33across.com/match?liv=g&us_privacy=1---&bidder_id=1&external_user_id=558661cc-e62d-4700-ade9-dfe73f377cca

Request Chain 305

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d~A HTTP 302
https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d%7EA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 306

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=1--- HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=3c275114b74b08f0&is_secure=true&networkId=78390&version=1&us_privacy=1--- HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAADLZgJhd8OKgMGIJSJAAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1--- HTTP 302
https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAADLZgJhd8OKgMGIJSJAAAAAAA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 307

https://c1.adform.net/serving/cookie/match?party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208

Request Chain 308

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YczmLQABqCmoGQAm HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm

Request Chain 310

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=A6vqN7RARjy7n5CWRcUiCA%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 311

https://idsync.rlcdn.com/420486.gif?partner_uid=03ABEA37-B440-463C-BB9F-909645C52208 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDAzQUJFQTM3LUI0NDAtNDYzQy1CQjlGLTkwOTY0NUM1MjIwOBAAGg0IrcyzjgYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=efc06d99f8bed6bada834ce60873cebafbd48f65881b24909f15d6bf12b98561791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlZmMwNmQ5OWY4YmVkNmJhZGE4MzRjZTYwODczY2ViYWZiZDQ4ZjY1ODgxYjI0OTA5ZjE1ZDZiZjEyYjk4NTYxNzkxNDI2YjU0MTdkY2UyMRAAGgwIrsyzjgYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlZmMwNmQ5OWY4YmVkNmJhZGE4MzRjZTYwODczY2ViYWZiZDQ4ZjY1ODgxYjI0OTA5ZjE1ZDZiZjEyYjk4NTYxNzkxNDI2YjU0MTdkY2UyMRAAGgwIrsyzjgYSBAgCEABCAEoA&google_gid=CAESELmdIL0b6Z5DLud6D_RB1LY&google_cver=1 HTTP 307
https://usermatch.krxd.net/um/v2?partner=liveramp_identity HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity

Request Chain 312

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=558661cc-e62d-4700-ade9-dfe73f377cca

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDNBQkVBMzctQjQ0MC00NjNDLUJCOUYtOTA5NjQ1QzUyMjA4&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC59CVTe-bSEjezCmQv_Fgc&google_cver=1

Request Chain 315

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7F2FCDF0C65740BE9AC81D5744563E67

Request Chain 316

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=9b404231-23ab-467b-a268-f4f258cb6e8b

Request Chain 317

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2534263341677307583&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 324

https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1--- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MjJmMTc1NTRmNmJjZGNlYmYzNTU1NWZjZjUwZWMzODM5M2U5OGU4ZA&us_privacy=1---

Request Chain 325

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDwLmjRuF0HrJIIYslO0c8&google_cver=1

Request Chain 326

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1--- HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/ah52-EGraOQ5IKBRQVQFBQ?csrc=&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6759607224088720442

Request Chain 327

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YczmLQABqCmoGQAm&us_privacy=1---

Request Chain 329

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=558661cc-e62d-4700-ade9-dfe73f377cca&expires=28

Request Chain 330

https://token.rubiconproject.com/token?pid=26594&us_privacy=1--- HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXS4SVXC-Y-5VDJ&sigv=1&esig=2~21e2ee0121cf8bd5bbe95637ab111a3233eaf0a5&us_privacy=1---

Request Chain 331

https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9b404231-23ab-467b-a268-f4f258cb6e8b&gdpr=0&gdpr_consent=&expires=30

Request Chain 332

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=1---&us_privacy=1---&khaos=KXS4SVXC-Y-5VDJ HTTP 302
https://ssc-cms.33across.com/ps/?xi=1&xu=KXS4SVXC-Y-5VDJ&us_privacy=1--- HTTP 302
https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KXS4SVXC-Y-5VDJ&ts=1640818222&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---

331 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.officeholidays.com/
Redirect Chain

http://officeholidays.com/
https://officeholidays.com/
https://www.officeholidays.com/

73 KB
14 KB

50ms
36ms

Document
text/html

2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6039f00f4484246fa16029b5e04f4261ca254f965fc273e192c53df95937bef9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=14400
last-modified: Wed, 29 Dec 2021 17:46:39 GMT
cf-cache-status: HIT
age: 6560
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VfdGuhWSoX8aIMwn3Yi9sC%2Fgr3fOg21HfCoqHXgnupO%2BtOvl93y1IFNtWjN3HpJiRf2IvFrFvkLw7HSqGb38H8HuuSGItY0%2B2P5CvRpZAFHtv4YMOAiOFtOCoftlvkxlfhNsfYPUTH4xS2f%2FcMCvMAjPCI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c56961dca5b63ff-ATL
content-encoding: br

Redirect headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-type: text/html
location: https://www.officeholidays.com/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIur5BnDD7yc4CeD6ov%2FCr5YkN31KbSfLz8R%2FtjNF5PNCE6o0fkeh1IeVSs7qZ%2BTvSnQcKr8Wwg6NJvjN88cjKR2Qg6LjHAW6iBIQf18kcV14Xmw1YMMg05WogFrrkKjFzeJ4ZDFUUPJsgk8SlMytA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c56961ccf7e63ff-ATL

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 153ms
57ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1309994-2

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

202dbea5d39a060ad39306a2daa1875cb41c3ca42d432d32fba88b9894ef37ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Dec 2021 22:50:16 GMT

GET
H2 200 combined-min.css
www.officeholidays.com/css/ 24 KB
4 KB 70ms
69ms Stylesheet
text/css 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/css/combined-min.css
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21b5fa657cd268fefff948ed87eb7a8fe30e0df5cc537ec665f79544bdd2f65f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 14 Jun 2020 15:46:45 GMT
server: cloudflare
age: 20648
etag: W/"5ee64665-614c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4k1ouMQG1wBp7YryTrRZ3SCdWiNDljIv2ZI%2B2BrbaBqFRHyFVwG0uKid6QRQBaPWF4ZoZLBmv6WBq1yzkjPWoFb4D3iTs%2FYNvX8dEeERWygHeaOn9QktI8Ep0QqnjtvRyxUIHguYWs4h%2BxzHnxqrhKs7gHs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961e2b4f63ff-ATL

GET
H2 200 style-min.css
www.officeholidays.com/css/ 80 KB
16 KB 45ms
43ms Stylesheet
text/css 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/css/style-min.css
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea530c33c96a407bc89b262fe9c38e2e0ba1f7847685bae2bb1441c48d57e8c8

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 18 Jun 2020 13:41:41 GMT
server: cloudflare
age: 20648
etag: W/"5eeb6f15-14144"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jANWlcpgGaCbskETd8i9KjrV8n3G5tNL4MHlEX2jVqDUXC2kLzaKLRxUmusth5Uaku%2FZobytRcFLV8MRJv2GOmWfr85gRfwkHUesgsT5HdKyFlMNy1T2VWoJiBSSatntQOH1nG8%2FB0ly9f7PLkJfewyqmWo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961e2b5263ff-ATL

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 79ms
28ms Script
application/javascript 2001:4de0:ac18::1:a:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://www.officeholidays.com/
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 17:24:41 GMT
server: nginx
etag: W/"573f4859-14e4a"
vary: Accept-Encoding
x-hw: 1640818216.dop136.at2.t,1640818216.cds202.at2.hn,1640818216.cds003.at2.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H/1.1 200
OK officeholidays.com.js Show response
tags-cdn.deployads.com/a/ 495 KB
152 KB 273ms
103ms Script
text/javascript 99.86.38.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.38.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-38-72.sea19.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash: 44e1795e8723279fbb50c90bd8ca61ba2916bd201ce01cf7d14c1480878bfb5f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:49:50 GMT
Content-Encoding: gzip
Age: 25
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Wed, 29 Dec 2021 22:49:50 GMT
Server: awselb/2.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront)
Cache-Control: max-age=1800,public
X-Amz-Cf-Pop: SEA19-C1
X-Amz-Cf-Id: GwmG8hGUUNWReaSerqH20GvIntKcO4MJQvhOGgls46ebLuH-O9WWMw==
Expires: Wed, 29 Dec 2021 23:19:50 GMT

GET
H2 200 jquery.lazyload-any.js Show response
www.officeholidays.com/js/ 4 KB
2 KB 53ms
52ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.lazyload-any.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d790aa9ffe3bfff038ed28fb2e130f83835fab53bde5e1dd0fda13c3ba7a1e8

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=5856
last-modified: Wed, 10 Jun 2020 15:53:48 GMT
server: cloudflare
etag: W/"5ee1020c-16e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qB7X1UBAGP3JlH0ocvn6FzjLrO3fEOwxfHzB38SCbuhyUK3zkM%2FQhSjlfm2zcM3sg%2FPdsmRHPWKwaIvgY8EqG4Gxx9jdoh3obTKcHA1asPl3hMa6rRcZPA5Ymvxcqtw5vuZrrrbhuV%2F2fVuewlFA59dvH74%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961e2b5663ff-ATL
cf-bgj: minify

GET
H2 200 all-flags.css
www.officeholidays.com/css/ 25 KB
4 KB 41ms
41ms Stylesheet
text/css 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/css/all-flags.css
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bb5d5d2717e9ad8ba305b99a41ce87231864486e18d323385a800a038f39a96

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=25920
last-modified: Fri, 03 Sep 2021 11:07:56 GMT
server: cloudflare
etag: W/"6132020c-6540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aurru2E6q%2B0qH5bfCZyvOO78ovpubeQAw1GGeGfgX5k4dAiqeezk%2FpVxENUlDf3j9cS92DAkUGqyky60jHDdJfHVDEeiw5FXYR5sqMUcYMCQO5P3fcypP5id%2BpubqEtiWKYSrxmVo9FBN6ZlmIXHHbJOONs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6c56961e2b5363ff-ATL
cf-bgj: minify

GET
H2 200 moment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/moment.js/2.9.0/ 34 KB
11 KB 81ms
33ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.9.0/moment.min.js

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a3bb1e382060c6999c26faac38aed7e3d6cc03f7376a9a36b881a7e5ba923ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6067755
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10807
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f26-87b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJ0eam%2B6xPk6IhP2iYfkX7TGrb%2BlRAJYq5SKQlYb9x00wXsLCkLsYNXYZorrGuGIWZ9z99g43L4tTNx5ryl62hworF0wmT0KgTFXxovos0i3JPGwcnlI91cwfqj%2FgWCOHteNE4Sr6vxQAjs0aERV7Q7u"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6c56961e7ad763c6-ATL
expires: Mon, 19 Dec 2022 22:50:16 GMT

GET
H2 200 ohv2_blue.gif
static.officeholidays.com/images/280x57c/ 7 KB
8 KB 78ms
64ms Image
image/gif 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/280x57c/ohv2_blue.gif
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 732d151fef134926aa169836bc38fa46930482ef961e157db8ddb5cb6b1b7923

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16157
cf-polished: status=not_needed
cf-ray: 6c56961efd4163ff-ATL
content-length: 7175
x-amz-id-2: 6uFw0orcYm7hrtQf3pDVixDbThuufVm5L1mYLZFch9n1BX5c8EnxWGRDIxz63SdCUwD7/WF4zb0=
last-modified: Mon, 06 Jan 2020 15:52:33 GMT
server: cloudflare
etag: "090c67c563fb963d9d667986d94382f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hc5pD8rAPjMwTYpF21bmmJEPFDE3o6iXnElRTAaygkFnV5QdKOhFOttN1UwRlEjlFVxwoX1ClFpr2LFgUs9aMnD5vPVRxyhdAuks11%2BTqJCgVNl0PNH85AstrdKken5b2b5tX2vCg1m%2BJ5l%2FW9e9nvWpkKHvHOc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: JWJX0ZY1T9SK4X12
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/gif
cf-bgj: imgq:85,h2pri

GET
H2 200 oh-logo-265.png
static.officeholidays.com/images/logos/ 2 KB
3 KB 86ms
73ms Image
image/png 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/logos/oh-logo-265.png
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5c591ad7018d1195feb0ee8e0cd81b1cbd12c7d4c82376040c6596210b5249c

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6318
cf-polished: status=not_needed
cf-ray: 6c56961efd4263ff-ATL
content-length: 2122
x-amz-id-2: IZzypwGpoaYegPAQ8ub8g0gFoxJQEaOOe9J2/W5bvYP4d/VcY02tYaMVd//i9NjYzkICweyxkq4=
last-modified: Tue, 07 Jan 2020 11:39:13 GMT
server: cloudflare
etag: "a7eff445eaffbc52d438f0ee5984994a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nh62TJNM3v%2F813vhq%2FNP%2Fe8CprnH3WWJIcUV6o8LcrwMqApWDOwLLeYlzwLVZ%2BE7oVcu8P%2BOiEMEMoIkJmJGqqPeRHMRutQsIDpP5Cnh6NAWTsxYmnFaXgLS7N3WBvL3fc62DRYP2aDslQKdVm8%2BXxTLG2%2BC8Rc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: JWJGVPFE1Q6084VX
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/png
cf-bgj: imgq:85,h2pri

GET
H2 200 new_year_01.jpg
static.officeholidays.com/images/300x189c/ 20 KB
21 KB 93ms
80ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/new_year_01.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca827c0395102a2e85d1f12cc4cb5f418a0b0615602b00f093cef3102a30ba46

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6175
cf-polished: degrade=85, origSize=40655
cf-ray: 6c56961efd3d63ff-ATL
content-length: 20698
x-amz-id-2: pZc//BTczjJLDKkDGc84/Kx88D31hPQqqRy7xWiVL152zYDn4Nu3DLU7NwC7AAI3P8TeygbS7ks=
last-modified: Mon, 06 Jan 2020 13:33:07 GMT
server: cloudflare
etag: "be89cdda9be23ebafabe0fe709c6ebd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1FX1UJp6loPoia3gf2C3IxSV69VN0d%2BzrL%2Fbg9JOW6cR2qOHufULVig8OqZCLGM21DOR%2FlwQHl8T368dgbq4zbSBfsAOQ50axjOFgrrgqhEgs3sVBcSyK7wtv8aKpqKxqV4H96ztScNNIoLMzYFOcHzsIorDR4%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: E3EVYXEJKCGV2C1R
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 epiphany.jpg
static.officeholidays.com/images/300x189c/ 13 KB
14 KB 91ms
78ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/epiphany.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 515d85169cf9ae53de2d7db755dedd04b8ae24470112669a1eaf085f2f24c372

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 982
cf-polished: degrade=85, origSize=24911
cf-ray: 6c56961efd4463ff-ATL
content-length: 13302
x-amz-id-2: pVUpn96QJagUfcGs9LHsiqFyofLSofpv1+bN80ieoTG1wr1snEoSozvt2CNczFQeaVRTDTm5A8M=
last-modified: Mon, 06 Jan 2020 11:55:43 GMT
server: cloudflare
etag: "107fd0c5f65f687c35d49912198d15ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Ir8BQ2GmM5MmPZA1v0HDhy64la1mxYl1eXtwjnj4Z3LIkyRidlHXVGpmzVame5IivMNvvvepBzriwSMq5cs63%2FMycoOFvg%2FowqQqIpuUNefzSv7sGdn%2BUA71Qp%2FhV30Rgpkhcdt8HCmycKaD4sZ%2BMdsPV6rxxc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: MZRMXJJJ3FZHH0N9
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 russia-christmas-02.jpg
static.officeholidays.com/images/300x189c/ 16 KB
17 KB 98ms
85ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/russia-christmas-02.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3708959f8cbc9c5f5a3e85798381d956a47c89961a019c67c452164cc4c4c8e1

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6559
cf-polished: degrade=85, origSize=32426
cf-ray: 6c56961efd4563ff-ATL
content-length: 16497
x-amz-id-2: DeUKmWcckL+bAo3Z+fbXrO+TA3PRnqlrcI9t33hif4o1H0kF/Hs4HHuRLBaOSiDVvQnXDIoW92o=
last-modified: Fri, 21 Feb 2020 14:51:32 GMT
server: cloudflare
etag: "825d29708872348068d8b7ab74583080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MtHnIBufe6WH%2Fm0Cy4k3BJ3WopczVLeijDbty6M12sOvc2yGDox4FXyUbyU37tSJAZyqcEsKN%2BjJ0sPyc0Uq9UJdbxshNYdEZIJbyhyiq5fPEgI8HGSDIjGglOkurzxWDAhBkai89BTMlrtCsquwIzeCmtiJomw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 16GCVFRFHRMSYF02
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 japan_05.jpg
static.officeholidays.com/images/300x189c/ 17 KB
18 KB 86ms
73ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/japan_05.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 587850a77b5db30eb330bfc7cbc76511a668bdc641c7eb46e186bdf498605930

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15207
cf-polished: degrade=85, origSize=33585
cf-ray: 6c56961efd4363ff-ATL
content-length: 17508
x-amz-id-2: tlvnGsqIu6HgZ5owdDi9OKfhlDU9bpefMtpK2XA9sIIENUAGY0cq2K01OIRkh6XillRvNGhuv0A=
last-modified: Mon, 06 Jan 2020 12:58:22 GMT
server: cloudflare
etag: "1123533eb3a19c13e558c78910111146"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cx9jMoPrKPZ7n%2BWe1gVVmuaS84ThyB%2BWDxXJE1igh9Wv72K8DEFs5eir0UisiKr15u5iWW%2FLC%2FSHlupDPeM3f6tEcur5HlHrRDZcshkkc85CT4f0pv101af0h4QJVGQSdSMKSqHsF0YXe8TPEUg35pxD2pzXMRc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: YXVD07ZT5FCPDAN7
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 india-pongal-03.jpg
static.officeholidays.com/images/300x189c/ 19 KB
19 KB 39ms
37ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/india-pongal-03.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 755c4e219a345179b1749e1fda5ffe48aeff2c7ad1af8fc739264050d84cda67

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5978
cf-polished: degrade=85, origSize=40586
cf-ray: 6c56961f7e9d63ff-ATL
content-length: 19098
x-amz-id-2: AAc7eVXT+OAP+NWsp4ghIYAeINgE3ffpDiUql2Eu4GXoCM4RmnAsdQYlcAYe9rgAu+QuzsPtfzE=
last-modified: Mon, 06 Jan 2020 12:38:09 GMT
server: cloudflare
etag: "f9af56b91fe50f0c13dc1e4475d6b9df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtBxMjbOeRF6tbQ6yGTVV9pS6MAuAXyfMNsLbV5aYEwptlvcNmHdVXLI21DUn4oAECN1kqkBKPFh3rpkqQ9FqhJa9HFNuX1ExxhqwVD1upbPIDZwh%2F%2FKe2tdWCR%2B%2FkhlLzd0TDPMwuIETMRvTDUqvg%2Ftt94NPtY%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 9VR7RDDN4HNYP9QZ
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 mlk.jpg
static.officeholidays.com/images/300x189c/ 7 KB
8 KB 34ms
34ms Image
image/jpeg 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/300x189c/mlk.jpg
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f394701fcbe618a85c1e53521cd9169079d089c69024284c855546769ba03c66

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18881
cf-polished: degrade=85, origSize=13694
cf-ray: 6c56961f7ea863ff-ATL
content-length: 7468
x-amz-id-2: y8VSrBTeid1FTNNVKRGtwNiKPcQl0n0xZXYeadOIK4jJ8rWdavDn8Po3h4FV6sFrBMN7uV6saT8=
last-modified: Mon, 06 Jan 2020 13:18:49 GMT
server: cloudflare
etag: "39eaff0830a3f101473d56ef7ba036d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3r2TPwZOYT%2FC8%2FmOc4Z1LxDT1hl34vzC1WmcjIJAGMz2sJ0Fl1OrNQFRXT28X6UBxwJBw8a1gU31e8MYoJRBK8DuafWQvaaUhfOb3i0goAbuGVnWoTmhJthGi4L1OlCVQpty6Jt4t4FPvMFnVajfppkN2iUsMlc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 4F16PZQV69V7GYCQ
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:85,h2pri

GET
H2 200 print.css
www.officeholidays.com/css/ 2 KB
1 KB 42ms
41ms Stylesheet
text/css 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/css/print.css
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc626e59a6cdb607d4d6e0c5d4ae45051821d1130303f1cf37af443c31cf1bf7

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=2187
last-modified: Sun, 14 Feb 2021 13:40:23 GMT
server: cloudflare
etag: W/"60292847-88b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZQNKKIcz0MvFNfK4OJTeJgqtGLjX93XeJoC26BweJJoVc90l65UkzU%2BRMokkD%2BAP7OGewry6iNf9XFES2ucRSnAXWH315YjWVtrynoUv5iZ9zKFKL1DcbQOfp1nHfCRAUIWzDm3GvjfX3NrS7pVAv607DQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6c56961fefe663ff-ATL
cf-bgj: minify

GET
H2 200 logo-footer.png
static.officeholidays.com/images/logos/ 1 KB
2 KB 38ms
37ms Image
image/png 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/logos/logo-footer.png
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4baf0bc4e6b687e5796f6c3f9c3b097e3cb9677c164a9f9cce3000a6da1d345

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16157
cf-polished: origSize=1458
cf-ray: 6c56961f5e5863ff-ATL
content-length: 1403
x-amz-id-2: hMTcSgg0m+paX10oQWv8Wf/gpqSGPjLBRVjPzfTNwKj0u3TZwnoECROCVDFaHWiWtimtg/gaFyU=
last-modified: Tue, 07 Jan 2020 11:39:10 GMT
server: cloudflare
etag: "6d08085845e0648a4b93fa1252a16c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Li6FveRc5IMxq0pYLCAnOg3dg43pGGn%2Bmdvdkv2DB5B6x2%2BUrc%2BQ5VWUj3sv1auinjeqBA03UyFmcB0LPFy5Z7ZQDNprWFelVNz6uCkLdk%2BoWdjq3CqIXCbja4o%2BNo7mv2V4gjuwqE3po27Thp5q5xtZfZBGO%2Bg%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: JWJPR3AW9QQHF69P
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/png
cf-bgj: imgq:85,h2pri

GET
H2 200 jquery.sticky.js Show response
www.officeholidays.com/js/ 6 KB
2 KB 37ms
36ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.sticky.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8853e8db8dbd87dbd0de8f513e1fe5bccd647932a7f3a36953fe041f460bf71

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 25097
cf-polished: origSize=10087
last-modified: Sun, 09 Aug 2020 18:52:50 GMT
server: cloudflare
etag: W/"5f304602-2767"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CNCr9AnhtnxbyfQHTAw8s1wMqskAXqs7iNOLUpdy%2BpWWZsdiuNcIG2llg05f4aMrLSK5XCUp2Hm8aTFtt59BbrzX28CxojCB1ifn4UkkY2Hm9qMSQRL9yJoBVN6BAzlGF%2BOh3E4lxXtPoJ2FAxALZbi8kc4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961eed1d63ff-ATL
cf-bgj: minify

GET
H2 200 jquery.jpanelmenu.js Show response
www.officeholidays.com/js/ 12 KB
3 KB 89ms
88ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.jpanelmenu.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd584d2c8e67e3f9ea33d3279be34ad664c6992f21d6f8ba390ed2895be03440

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=17991
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-4647"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2PGnaTqUUjQGP3ixBedzC9%2BXQw9tEkD%2FiDBFZCYWSnuGvaiC50YNAOqdrPl%2FwvuSK99W4tiHi6TpCKcDjaIFOJY2cgcEHPwA%2BBWO16nw1ocuas%2F5oloufBGD%2BJ%2BEhj%2FxcgX05i0KfhdyYm%2FwodthBw383k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961eed1f63ff-ATL
cf-bgj: minify

GET
H2 200 jquery.themepunch.showbizpro.min.js Show response
www.officeholidays.com/js/ 20 KB
6 KB 68ms
67ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.themepunch.showbizpro.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 757af2c764065126975ce04518d003a63d00853b40b725c6a32c4886ba886256

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 Jul 2019 07:43:39 GMT
server: cloudflare
age: 20648
etag: W/"5d2d802b-4ec2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJ2sUGeqkWfcWD2huymaWZDJOdfeKrCw1E98hD2pjq0KbJUNmNTkYqv9kRBMsOHsoXNF%2FChk3KNwaJtOjJ8oQvXi4e11xMKqj7GON38DM4UheOz7XR13KDlZFoxMoRguSZCmbM1NPykCz9Op2DudKf38xtY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961f2dcd63ff-ATL

GET
H2 200 jquery.themepunch.plugins.min.js Show response
www.officeholidays.com/js/ 83 KB
29 KB 52ms
52ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.themepunch.plugins.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a05749d141ac2afe2bb058728835b431089ef1c0006712cc367bb8237d415471

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
age: 20648
etag: W/"5cedede9-14cbb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPZbKsmB1BwMMZzxnbeqTVxht1xk1DtKNGHhceyTu7idGV9xFIjm9c4jcQzEUFkjTQjpczUXz4%2FL4AhTNyJ6QFZ%2B2sD%2Bq2mDwI5W%2BbHm8paA8h9qWT7QUXl7OcvNcMYZg6gm7NUQJhgRuR9%2BwVm0hIIz4FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961f3e1263ff-ATL

GET
H2 200 jquery.magnific-popup.min.js Show response
www.officeholidays.com/js/ 19 KB
7 KB 38ms
38ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.magnific-popup.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74d38305973765ec542da866b9f153eb85370545dfb86e19aa00793b3d4d5224

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
age: 25097
etag: W/"5cedede9-4d44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDsVjHlR389U7byQjNNykMxyRgbrQWuH7Ycal75tuegKVh%2BrAzTe8lgEk6vsW%2Bjq0ztlraCgIELH2m6z36aOm%2FgtUGKT6wmiUN8Mtip0%2BSh3zAn1MuiPNp6mP1BXcS5WJBDFwexBGRUg9Rh6c2tQsgMor20%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961f6e8663ff-ATL

GET
H2 200 superfish.js Show response
www.officeholidays.com/js/ 5 KB
2 KB 44ms
43ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/superfish.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea39291de39d04da5d1f2f1548c075c80750499b3ebc331e51a31ed1856a9d13

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13317
cf-polished: origSize=6955
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-1b2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JhH20FiLwV%2F2BqQ2thBlQsPTqxM%2Fgj9yFHe1u3JiPB6%2FpqRn4hS%2F8dUSK%2BlCqL45rvOzGapAqJyBdEedHsY8XHu2UmDuVOhOR%2BfDFSyTmv0K7hOknk81r8qLwtt0ZBSeJ%2BdN7Lx6IwP%2FheB1PdDuVwBlpAU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961f7ea263ff-ATL
cf-bgj: minify

GET
H2 200 jquery.pureparallax.js Show response
www.officeholidays.com/js/ 2 KB
1 KB 41ms
41ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.pureparallax.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37a4ed7a297852402f1b06cd536f4691f686bc41d7306871bbde291874d3f080

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13317
cf-polished: origSize=3519
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-dbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2Fc3lkzFWYPL9lABqPrqldxeZPvk9T%2BJHBuROPCe6wNLhRm3VceqjygD5RP3%2BeXtCZEuXetRFuZC4Cvfh0khAgbeBwGe4NRWTlQmm0uvMvwoEVLFJN7hA%2BgSx%2BckcVkwPh2H9Er3ez9zBN8xAdQqX9%2F7c1Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961f8ec463ff-ATL
cf-bgj: minify

GET
H2 200 jquery.pricefilter.js Show response
www.officeholidays.com/js/ 23 KB
8 KB 47ms
46ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.pricefilter.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d400eab5166c11b17631329351d8d01a44ecda94fde03ccbb39ad69bec0d858

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13317
cf-polished: origSize=23587
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-5c23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahSSyjGfFPXjHbAZrhzRx4nSucRrOJ4jGE5SISX7lZk%2BDfIjf7uyxw8dfd6seCdFwKaYgkCJF6hwx78WZaWjbXmhrsIB3s7J0VJntmn9Pm%2FCXDWapqHo4WQMlomsGdneCLkubdP4Ty3wQyc0Pt2re5lECAw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961f9eed63ff-ATL
cf-bgj: minify

GET
H2 200 SelectBox.js Show response
www.officeholidays.com/js/ 6 KB
2 KB 37ms
37ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/SelectBox.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa4705fef8829451b1263de04ba31d0d7ea800eac5798de165f01f63f0a887fa

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=6006
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-1776"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bcq6WDD80Jh2th5%2BRem0kGmXQfPpQN8skKJMD%2FIE5bYcNnYstTlZml57sHjKJJ0%2FRJCZFBzJ0gN%2FgQKs8Zc80vMtfqnDb4dxmoIKXS%2Bk7BA7CqM2o%2FKbc64XG4ItFpUDNdDgAW%2FreXOc1QLtWiCz8yL77d4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961f9eef63ff-ATL
cf-bgj: minify

GET
H2 200 modernizr.custom.js Show response
www.officeholidays.com/js/ 8 KB
4 KB 36ms
35ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/modernizr.custom.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2be488436bf0a6517c4073dbde2c705bc4b6e13e948a674df4ce1704ee7663e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=8282
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
etag: W/"5cedede9-205a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIHlGhqdi7zxs5VsIjR3bH41dRkyVs6ftDVLbOeyDKEMPcj0TfkEdxP2i4fX9t4KM6jJKCks1KDv%2BpXA3MYLeYKYKfr2EINPQC5JIWRdtTiEcusHrz64QrXccFTcWtU4KinQc9gebPxpkVbd0wyDMM%2BcwZc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961faf4c63ff-ATL
cf-bgj: minify

GET
H2 200 jquery.flexslider-min.js Show response
www.officeholidays.com/js/ 23 KB
7 KB 48ms
48ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.flexslider-min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd3a745dc42a3e3c6217f75ac99d3a0b69be5d6648145a93bd90315f8731199b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 12 Jun 2019 12:38:58 GMT
server: cloudflare
age: 13317
etag: W/"5d00f262-5a32"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aety%2F2s36Bl1FIGWcU6mvq%2F5GNQYGNzFXdkCkEVxXGvhN5v%2Fu9QEsy5sAEv6Np5J%2FOu%2Bj5nj7%2B97xrw%2FhgzcJqS%2Bzl73ewBmrVb4yYCych%2FEdDz70J6k3bSjAPsZVEccoiOhf%2Foazy%2BuEIToy4ueWdmYfH4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961fbf8663ff-ATL

GET
H2 200 jquery.tooltips.min.js Show response
www.officeholidays.com/js/ 5 KB
2 KB 37ms
36ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.tooltips.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abe3d35dcffac55040ee5290ed3b0a5861f13727499b7b17d6ba8bbfc970d9d3

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 May 2019 02:26:49 GMT
server: cloudflare
age: 20648
etag: W/"5cedede9-147e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KKdHTS3uCjJhQ4a2ko9uo%2FR0yD8XyBGrdkrzU2tLyb0K32Fod8fNelyzL6pF55tfZdPsa6eyKaVfhbRF3FyGen0D7mHQICSo%2FWAHIdcBFUQ5WqzPUT%2F7HnSk0nWFEkPh3uicUssK0p2WfUQwPVzW7GNigY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961fcf9763ff-ATL

GET
H2 200 jquery.various.min.js Show response
www.officeholidays.com/js/ 22 KB
8 KB 48ms
47ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/jquery.various.min.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 910a193b9e3ef8129a764b3c8c1d3ca49ff2eff9382aa5f06027216ccd965059

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 Jul 2019 07:43:39 GMT
server: cloudflare
age: 20648
etag: W/"5d2d802b-59ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU7qcXq3sp%2BeMMEntlS%2B9Ba%2FEyC4MfSIK1VvP68y7UiXE2rnebYE1%2FvHi%2F6BNRm3yOCyCTn15C71wTBdGdokGbopeDBTC2J0Qsp5wm%2FEtdy4jYGTLY%2FmEdRUyN8KbD8tx7zU4%2F9vk2QVV5mCDjHy3%2FJyEw8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961fcfad63ff-ATL

GET
H2 200 custom.js Show response
www.officeholidays.com/js/ 9 KB
3 KB 40ms
39ms Script
application/javascript 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/js/custom.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1611c5690cd41f6ce3a5d02d1bacf2289b1ef4cfc8a834ac1b9ebea422790ea3

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20648
cf-polished: origSize=14862
last-modified: Tue, 16 Jul 2019 07:43:39 GMT
server: cloudflare
etag: W/"5d2d802b-3a0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFNlk2UP6aE83sVDDhXqDnOWoQcuSF82FtZLntPEwkN8JrlmD%2BtXzCPdLWn%2BrYZyT2QraqVm5IzaYHkrwJzs6AkOAR6VqiHrUCjFS59Bm49aOObpOWKlUbgZW9n3sHVTRh7AvDM1n7y19Mk8RiVd31WuIlA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 6c56961fdfd363ff-ATL
cf-bgj: minify

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 180ms
51ms Script
application/javascript 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-208-216-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 29 Dec 2021 22:50:16 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 diamond_upholstery.png
static.officeholidays.com/images/bg/ 6 KB
6 KB 50ms
49ms Image
image/png 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/bg/diamond_upholstery.png
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/combined-min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ffecd15aeaeb30b1472cfc416bc939bba82e7019524d1787506eaf6c5f112fd

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14481
cf-polished: status=not_needed
cf-ray: 6c56961f3e0a63ff-ATL
content-length: 5775
x-amz-id-2: 2myV9/K0M//dV6YGeLxNGh9IkS7GtiLA8McsvxGGqIWr7znPEl/00VNiKPjmkdc4btd9r750UnE=
last-modified: Tue, 07 Jan 2020 11:41:51 GMT
server: cloudflare
etag: "7d97782b1ce8d95bc3794d5fee922a11"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnT4jIbFFblsAPXSACg0Ufrbz3lsn9fvxHDpJAfvmcu%2FeSvMwXcGHUar1DFLr00OurQqpoa8Qj4CsyleorCargWGmEgoGt4dRuO5Bc%2F6siQYa7AX3ARHp5ySrkZUtQSCJAL334TWmAsqcJNndFwiFvWpAroZm%2Fg%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: FRV0VGFGRWW49PQY
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/png
cf-bgj: imgq:85,h2pri

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v16/ 15 KB
15 KB 133ms
43ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/combined-min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:13:51 GMT
x-content-type-options: nosniff
age: 23785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:12:08 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 16:13:51 GMT

GET
H2

200

home.png
static.officeholidays.com/images/icons/
Redirect Chain

https://www.officeholidays.com/images/icons/home.png
https://static.officeholidays.com/images/icons/home.png

239 B
867 B

45ms
45ms

Image
image/png

2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/icons/home.png
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/style-min.css
Protocol: H2
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac2214e3d6ee5afcdabb7581dfee1a9cb27ceabf1cc2967b4a7c9bd69a7e9d46

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23035
cf-polished: origSize=243
cf-ray: 6c56961faf3263ff-ATL
content-length: 239
x-amz-id-2: MqUwnc6DR0jdIvp86/12P/A26COBliYsJVgQN5vWTHkuaChLtYnuS81ats+avV/AOw99Byz2l+k=
last-modified: Tue, 07 Jan 2020 11:38:05 GMT
server: cloudflare
etag: "d5076d5594cbd02e65a41da7e0ef1e84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnCksKCRKfbnAJRtJpSzOYz%2B3APPG0wxw1GDjqScNXhb1Wvun1U1yotF4Zq7BEnZn9mWQUeMur%2BilTzV%2BrObr%2B%2FVGOLsXzL44SFrlwAjJNrd86eKD7FwwDur3JPQ3pVHbwAbO1Uvf13jTLmMzbsOfLMyKaPJrcY%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: CC0QQWR576H8KHKC
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/png
cf-bgj: imgq:85,h2pri

Redirect headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 23036
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xF%2BEcLgUM1jp5n8fiBOnj3Tu41ecRaGPWyEEfhSc9aPwCrQHNJOwnCDMG%2BdN3O9oxEfPY7aIR4OLt2YKUqR34npzyV8vuYjyKClvBmq1mf5UNZ5Moe5oPQCdaWBXNH%2FiIZiEMNREV83EVXEbS8R0V1ig4sc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://static.officeholidays.com/images/icons/home.png
cache-control: max-age=14400
cf-ray: 6c56961f3e0f63ff-ATL

GET
H2 200 fa-solid-900.woff2
www.officeholidays.com/webfonts/ 78 KB
78 KB 31ms
31ms Font
application/octet-stream 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/webfonts/fa-solid-900.woff2
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Referer: https://www.officeholidays.com/
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Apr 2020 13:42:00 GMT
server: cloudflare
age: 8712
etag: "5e970f28-13654"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhTRJDJWV1rxirKlltqqJ%2BfH4xHB%2Bs9ynJ5E4k1%2FyTEys%2F2eR9BzHqRIWtFqHpa72ToI1g8CyczhEWRLNRzLRyt6YmDkYhi2Ls7kzQeQDPF97b%2B5OZ%2BkoIMmYRmS%2B93VANJnFOVA9YixMuArwAkcmtl1PGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6c56961efd4f63ff-ATL
content-length: 79444

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v16/ 14 KB
14 KB 132ms
51ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/combined-min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 16:06:56 GMT
x-content-type-options: nosniff
age: 110600
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:11:29 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 16:06:56 GMT

GET
H2 200 fontello.woff
www.officeholidays.com/fonts/ 11 KB
11 KB 79ms
79ms Font
application/font-woff 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.officeholidays.com/fonts/fontello.woff?31771571
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/style-min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa2df4ecafe8d43a9e9f5b22493e6b55223d3e40d282db18c4a150825d6dddaa

Request headers

Referer: https://www.officeholidays.com/css/style-min.css
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 May 2019 02:26:48 GMT
server: cloudflare
age: 6796
etag: W/"5cedede8-2b3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46a7K7dit1u2mr5ymmSyNu4w27A5f%2F9M3u%2BpNboMemLmVYuGCY8m%2FG8M0oqecJsEsHuL4RYvTE3SroKSfiGxENdak20SswFyGOPAZRsTtl5wuXiLbs1WbeAIyut8QWq8ihbBD32wTodqsSJQcIYwEc2shR4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6c56961f0d5763ff-ATL

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v16/ 15 KB
15 KB 104ms
69ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/combined-min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Origin: https://www.officeholidays.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 15:56:08 GMT
x-content-type-options: nosniff
age: 111248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:12:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 15:56:08 GMT

GET
H/1.1 200
OK officeholidays.com.js Show response
tags-cdn.deployads.com/a/ 495 KB
152 KB 606ms
446ms Script
text/javascript 99.86.38.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags-cdn.deployads.com/a/officeholidays.com.js?_=1640818216768
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-2.2.4.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.38.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-38-72.sea19.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash: 22c277fec155a581caf9461dec20a16698215d8349b4721be129adaaf2fa887a

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: public
Date: Wed, 29 Dec 2021 22:50:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Dec 2021 22:50:17 GMT
Server: awselb/2.0
X-Amz-Cf-Pop: SEA19-C1
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Via: 1.1 adc2002956acc4d61bfbf3b973fdf247.cloudfront.net (CloudFront)
Cache-Control: max-age=1800,public
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: 6QM1M-PlIyi55BsGO_hw4llO8-5F2dXV6KtP99sMJTrTVi6DtphfpQ==
Expires: Wed, 29 Dec 2021 23:20:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 129ms
40ms Script
text/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1309994-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 558
date: Wed, 29 Dec 2021 22:40:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 30 Dec 2021 00:40:59 GMT

GET
H2 200 all-flags.png
static.officeholidays.com/images/design/ 49 KB
50 KB 41ms
41ms Image
image/png 2606:4700:20::6819:c73e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.officeholidays.com/images/design/all-flags.png
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/css/all-flags.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c73e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd95e9a4ef006fdcf7f729f436e1af189514efdb25a44c6d2e19c7d90dad83b2

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11339
cf-polished: origSize=55038
cf-ray: 6c56962079cd63ff-ATL
content-length: 50297
x-amz-id-2: 9s6B7JsVPBBZ6bM+HF41EnBVTUdDZ0sMzZ104g2KrX45+YhaPdZPwBlvWrCKe5cLNr9kH38778g=
last-modified: Wed, 16 Jun 2021 15:23:14 GMT
server: cloudflare
etag: "a068da8cdf8c813b2c7301352511caff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vL%2F0kkf9Vv5EXSn%2Bf%2F6WtQ8D%2FBxYzj7aeHXZAP0Zn4%2FFX9Fk3WsJw7G0ge4HuStS%2FTYTwGiK5ut%2BTG6Bjsq%2Bz0TVVJ00N9dkUGs4ToUeZLo9RRcpf0T7sRVTiB65iZt6eAc%2BK%2BcTTplpiVO2jGFu%2B7%2FGzWsAdlI%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: FRV9DTX36XRG01WE
cache-control: max-age=14400
accept-ranges: bytes
content-type: image/png
cf-bgj: imgq:85,h2pri

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
212 B 57ms
56ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=152456015&t=pageview&_s=1&dl=https%3A%2F%2Fwww.officeholidays.com%2F&ul=en-us&de=UTF-8&dt=Calendars%20of%20public%20holidays%20and%20bank%20holidays%20%7C%20Office%20Holidays&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2061127145&gjid=743419583&cid=654536387.1640818217&tid=UA-1309994-2&_gid=156153302.1640818217&_r=1&gtm=2ouc10&tc=x&z=1228952025

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.officeholidays.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 148ms
41ms Script
application/x-javascript 23.52.163.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.163.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-163-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 3BDAE1FAB05E52F4
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=44189
accept-ranges: bytes
content-length: 948
x-amz-id-2: JQEtOEyiFCqCP1YLI1OIPGBGUg/WHgpDv22+z5rvn/G8szLTqEelRVwbxuu0H6mk2GphOf1hSec=

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
127 B 117ms
35ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 tag Show response
btloader.com/ 32 KB
9 KB 96ms
35ms Script
application/javascript 2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5733520474374144&upapi=true
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2f5cdc26695f52b874cd392a7e550a39f498f04fd6b31f2bb5c93cb13fd2413

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c5696222a0163ec-ATL
date: Wed, 29 Dec 2021 22:50:17 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 611
etag: W/"900441d6b4adc99992443210b8411d7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uaQtiAY5GZLLAi6TgBUuOpD9cm%2FY5UR1mofZLHTu1wRXco48XBs6Z4qQcL8HGblN4cT9wIfLGFnReSpHvs7laaVa28Pz%2Bt17eFrFg6BQkYngdWwqj%2B6MLYkLeTrDB%2Bzh%2FVuUvN088b7AsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800, must-revalidate
content-encoding: br

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/63PnFF5pyWGBQmDdBBe7mHE722M/gpt_and_prebid/ 34 KB
9 KB 77ms
21ms Script
text/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/63PnFF5pyWGBQmDdBBe7mHE722M/gpt_and_prebid/config.js
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2cd5a2de50f72198595e3e547da487d02663341c94e132c58b3cc68037b7e209

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:50:17 GMT
Content-Encoding: gzip
Age: 2136
X-Cache: HIT
Connection: keep-alive
Content-Length: 8624
x-amz-id-2: RBi0TAu3QwkKXSMyENpS7fEFdELP+87SjxD0LPMjONVLRXineBrs3S1B0JpFdqkErgbzHEOtq/Y=
X-Served-By: cache-atl18478-ATL
Last-Modified: Wed, 29 Dec 2021 19:59:17 GMT
Server: AmazonS3
X-Timer: S1640818217.317730,VS0,VE0
ETag: "1fbdc76595f8e1337e9cf8e2a1bedaae"
x-amz-request-id: V04HYXZKC1YF1552
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 48

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 89ms
41ms XHR
application/json 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20211229

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9962c3584bde9960eb31b23561d2a5563345b9c02c0909436d2f20be3f14d775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 28145
x-jsd-version: 1.0.1205
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19170-FRA, cache-pdk17856-PDK
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"69e-B39R5aFYiClM0C2Q/rncLlLSQIE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6c5696223a7c63ab-ATL

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 161ms
66ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

4cfab73f48ea3a2c03aa2520f0de01c65bb730a123b6966d3585a5627351e181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1086 / 848 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26908
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 29 Dec 2021 22:50:17 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/wZt3yQfgdwnz-/www.officeholidays.com/ 5 KB
2 KB 262ms
89ms Script
application/javascript 2600:9000:20be:6600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/wZt3yQfgdwnz-/www.officeholidays.com/choice.js?timestamp=1640818217256
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 68845971c0a28da55e6f681f5d18d3d48323de4da906d18918771f8ab627a36b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
last-modified: Fri, 18 Dec 2020 14:15:23 GMT
server: AmazonS3
x-amz-cf-pop: SEA19-C3
etag: W/"0bd34cc2e45bf8d97afbfe909202b1db"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 da4fa914888b330b3e8a08632b8e41bf.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 2cmTNKoqJ8XaNXfHBcRbMhQDeZ5IFd7qwMIbSLv4Rjc_lCpEQDusww==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 274ms
91ms Script
application/javascript 99.86.32.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.32.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-32-39.sea19.r.cloudfront.net
Software: Server /
Resource Hash: d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 02:06:35 GMT
content-encoding: gzip
age: 74622
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 1RYQFP5PNXZ49V9H8FM1
etag: 4da12c74ee926b2a11a4e43bfb72b2fd
vary: Accept-Encoding
x-amz-version-id: 4VmutqpMSKe44XUliQiub0_OOWAXoLbl
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: SEA19-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: YisvX_l99vDyDPvwW72JY7gdJaf_ZL7EvlItX7f9N_86Rpbtp8ubVw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
444 B 156ms
62ms XHR
text/plain 2607:f8b0:4023:1404::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1309994-2&cid=654536387.1640818217&jid=2061127145&gjid=743419583&_gid=156153302.1640818217&_u=YEBAAUAAAAAAAC~&z=1214988605

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1404::9c Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 29 Dec 2021 22:50:17 GMT
content-type: text/plain
access-control-allow-origin: https://www.officeholidays.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/ 189 KB
61 KB 22ms
22ms Script
application/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/63PnFF5pyWGBQmDdBBe7mHE722M/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:50:17 GMT
Content-Encoding: gzip
Age: 142
X-Cache: HIT
Connection: keep-alive
Content-Length: 61460
x-amz-id-2: BK8VHgH6W0FZe1UnoSio9Q58lR5GsvCqI/SsD33ohubz4p2jjrLw9KNk6SbXsxRialTW1l1Sa1U=
X-Served-By: cache-atl18478-ATL
Last-Modified: Thu, 02 Dec 2021 17:00:39 GMT
Server: AmazonS3
X-Timer: S1640818217.346511,VS0,VE0
ETag: "0bad6e8b774e2623401e436c2a44f48e"
x-amz-request-id: W3SDPVRGNG0Q768K
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 33

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
664 B 145ms
40ms Image
image/x-icon 142.250.65.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 01:21:12 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
938 B 92ms
31ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.9110212239694202
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Wed, 29 Dec 2021 22:50:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 483
x-guploader-uploadid: ABg5-UwJqWnd_axXVSRH_RA45cVpf9_ZryZOhzimH2WXAgFKR17PaZF9n7rD2FeN8t2Zec7r092c7NmvJdn5LmMxbYpeHGEjvQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fV8m%2FOg7APoLd3Tc2fE1gWziCCYSAseri%2BYN%2B2bZJbpsNmezOKQt1EbI9lzr3GLFYlrBVlvPD1NERFzV5Rsc3TKVQD4NfLkMZk9k0twRXoedJ1PiHWN9j8xB0m6N1de1V%2FjHI0%2FCHMHc6dZqJA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 6c569622d8841068-ATL
expires: Wed, 29 Dec 2021 22:58:22 GMT

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
34ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 112ms
65ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 29 Dec 2021 22:50:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 105 B
117 B 102ms
54ms XHR
application/json 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.officeholidays.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

b59b500c10081c7361b2f747cd0ee8007d7fd662b6cc5cd4f73024e247b941f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92
x-xss-protection: 0
expires: Wed, 29 Dec 2021 22:50:17 GMT

GET
H2 204 pv Show response
api.btloader.com/ 0
96 B 110ms
48ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=uxfngUMz&w=5673889744027648&o=5733520474374144&cv=2.0.2-2-gfdc9054&r=false&pageURL=https%3A%2F%2Fwww.officeholidays.com%2F&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5733520474374144&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
cache-control: no-cache, no-store, must-revalidate
vary: Origin
alt-svc: clear
via: 1.1 google

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/23/ 266 KB
67 KB 89ms
89ms Script
text/javascript 2600:9000:20be:6600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/wZt3yQfgdwnz-/www.officeholidays.com/choice.js?timestamp=1640818217256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ee5b1d3c5bf9e58c1f15fe57944a5a39a0a50be21ddcad91f543f4bcb458d637

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: br
x-amz-cf-pop: SEA19-C3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Fri, 18 Dec 2020 15:09:37 GMT
server: AmazonS3
etag: W/"0b0dc6ff860ccf425c2181576cf5a62e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 da4fa914888b330b3e8a08632b8e41bf.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-id: kvf-9QM2RxJAaY3vHkN04N1ISBKgg4z-QoqtCPtXe5vGmUzfwgoXRQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
316 B 81ms
79ms XHR
text/plain 99.86.32.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.officeholidays.com&pubid=82ced0ff-f996-4780-a317-3a867a4dc64d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.32.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-32-39.sea19.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:43:18 GMT
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront)
server: Server
age: 418
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.officeholidays.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: Fkk1czMYcKGA85IscqQKgkpcTMtXMMZQ1bqZvHtH_9sOOnsRQS5ZSQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 242ms
83ms XHR
application/javascript 99.86.32.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.32.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-32-39.sea19.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 75827
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Wed, 29 Dec 2021 01:46:31 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 4c48e9fb20d53d40e9fe273dbdae1099.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: baBKuZpmqZ0YHIAqXJl1qCDkzIvBVz92V4tMaTTVlf4tP65krITcYw==

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 37ms
37ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 geoip Show response
apis.quantcast.mgr.consensu.org/ 50 B
154 B 134ms
35ms XHR
application/json 54.144.110.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.quantcast.mgr.consensu.org/geoip
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.110.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-110-34.compute-1.amazonaws.com
Software: /
Resource Hash: f39f2b8b4e274e310c742d4698faccfcd554d9399bff6a1288f6a6dbff43a2ee

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
content-length: 50
content-type: application/json; charset=utf-8

GET
H2 200 google-atp-list.json Show response
quantcast.mgr.consensu.org/tcfv2/ 154 KB
38 KB 245ms
86ms XHR
application/json 2600:9000:20be:6600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1125977d75831f8dd16c659421295ccf41a7cc32adec67af0cea7ca10a3064c3

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 20:40:36 GMT
content-encoding: gzip
age: 7782
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Wed, 29 Dec 2021 03:00:26 GMT
server: AmazonS3
etag: W/"7fa88a561375ad2fcd1522167ad70ad4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json
via: 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: SEA19-C3
x-amz-cf-id: cjo6c_yQPDYxH6Q0StAIdd3WQdnUM0McdU07kURYNMQjKCz0QkR-pQ==

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-4f79f44a5554bdf6/ 3 KB
1 KB 78ms
69ms Script
application/javascript 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-4f79f44a5554bdf6/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-208-216-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4f20d4fa5c14d44506e0437b5f35799e765281ac679f618e1a18206f0d99b7cd

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:17 GMT
content-encoding: gzip
etag: 765761757--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=11, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 1080

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 136 B
2 KB 159ms
130ms Script
application/javascript 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=61cce629312cc394&bkl=0&bl=1&pdt=362&sid=61cce629312cc394&pub=ra-4f79f44a5554bdf6&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.officeholidays.com&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1640818217761&jsl=1&uvs=61cce6292b7a013f000&skipb=1&callback=addthis.cbs.jsonp__44144720757959430
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-208-216-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 76018b64f68c6ccb319a0be1082807bf46c108b6d7ad5b1b82963606c0037f6c

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:17 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length: 136
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame E756 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 6D0B 71 KB
26 KB 61ms
61ms Document
text/html 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-208-216-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
x-check-cacheable: YES
date: Wed, 29 Dec 2021 22:50:17 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 custom-messages.5799ddf75a30812a3d49.js Show response
s7.addthis.com/static/ 114 KB
28 KB 53ms
53ms Script
application/javascript 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/custom-messages.5799ddf75a30812a3d49.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-208-216-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e08ee0a0555b2527719a5d5581fb11ae492e0a111be1f89ceedd3b51e995c7c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-1c9fc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Wed, 29 Dec 2021 22:50:17 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 28521

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 58ms
58ms Script
application/javascript 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-208-216-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Wed, 29 Dec 2021 22:50:17 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
35ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:17 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 284ms
195ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 234ms
145ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 264ms
176ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 179ms
92ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 203ms
116ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
203 B 195ms
109ms XHR
text/plain 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.officeholidays.com
Date: Wed, 29 Dec 2021 22:50:18 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 200
OK v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 13 KB
7 KB 309ms
131ms XHR
application/json 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: a49daf1adab44f7d14521bb0870395c0ed706fbead34e1f93449645e504b96d7

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 6595

POST
H/1.1 200
OK v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 13 KB
7 KB 293ms
98ms XHR
application/json 34.225.113.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-113-77.compute-1.amazonaws.com
Software: /
Resource Hash: adaf43b6c06749e6927c89d27729b9226aa833810a7a9b5160d7f3aacc58cc77

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 6235

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
359 B 411ms
293ms XHR
text/plain 34.207.4.184
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=5.6.0&p=%5B%7B%22placement_id%22%3A%22%2F1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%22%2C%22callback_id%22%3A%2211cd46ae5763fe%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C250%5D%2C%5B970%2C90%5D%2C%5B320%2C100%5D%2C%5B320%2C50%5D%2C%5B300%2C50%5D%5D%2C%22ym_placement_id%22%3A%222489959856509755443%22%7D%5D&page_url=https%3A%2F%2Fwww.officeholidays.com%2F&bust=1640818217966&pr=&scrd=1&dnt=false&description=Office%20Holidays%20lists%20when%20countries%20across%20the%20world%20have%20public%20holidays%20and%20bank%20holidays%20to%20help%20you%20plan%20your%20meetings%20better.&title=Calendars%20of%20public%20holidays%20and%20bank%20holidays%20%7C%20Office%20Holidays&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22sortable.com%22%2C%22sid%22%3A%221189%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.207.4.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-207-4-184.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.officeholidays.com
pragma: no-cache
date: Wed, 29 Dec 2021 22:50:18 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 27 KB
11 KB 271ms
184ms XHR
application/json 68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

6ea2206661cf77dcef9574403b5a3ce0f31eb26d64bb3a473143ed455bfc3353

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ebf274cd-4640-4375-9c9f-30f7a682a939
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 92 B
748 B 442ms
199ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.6.0
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: a5d77cad6a7b51728b9896a822aef251af8447b69c77d461314a6b3e918d8850

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.officeholidays.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

POST
H2 200 auction Show response
c.deployads.com/openrtb2/ 612 B
941 B 437ms
352ms XHR
application/json 44.193.114.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.deployads.com/openrtb2/auction?src=prebid_prebid_5.6.0&host=www.officeholidays.com
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.193.114.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-114-165.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: ea2ac75d9d205853c5fcb249b650fa719db9d3ae0f681379c72f7d5bd8a6ca35

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:18 GMT
server: SortableCactus/1.0
content-type: application/json
access-control-allow-origin: https://www.officeholidays.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 612
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 181ms
95ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969564017575d7c6e2d84fbcf70026&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: c67c8743c99bac3190d43b996a8d9337da29825a7cccea995c097cc43ea353d0

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 252ms
166ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9690b3017575b35616b392fd4a004f&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 09a2817cee6b86c568356351dece241237b70037bf0fae6016d097be7cb0722f

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 230ms
145ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9694d1017575b35ae2b392fb2e0045&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 0cc345d22f1ed5dbaf7fa98df0e236705b31d23f5991dac5e52569bc58d183ce

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
345 B 210ms
125ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969945017575b35065b392fc450045&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 0cf7bc9a3888ca594b41bed34e611ecbce65d00a9c51128cde7e95ce4a03194b

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
345 B 220ms
136ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969d42017575d7be33d84fbab60033&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 3700d5a6abb21693f3b9103449a5c85e3a4b265a2663b78b4fcfd82dd1b880a8

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 193ms
109ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969015017575d7c324d84fbbcc0032&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 58e3ef4c026058906edb35ef189f46e7e663dae1005cad79034ea5db85ce1eb9

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
549 B 156ms
73ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969564017575d7c6e2d84fbcf70026&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 204ce05b7140f861848112b7bcdcb6c4cd389d6b35aa5d88fe92089eb7f2b947

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
343 B 271ms
188ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9690b3017575b35616b392fd4a004f&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 27a407945f1c4fc8f072ce7ed5544ec732e115614010459a7f88d71590719af3

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 192ms
110ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9691640175754ad21855b40fe30416&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 0685def41f0d2d2f304118aa2fbf5faa8835a199ec1814e24ccca2b2d980c52e

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
343 B 238ms
156ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9694d1017575b35ae2b392fb2e0045&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 91cac24d01f053c0be372048a86bfa17e5fd3d60559e250f182364552bc12fc1

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
342 B 197ms
116ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969945017575b35065b392fc450045&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 7621c495c5d0c20ec8e37f7d5e8192ba68bb13a8949d6418acdd3bfdf56d0210

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
344 B 182ms
101ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969d42017575d7be33d84fbab60033&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: f9037aba2e7c62538e6816cfea5c59488eb6023912853f02e0d5d978d20b0395

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
343 B 207ms
126ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a969015017575d7c324d84fbbcc0032&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: d6cf8343bc71a42312d5cbc829872d3f8d906a1b061d3ad16bca509e9596350e

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
343 B 200ms
120ms XHR
application/json 3.230.217.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695060175754ace1655adba820326&pos=8a9694d1017575b35ae2b392fb2e0045&cmd=bid&secure=1&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-217-116.compute-1.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 70bda16ea767ea8e9bd4b25d146eda792eacfda3c305b494c0875c667eda4274

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
content-length: 62

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 862 B
2 KB 259ms
130ms XHR
application/json 69.166.1.15
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2253dc5ee47460e6d%22%3A%22662d9a9c2a2ea6d454b7%7C728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7Cgpid%3D%2F1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%22%2C%2254b51cd43a453c7%22%3A%22662d9a9c2a2ea6d454b7%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7Cgpid%3D%2F1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%22%2C%2255ac23838ac30e9%22%3A%22662d9a9c2a2ea6d454b7%7C728x90%7Cgpid%3D%2F1966186%2C21724050933%2FPub_officeholidays.com_728x90_Desktop-Anchor_0%22%7D&ref=https%3A%2F%2Fwww.officeholidays.com%2F&s=a9762fa8-52dd-476c-9380-77ed2a741abd&pv=df12da01-cbe8-4ecd-8358-076d77c77f3c&vp=desktop&lib_name=prebid&lib_v=5.6.0&us=5&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22sortable.com%22%2C%22sid%22%3A%221189%22%2C%22hp%22%3A1%7D%5D%7D&us_privacy=1---&coppa=0

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

c1882cbc586d2fb4262ff0dbcebbfa31147f72c2ad7792cc73af5cf4edd9bc52

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-56
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 506
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 382 B
1 KB 279ms
140ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13218&site_id=330802&zone_id=1729490&size_id=2&alt_size_ids=43%2C44%2C55%2C57%2C117&us_privacy=1---&rp_schain=1.0,1!sortable.com,1189,1,,,&rf=https%3A%2F%2Fwww.officeholidays.com%2F&tg_i.pbadslot=1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0&tk_flint=pbjs_lite_v5.6.0&x_source.tid=998c1403-06ee-4792-ab9c-98f919e7bb0a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.854935406778226
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 609dcf743f97363f9c5479388285eac4168baf15917b021fdae2b5fc08da5d3a

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:18 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 382
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 393 B
1 KB 330ms
190ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13218&site_id=330802&zone_id=1729490&size_id=15&alt_size_ids=2%2C16%2C43%2C44%2C55%2C57%2C117&us_privacy=1---&rp_schain=1.0,1!sortable.com,1189,1,,,&rf=https%3A%2F%2Fwww.officeholidays.com%2F&tg_i.pbadslot=1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0&tk_flint=pbjs_lite_v5.6.0&x_source.tid=f430e14b-af99-485c-a439-f95d5b8c57dc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6920188411899417
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 28e8611171b308eecd0a4c622aead50b9e296072a89a1212ce8faceba22c1011

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:18 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 393
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 323 B
1 KB 356ms
214ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13218&site_id=330802&zone_id=1729490&size_id=2&us_privacy=1---&rp_schain=1.0,1!sortable.com,1189,1,,,&rf=https%3A%2F%2Fwww.officeholidays.com%2F&tg_i.pbadslot=1966186%2C21724050933%2FPub_officeholidays.com_728x90_Desktop-Anchor_0&tk_flint=pbjs_lite_v5.6.0&x_source.tid=0146a350-2e04-433d-9aa1-e571a3d89e37&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.25264432064494646
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 9367eed2ee9736d2892608ab0439c481f9351f183e0a7a36369949f8fea86025

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:18 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 323
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 1 KB
1 KB 251ms
175ms XHR
application/json 68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ffefec92a4d82b341b1aac5231b3343d597bfeda81baf06cff0fb91329be9193

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b03a072a-8623-4c48-ab8f-a39872571457
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.officeholidays.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
194 B 108ms
44ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bB6WE2N0Cr6QCOaKkGJozW
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 8eef52bc243cf10c90c10cd8acdb1bceed23158b83d024e68fe6593f6478920b

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
339 B 106ms
43ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bB6WE2N0Cr6QCOaKkGJozW
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: d4b794fff6d83ab31a9b5c54bb5c471c04f15e5b834cffbd43583aab059c8abc

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 118 B
203 B 132ms
69ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bB6WE2N0Cr6QCOaKkGJozW
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 44f76ed0bd408e8caef4449962732a82c68e87bd531c77bd05386224cfdccc4a

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 38 KB
38 KB 307ms
205ms XHR
application/json 23.199.204.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=538261&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%228076efffd0b8879%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.officeholidays.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A12%2C%22msi%22%3A12%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.6.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22810a6f9e8be2c7d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22300x50%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22823673ca95e72b1%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22336x280%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22300x50%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22831c478240b790b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22538261%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22sortable.com%22%2C%22sid%22%3A%221189%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.199.204.79 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-204-79.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 06030a1358bf0d9f32b30dc63121927b368266552ed780854982b11c1c05488f

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:18 GMT
x-ak-initial-geo: CC:[US], RC:[GA], CN:[NA], CIP:[92.119.19.73], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.officeholidays.com
x-cs-client-geo: 23
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 38792
x-ak-client-geo: 23
expires: Wed, 29 Dec 2021 22:50:18 GMT

GET
H2 200 arj Show response
snapsort-d.openx.net/w/1.0/ 73 B
384 B 103ms
42ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://snapsort-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.officeholidays.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=998c1403-06ee-4792-ab9c-98f919e7bb0a%2C998c1403-06ee-4792-ab9c-98f919e7bb0a%2C998c1403-06ee-4792-ab9c-98f919e7bb0a%2C998c1403-06ee-4792-ab9c-98f919e7bb0a%2C998c1403-06ee-4792-ab9c-98f919e7bb0a%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2Cf430e14b-af99-485c-a439-f95d5b8c57dc%2C0146a350-2e04-433d-9aa1-e571a3d89e37%2C0146a350-2e04-433d-9aa1-e571a3d89e37&nocache=1640818217998&us_privacy=1---&schain=1.0%2C1!sortable.com%2C1189%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C970x90%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%2C970x250%2C336x280%2C970x90%2C300x250%2C320x100%2C320x50%2C300x50%7C728x90%7C728x90&divids=%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_728x90_Desktop-Anchor_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_728x90_Desktop-Anchor_0&aucs=%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_Desktop-top-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_300x250_728x90_970x90_970x250_2_Desktop-bottom-sortable_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_728x90_Desktop-Anchor_0%2C%252F1966186%252C21724050933%252FPub_officeholidays.com_728x90_Desktop-Anchor_0&auid=538599761%2C538595841%2C538599744%2C538599737%2C540235943%2C538595563%2C538599761%2C538595841%2C538599795%2C538599744%2C538599737%2C540235943%2C538595841%2C540235943
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 268b503e9627e3e23c011eb87c50154bd6c04880972fb78c4f967208bded495e

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.officeholidays.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 204 300vi.png
m.addthis.com/live/red_lojson/ 0
110 B 100ms
99ms Image
text/plain 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.addthis.com/live/red_lojson/300vi.png?cad=wmb%3Dyvgy&positions=yvgy%3Dtop&goals=yvgy%3Dprompt&first=1&rv=0&uvs=61cce6292b7a013f&pub=ra-4f79f44a5554bdf6&dp=www.officeholidays.com&rev=v8.28.8-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-208-216-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:18 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 29 Dec 2021 22:50:18 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 106 B
581 B 107ms
107ms XHR
text/javascript 99.86.32.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.officeholidays.com%2F&pid=Z3qNvPwK8arjY&cb=0&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22Desktop-top-sortable_0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%2F1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250%22%7D%2C%7B%22sd%22%3A%22Desktop-bottom-sortable_0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22336x280%22%2C%22970x90%22%2C%22300x250%22%2C%22320x100%22%2C%22320x50%22%2C%22300x50%22%5D%2C%22sn%22%3A%22%2F1966186%2C21724050933%2FPub_officeholidays.com_300x250_728x90_970x90_970x250_2%22%7D%2C%7B%22sd%22%3A%22Desktop-Anchor_0%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F1966186%2C21724050933%2FPub_officeholidays.com_728x90%22%7D%5D&schain=1.0%2C1!sortable.com%2C1189%2C1%2C%2C%2C&pubid=82ced0ff-f996-4780-a317-3a867a4dc64d&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.32.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-32-39.sea19.r.cloudfront.net

Software

Server /

Resource Hash

3903ae8dd43a056b904c4f09209de29aa40657c4a3df8b2de3d044e4da309b54

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: SEA19-C1
x-amz-rid: 2SQ8EK5CWG7GCB2F7Y85
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.officeholidays.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 106
x-amz-cf-id: o-CDL8m6KgEB50bZc8PKVQS5X3sfEbSE8A_8M_XG9Hkr7xCiph6T4w==

GET
DATA 200
OK truncated
/ 98 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 9 KB
3 KB 308ms
80ms XHR
application/json 2600:9000:20be:f800:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:f800:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 578c46a0ee69579fd4b43f55f14bf7ba956e6e68c63c1bef3e4f9b707f06fa32

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 03:00:35 GMT
content-encoding: br
age: 71384
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Mon, 20 Dec 2021 19:52:29 GMT
server: AmazonS3
etag: W/"e8fcf7837314928b62f82d485ad3745e"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: OilCUQ5SjJSF7kGRMdAFlArBBUM6rNQo
via: 1.1 9825a45e2b387a61504c0c3df20048ee.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: SEA19-C3
content-type: application/json
x-amz-cf-id: XiUcYi5chdoiCsuRr29qyBv1lj8th3pdVYqBm7K9BEvYx2VqK8_jlg==

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
34ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:18 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame E8F1
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t

228 B
1 KB

60ms
60ms

Document
text/html

209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

1c51a27985c6077f7233804d8152b4fc3d4e2c95e8b70aa3a4a60e6753712264

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Server: Server
Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 228
Connection: keep-alive
x-amz-rid: S8DD500KGZPN92WT5NCB
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: W8GCJMB7CYWVYKSG61ZT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
34ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:18 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame E677 256 B
789 B 40ms
39ms Document
text/html 209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-simpli.fi&fv=1.0&a=cm&cm3ppd=1

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

9d0e234d09d84193f7a6864d7d8d49fde5308dede27ac235b91faafc18f4502b

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-simpli.fi&dcc=t

Response headers

Server: Server
Date: Wed, 29 Dec 2021 22:50:18 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 256
Connection: keep-alive
x-amz-rid: 2JP7THXR6WZHMXFE6A91
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 vendor-list.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 300 KB
38 KB 86ms
85ms XHR
application/json 2600:9000:20be:6600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:6600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d352ac4017027726a121e27264ee558de67630940437446adbb0358a1cd31601

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 03:00:37 GMT
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 71382
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 29 Dec 2021 03:00:32 GMT
server: AmazonS3
etag: W/"e802d27394ab55f99dc15fe58755837e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: SEA19-C3
x-amz-cf-id: NSq2mXHJ94vXGQ1Cr0fUydR59yLng9qMzHMyHGInAsqJ7F2LgfuRuA==

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame E677
Redirect Chain

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D
https://s.amazon-adsystem.com/ecm3?id=7F2FCDF0C65740BE9AC81D5744563E67&ex=simpli.fi&status=ok

43 B
556 B

43ms
43ms

Image
image/gif

209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=7F2FCDF0C65740BE9AC81D5744563E67&ex=simpli.fi&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-simpli.fi&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:18 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GNVK38JC16HHKTD5FJJ7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Wed, 29 Dec 2021 22:50:18 GMT
x-content-type-options: nosniff
server: nginx
location: https://s.amazon-adsystem.com/ecm3?id=7F2FCDF0C65740BE9AC81D5744563E67&ex=simpli.fi&status=ok
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 28 Dec 2021 22:50:18 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 148ms
54ms Script
application/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.officeholidays.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 167 KB
46 KB 472ms
472ms XHR
text/plain 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3801479109644815&correlator=2335595896040548&output=ldjh&impl=fifs&eid=21065725&vrg=2021120601&ptt=17&gdpr=0&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20211229&iu_parts=1966186%3A21724050933%2CPub_officeholidays.com_320x480_300x250_336x280%2CPub_officeholidays.com_300x250_728x90_970x90_970x250%2CPub_officeholidays.com_300x250_728x90_970x90_970x250_2%2CPub_officeholidays.com_728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=1x1%2C728x90%7C970x250%7C970x90%7C320x100%7C320x50%7C300x50%2C728x90%7C970x250%7C336x280%7C970x90%7C300x250%7C320x100%7C320x50%7C300x50%2C728x90&ists=8&fas=8%2C0%2C0%2C0&prev_scp=sdbg%3D7%26s%3D0%26u%3D13d%7Cst%3D8%26sdbg%3D7%26s%3D0%26u%3D50d%26amznbid%3D2%26amznp%3D2%26br%3Dm%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.34%26hb_adid%3D1068968ca358f49b%26hb_bidder%3Dix%26uf%3D4kx%7Cst%3D8%26sdbg%3D7%26s%3D0%26u%3D3f3%26amznbid%3D2%26amznp%3D2%26br%3Dm%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D1.03%26hb_adid%3D103d6fe4d0859c4b%26hb_bidder%3Dsharethrough%26uf%3D6v8%7Cst%3D1%2C8%26sdbg%3D7%26s%3D0%26u%3D8bl%26amznbid%3D2%26amznp%3D2%26br%3Dm%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.20%26hb_adid%3D10815030e819c79a%26hb_bidder%3Dix%26uf%3Dj7&cust_params=scv%3D2&cookie_enabled=1&bc=31&abxe=1&lmt=1640799999&dt=1640818218481&dlt=1640818216638&idt=1045&frm=20&biw=1600&bih=1200&oid=2&adxs=-9%2C180%2C180%2C155&adys=-9%2C617%2C3070%2C3633&adks=1766249875%2C4129706618%2C149467714%2C3276980286&ucis=1%7C2%7C3%7C4&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.officeholidays.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C1240x2647%7C1240x2647%7C1290x-1&msz=0x-1%7C1240x90%7C1240x90%7C1290x-1&ga_vid=654536387.1640818217&ga_sid=1640818218&ga_hid=152456015&ga_fc=true&fws=2%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&btvi=-1%7C0%7C1%7C2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

80dc76a667b3a90efcf6548a9ee2fa74ae6ede9c70f3e97fdb4de201127cadba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46817
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.officeholidays.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 149ms
62ms XHR
application/json 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6d623bf1104ad8b66f9031d2c1e922ff46fdb603a06f0c860311b7d43e9da13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8480
x-xss-protection: 0

GET
H2 200 container.html Show response
2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F9D6 6 KB
4 KB 164ms
57ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 29 Dec 2021 22:50:18 GMT
expires: Thu, 29 Dec 2022 22:50:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 34 KB
13 KB 62ms
62ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

6438deeda87c2438473fc3c887e708b7f23b9c27dbf7df19e2e525f3b299abd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12940
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 29 Dec 2021 22:50:18 GMT

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 40ms
40ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:18 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 66ms
65ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Wed, 29 Dec 2021 22:50:18 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EDA2 13 KB
5 KB 89ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Tue, 28 Dec 2021 15:49:30 GMT
expires: Wed, 28 Dec 2022 15:49:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 111648
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F773 783 B
1 KB 161ms
64ms Document
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ac9ecc4bf8b1b73eb7a9a62952ae97fcca97a0c4f0e5c7357728329f8da36ae0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NapjOrHcqE5/lfCWM0JpHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 29 Dec 2021 22:50:18 GMT
date: Wed, 29 Dec 2021 22:50:18 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-NapjOrHcqE5/lfCWM0JpHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame EDA2 35 KB
13 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 317374
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Dec 2022 06:40:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F773 0
0 66ms
66ms Image
text/html 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=3801479109644815&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s72-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 container.html Show response
2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D206 6 KB
3 KB 40ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 29 Dec 2021 22:50:18 GMT
expires: Thu, 29 Dec 2022 22:50:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0BC2 6 KB
3 KB 40ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 29 Dec 2021 22:50:18 GMT
expires: Thu, 29 Dec 2022 22:50:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9A4F 6 KB
3 KB 40ms
39ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 29 Dec 2021 22:50:18 GMT
expires: Thu, 29 Dec 2022 22:50:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D58F 6 KB
3 KB 40ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 29 Dec 2021 22:50:18 GMT
expires: Thu, 29 Dec 2022 22:50:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
35ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:19 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 css2
fonts.googleapis.com/ Frame D206 4 KB
1 KB 161ms
59ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 22:44:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 22:50:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C90D 3 KB
652 B 150ms
60ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 22:14:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 22:50:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C90D 1 KB
880 B 40ms
39ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:46:39 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C90D 19 KB
8 KB 40ms
39ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:47:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:47:44 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C90D 2 KB
1 KB 41ms
39ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:49:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C90D 15 KB
6 KB 42ms
40ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:37:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C90D 0
0 107ms
58ms Image
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7_kmHxR2T36FY0xbIIv8_umGVbO3Nh6KJEZxIkz5OKy7ya6aHyitM5QpgKNo7JsqQQlYGUGfkwikBnbc-kbI3lk5Mvg
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C90D 119 KB
37 KB 204ms
108ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame C90D 27 KB
12 KB 130ms
39ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 06:45:01 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame D206 19 KB
8 KB 44ms
44ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:32:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1057
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:32:42 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D206 205 B
296 B 134ms
46ms Image
image/png 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 22:40:56 GMT
x-content-type-options: nosniff
age: 173363
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 27 Dec 2022 22:40:56 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D206 604 B
920 B 132ms
45ms Image
image/png 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 00:11:42 GMT
x-content-type-options: nosniff
age: 340717
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 26 Dec 2022 00:11:42 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5938 645 B
984 B 149ms
56ms Document
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARjviYOcATAB&v=APEucNU0URU0J_pEFN80riZbcyU8Qv-4XNYwxu3vX_8K16UEvFInzee-x0LtFS5kz3966-V0NjyIVh3a6N7AhJRZ5hDFTlMzckAjfSlG8sFIeUveOj9CoVI

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 29 Dec 2021 22:50:19 GMT
server: cafe
cache-control: private
content-length: 285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0BC2 12 KB
9 KB 172ms
80ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4Xocpc3oVHKyKJaG0BpxVfhJvzSjxrgAsdkV_HmJ-hurafm7NkpMlMSqNH95to44m1yCMUkzofEQ56nYG7s6FR85jbiM2zyi3t_oXjDI4t5c-yZOruHxvEUVnStvnAxnf0_m9yBhx5Y3IJH1O2vCB52-TgA&dbm_d=AKAmf-BtP3oAHDjIDZOiQWAwugFnOXn6kbvNNYZQNvH9oBH_jrz3ZUSwvaw2avLjHwWoc5zpgR1w7RJAvITKCFEojC4kx4IO20m5FGEQ9gEqzQb1tCCV_OoJzzIJil26Y5qT9U3KlBw5h0veV9pMyWPBHFiwAETobuxIj89qvck-KMT1vBdS6IOO9HizVzSZMlfiIUlyd3y9a-ofI_x7ZfjHbJ97PBGjfiBu3IKlUp5_SCZ_sxx4oZ7dkDIhUGHeTCJPUNcLcaflvRCHISDKNSr781xly0rIi3Th24WdsZ-2r2W4u2kASDBXqHWcV-RoxuEnMZUZp3bZIkM0u3zNXSHUjIG6hj5OLtJdsY7cSfCyANEFI5QQtGtroi3BHKEproNlEyQJwF_26BXVkPFnMR6pOm2BF3vHlIex8ghK9k3MvG86HA2EAR5a8a0G3Fij0WWapJuKjKpfRRk3TuGhPeJyR4GQMSxDSEFS5D27BzUq8h_YAUMgYsUIUgb0wdXgZtGZdcXM5NXX6arT-GlZbnRBT73U1_p1sARVkS5VFEujHjGjJals61NUDDXF4xWHYS2wY1m5YIsxP-3vthWXxFGMNqI1vLDHcrRGPC1nsfVXC2TtCr0j5eHiitSpGz3HEoA0G1OchtUaV8JdICnNSKiVy0FFKBw6nVJamYkJxs8urmeloID5CCVIgNPlg8-5vknox8rj6jcEp6kVncyqQimSjF9gtbApNgxKJ3QWaIy5c6Ohv1clX3sU4lI5LcIuCbbc95YWiFh3GsUMq0eeOU9NwmxOdxP9kp-zI5U18COyV7wlPar0fUyIxrB_tN9c7g7Mp9cpdWl2HOU5IjHg9h0Rb_dFZH2bYTJ1rVlr-Kg0ombha3Kiw-6eYCu9fFGFY04brghYDFKguglZFSxVX0_n1re8ERfBFZZLf45Zq-KZAhCEe0e6oyNDAZAgb3DFlvYsZt1U-XM7bSh4FNdnJ-Fq-KRGH0zvhxSZQbf5Xc3h2LNa33DXJRO1EsrrfuC214ErapiGMvIhSRlDoz1QfdcFObMKPWdBl1OFgH0gPaNbL07qGcsjM2KCDX0riYJ04_fzuQnhQIhwTMID1UD7uthwjxs39AC8kWH0cQ4KdyrgPOG87w7ObADFjV2qZm8eSp88Dbihqg7GHIwe2VealaBtIqeUlVFqk2AilNPC9EER1uWdjWugqEN9iZ7-S84U8BqT21IwWijXuoY6KtNrhOd1BWkFmoRcBgm91N57by3IaGTBzoeUntTtJ8Hqn7xjScVzCABQbfTcUPpKRwbNrBx5_KUoyDUIOjNvWVk87P56m7WvfxpYIhwiBV4pD22-EXSlpvQ_0wjWtXjRh0kLKVIR-ESsUq4lN2mCwqdC6eSuOSX70hIQk1NeuFp-FdagaJM5a0yQqCELMBfwaZBE0vPtcPtE83dAXgDoQ-YEdLOst6dRjNfE2ijxwNobinMX52BxG9E4B658L12yFcQw-07Bc8sMnWSqFOR7-5_WwYh-t-tNACBGonN_BWQBBaDjIoX3q2zNigd0VxH3TVt6c3WyhIOVtNvAIHYALw-CmZagZprWuPEffV1XtE2mulpDFdSqjkGcSaJPzlcMu-RywF539UXegwdPcZSKLYkoADyUMOvrlnxVsIb3d-K2wJ7hhWpZX6Yh6w0jwAlxpZBDuIYXxNtY9qkmJl1w8o-IJLEmG-ukhrFhj-K8qV4zzUXKIH4bmFGaY_dr8oOJ-5Vhw10jojHGIMzMWVdTCKg2wQrg8HSbHMQViFsOQ7TgCOp8Hv0cJ-6IYLPLLjsBlSi4hLZyxSzZc0QsTRegb2wDyRFmCljFO2iA4DK2mJcIvLEPFE9YYjAIqz756RUz5M63-7j0pyV7cYztm8UY9BlDGwUZyqpP45fnQ89yuxCvIrB-HZTuPNTU1X1lkrY2Q1YYnP0WhhcG3vzcwRdN_E5HnfXHq4FL3VYhgpCDRGK037ij3TDKhFqlNq8Eb0HwmSBjZLWihAu6Xnb09pCmIVYoC31s0p-16uoWxE17TCwcN1M_Jj8W2NCHV8Il9Li927yim0Xx7K7wb-PcRzCZO6fOsArWNnpej0o26eztRYWVYukJvQw_zLHYhC8szvsx1lf2PbOOJHgJGee1QyZHfeqMh830LQfs_atu96iF1EiAk13eFTpTCa79iY704v7N7cGkKHGJX02b-KN9fR0evtULVe1qpXhiBjX6eQZy87EoU0M6GM2V8Qj61gUe_OFKWvmXokCPTRP24fS9GnRoJLiiAqthwpYfFWpFbrw6bBk1RazShCSVxuLU4huGmlY1YRd5Z1Ej23-I7Ubid1HGQO5wAFsl5IAHvhslOMe5dkDiHPDH-1N9TZboDWn3Fks9Z3c91VkmpU3cxIoiz071kTMyNBCjZEr48wlgOigTCMWCrqqZ63xzbV6TdpMePFGWOhRXm2FdkV3-1a7ZnIYKbYfLvfyaTO4Vdmh6cXViknpiTjbz27o7Diti89rSfMugWDp5aCGih71kO6Kwi7PJv9AOSiI7MnWeqpOcUhNeZ-oWDN0kui9b6vqNtPMNjv3xqTYU_v_VQp0EsZoE2uU-WO3sEopUZ6F7kq3s0VmxthIcRcKRSs_fBko2v2U6gXbZNHovK0adUv2pctTlsw4FESuxwAIAYT0GYnM8iPI4TqDem2fY9rsj1hNIKGcOJnrcWMohsPnMGcD8bjoGerIguq2WyABv8uDcJeHts_4&cid=CAASFeRoSGkBmeKXsP1r4Toa5eOamPYiFA&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9481159f47f085b8d789b71c6c0016dc2062cc001d6abf40a679fe65ecf6eef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8816
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BC2 42 B
63 B 61ms
60ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Atc6d2TvKk6b_GFvp7HJwhSiKE1qRaqRw8dNCB9yoHfss7EvgM6v0aoDMKXYHrv6EtsLpHZXooHQBd_ocCDj3SITcRPuG16snIgihrfT34_7lL_ew

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/549590/52686815/xbbe/creative/ Frame 0BC2 236 KB
73 KB 133ms
38ms Script
application/javascript 174.129.162.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/549590/52686815/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.129.162.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-174-129-162-246.compute-1.amazonaws.com
Software: /
Resource Hash: a1e87a2481a375c768957ed1d6a8c924b6ba4b9fda03f067201ed2be978828e2

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0BC2 2 KB
1 KB 63ms
61ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:49:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0BC2 15 KB
6 KB 45ms
43ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:37:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0BC2 0
0 96ms
57ms Image
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTUvVF8CA0nkRD5vuDPL-zVt09N9fZkwDosF9yAHz-MREbTOU5bls529B6s4HDIRcRa9zaRFBvCBjjYz_mlKIUCT4ZSBQ
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0BC2 119 KB
37 KB 157ms
70ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame ADF0 645 B
569 B 146ms
57ms Document
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBENbEmQEYs5vxsQEwAQ&v=APEucNXoiLkFeeCdMyIMCcua90c1-m_64Za3DUhcI_ND96ngXJfpYXSNJTRdQHQdz0HS1UeuhELZuKDYARBwRtwcSuvqXFXXEuOeoKKOkgeGjKRS2S5fREA

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 29 Dec 2021 22:50:19 GMT
server: cafe
cache-control: private
content-length: 285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9A4F 82 KB
31 KB 207ms
118ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMBS-AcUW9MfzMmFidsUtVTICWsgfCtumtcBDYMllTCFFnGCyq8DakJg-ZnoSZBAhEw5wQWTyNGGipLG7bKTe-qT5kcB_On7BlCDV_RRbIUz42XIiBUuruW3oUTm57eexW31zw0AtyKssZu8O-ekZPt2K46g&dbm_d=AKAmf-DsOYrKakzk4psS8KMreOYSwW5kCUVrNRjwXhN0-u3rV9ZnNHH9RZIbiCzLbRrHBOpya6pU-WWE-qccN4eirC-9oGcax0fDVA0_V7Dg03UPGzHUPwVEYZcxfAHrZs2gEhipf1LR-hjAuO7vuJaRk6B3MJKQ4jX8aiTqe_XJKpAwSENmUl7fVKRXJOay2GYGb66XeBVIidmBIXQZIv3q2K7joMLw4b6YW33Vb2QEvwWd6XEEigDBM4-fvShib6c58X2KRxW_7MnbG9xH5xHvR_O4Fk8q3zA3MyDlP6AdXPBwx5BWa9zxolfobBUaLUWFroeAnlHcZRmIvQJ0lsT4m152oEDA-8xfiNLfvolvucPDmvPO3uu-Q9QmZOXeT8J2-QdlX-6UNZORIG-5F97tFKh52BkW64IyXxbqQgrrYSA1vX6pZigqL6fj9-Qe7ejVhl8khu-4zZ9dZbX1iPSV8qwNXvOtf2W3cnnfEIMV7xf5slN25lgYzJcVPBs64yuY9tjWtQyWisU99CqWdkRoNlusu6PlKmJTJHMTN0L-6BPrd6uAwVv1Y72tNM53XEE1DsaaD44feB7d_3O8lWPU8oPWjszWgcsfDbh5oQR9DU_vqPryl_zc_RAVzpIXnpopl0qIjNNlsw0erta6rYc3pK3PnrZ54Qd9QK0pH7GnrZiUfrzz3NS2uMX6gGu1ucSswcnOVzSod5pdHHlZJMojVkI2V2FkJ1c4N7XNEI_JPu8U3V2qRM6OIqB063nSzYXYtqMOcwIKKIxW4Peq8_Slh7amrMnjNLVIJPBObVwObiR9ZQ3zy_cpMjAZEYVagu5G2i8YPnU_OzJ5POVVqq_zaDKQwM7pHBGvLdHWeKeyjU3oe2TPxFze6Z_avGa-PUcNqDDj9kxnZ38xFvMlj4IYO6aUCQgMsc4lF_xkbMBbkRbEzwY-jmE6YOzX-nYoMCMUVltanZi9FuzCTdQEt4OytmptBwPQOYjNUC1WPs1Mer7V-5KurHeT8e2IPMLdDv-plOFgsJGxFHS1Ws22rWzrjDLUPuYWAXb3oJbCmDkMZPG8v_UQjm1kYL3TlO03wHIlft6x1QzJjpslXcsgmB1GjOcAJ_aWztXvixlXuV7Xeax9-AVRscOL2D1KVS3tJTL0dbH8FP-bt7LWgQKrJbYYreqhoHmFALMlij7wUj883g5FfBm48la2dEl8jcBNgvqK-pqiuU_mERqxbAkDpxO-uIKamo6g9EKOa6G4m2vn3cYDZffEZhsI517Zc_TRu2_coT_6pfQCMvplzk_pCdxRUVul2Ddsk3daRYSvFfs1uQWjMIEnAj7Ay0iXLbR9P-jVuHz_s295G7C1AldlYxPcIMrH12K2j9CCxrHwwHtgYsocUohT65DzU2xfI9v_WnuVUoCqSCNJFmqgfEemZosF4aMB4lO0DuiTUxTJIoYRXnAcO9pbe0x6D5SDM5QpAmd10NnOE0rYDKTq12iAs1EnSbHwD_UYNeF4WyoGW6q4JIVaLnpR5ojMkh5-qXZCAxhP2hiH_s-SUgHZ1xGhgacgWvTQB_uw4iARw5wHpcjYjorhu3RITyN1mMxkQZ43fzScpfcECpAkvfH1s8FbUhxntySfRETk-Yeh0f1_6JethS4-mdpt6YQ6yjAak5JdDb5Xd6p4ew-3qUDwz2no3CaiSjuJPNS9VDNM-7zhZ5y1BFI8XyM_0dKeXP2u3mlV14SOOECcnp_klAaTPEkfv291G0lKWYphh816dtYJ-qKkqVDEA_0NpiQWI58SFS17BJc8vOaWmJc0LLDkvzsGfTQ8W9kMYTvTM4k1c5w1T-3T2y0PoepFcDyDuTKlGs3Ke77HPXuERIihr_b0P36IGwE8ueFK02kXpUo0S6SPk48w-_4ULM4aAkWxnsGzPXvLIXZp3R5Lw9MG3h6qmlIjQZGEfqO_Arq2tYLhsKcB0A3j60waSlRlTjfhysau5JXoVxhLbfq6Of2OK10rbkgKzMvETZ1o5PmhyXuF8OORQcLj64tlaLLN-aHiK4cOtlCcee-LX4UyUct2x6c0i8SQ0kyrKes2XoSuny-bj9DXFCQlwCbvg_y-YoMUlD4lvkJJcl1yrLpeZpFjpVsMEAckZVsDNNRLGpmpVVc9mVHQnNN5YmZspwgzkAzOLBmeEI2Y34bpi83S8TEYPRT3UdKfJbg8xB5Wnqh7AyCfI7j0rJX8c5nDcGVR2y6W95rW8HKMtR5G2guEidUAMJsxF2amEb02q-55346KXwnbywdq_H_AS7_bAwpqLtCm8E-JQWB_FLhHi2cHWAKDe5EMILq17TyIhdoFb9NqBXBUCXsEzbI52GF6_-ocCzSFPCUrzh9EFC2grZ2KA6CixqMmPuN0BcjdSe32m6gJX7EjP-EJ4on9OMLGTEA4wmE4ksCUvdgZsfWNek2qoyXZ0e8FEYzhpx8p_FRac1bb-a4O9JkRWTZMRZFjGZjZcavut_wLGIScKjQEQPMvVscX78uJTmHqEtR3WsCNd9esQ43Fn95ITuxWQHr7ivaQHGk4AWCjgS3fbzN2-jQzuHD2UW4YiFfFmfsMVKikwuM5qtVQWoaT5-y6U4Cm1CE4bdB5eN6nGdolVYIF5VEt2AQX6OapNAZPVaVIDixzTe86yroNJa958Z1m6KajDtV8Aa9aZPjJ9-qjgLRXi6FTxK9zJ6DBepNAA3aXYCdGWMrqk92bFApoyGpWP4b0QQ5Xbu9iHdC6Pt33xmv06fMFGxk1NToL2HG65SJPfnG7q6q6r3aBfLDZUu81B-Ma5mOSPqxXezJI3rK0o3nLXp9JL3Q-ut9GlqoTjQzeclWtExsXliVxAKKu6PR4phW_QwEL9Otqxi9IPFK7horRoJ8Vy4Z4fh0fR_WvXUaMx6uItZndcWrWpqATF2oqAZemIZTp96FCBfJngxn-1clxq44i3eu5OxfGYFw2nnFn4pFu50k1VxCLsCHHLgSOnG470FCxqsdSzj-wiO8USvqBjlvvu6BhkxaWDBkIfgLL3TgodIUs3PXTGznOZuB1NUJ6FYL36Gy89eIdPONcU47mNBlpj_lvRL3bCNXBwvKXkF7dcZH8DFWi7BrK30iZtSedKm6EgkmhGksFE65486fmziq5rV97e8vLkQd-qhMe-vQuwofSMHRmFWAJQyZ0Xegk66wHpl891RPEUS8oj7pKtBZ77kTwMUbGep-FDdZlXBY4vHztnp3XUSn8-A69jt7sg7sCL0TRn3mNdRW2Ve3guYZGFu3O&cid=CAASFeRoKJXaQa6LrAgpuxhLlfmpbDPzaw&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

525da265947c5c84a9087de19417eb024e9a5f4aeb1a5003894c09592505f858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31912
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9A4F 42 B
63 B 63ms
62ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CYI4lDAx26Y1_4aAwl5f0em-nA0nSPwhO1cH1VHld2KhJAaB7i23Gir6k3N09gR2gRyh8VgHVzcBtq1gKK-sCNCPi4YHbQZR8FvJ90J0MSOn_PF5U

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9A4F 2 KB
1 KB 60ms
58ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:49:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9A4F 15 KB
6 KB 45ms
43ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:37:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9A4F 0
0 95ms
59ms Image
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ8MCyUobDMCdpji8YiO9qJO2ozZ8n0DCAF52rkOFrUmeKath1N3LUWW3ZYOJKPpB45g3Y9sn7MphKA19HHQCCswIbd3w
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A4F 119 KB
37 KB 182ms
99ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5F25 645 B
568 B 141ms
57ms Document
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBEJ-hFBiR6d27ATAB&v=APEucNXj4ykVuirEfPyYq2xoJuxuVr0IimYes4Dp6ecQGj_NcnGWRRi9MKm9cM7pU1lVFvaEIkJFgZT0VL8ta6EhK-Z63173O9iK9nDSadxC7byL0MnOPBU

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 29 Dec 2021 22:50:19 GMT
server: cafe
cache-control: private
content-length: 285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D58F 54 KB
27 KB 174ms
90ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Brm3bVjs9Fuv81ExAFLLaRvbbIpspz8qPRUbtFKFACOp0cmVMqsg2eGHl93CoHOLUCLSsIa-NFqSTVHBJs0C_DHuLWVuJbR0dSm_WwvxHtcHTHihgwW0LHv9nv-s_4139lrBR0bEJWSEmrrHNBCibIHRJaVg&dbm_d=AKAmf-CPSUYveOrZbxJx-5nDG8vzeP7bXWDPemEIggm6Ys45NlrQSJZIZcCaTnhHpEA3-ld7b_KuPnPl3M-Y7keZN3v1qZ7jXVGzlklsQUEGHSiTxIlXfEbm8BtYALlH2qpGjFAsudI8oYsO5zvaxxnqp5iblmxCOIJt6CCm4FzmUqYZzCYvRICsol0TefPowDlBrY5aCn3m-DnMve1cU8Iz3_nEJpDgGmAHPqNUFFgCWYj-Ht0vd8B3vUwgsF1hH-Vgv1I5aJItc62vL4E2CH5Qzpsufg_NnQ4_qU6578JyaVzgzM-DhaUGfkvYLaAe4xkX4Dv3e0MKpCjzNjie5RKuu1tnmDtecZR3yBfiA3tkUi0wcgP3vpXj2BfLEQqSirFNBnAIkL9-WeA7T_Uv9XC_W_FCM95yxzSD9q0AgSZkQUuyh9nxfXiX2wvB-mfS8JlsQDnzCxbD6L5QAGDAXWh9qieEtqoWniNfHdrMYfHlA_snCCL42lVWhcVLg9NMN-QSaIm1N5mCX1LakQo7Va2pzC_yATvfOQycbxcsedmKsglVHyDT_T2TBcIkf6GCPstlIYzI1r23bG5xUk414oZUsGA7yc8yrRBU038Ag6khzlPHpTpK3hOecz_iPxssswXoeQeUvZBOKZmewKfl9Fd1r0hK4K6pMIr6a9NSDDb4tkqp3z-d5EyGZBPniGA8jFqVWZJzzxJXNDJHoOn9Ig_iQ7HEyVL166puAQD-PB9AEhXugz93Xyi2nGegafq171hIieqwIQjBTg_bIHiQnfpNflMDA2h6HKTNhh76KDXZ3E75oMr-R6NOpGW2nuXjDrbP2oVKN5WFHD1hdjRxVlnDV9Omw0906kaXVeGGQqLr3NvdHGobSwPbuNB-SvpuEg10Opcexfro4S_tXQ2OctLvggHooy27r9ujm2XLhz19IBNF0W-enKMbDMsv4JLfZyf8HRvbAgYNcbACH5r7SnrQWvp-fuDFy2gAFgXvg2RBez1G58VIeIJp0_QAAQ2RD4AHBaf4vL6a1ttZxSGWhvMO87UtHZZIGh06gdcLtx6MtaYIrELsY29o3bZd1kL-mX6tQ9aKL3nKDDNzUGxMqYPw45zbT2IzHRQrgdr_WaVKUeLn_hP2412lO_Y_4kBLBPZndmXtWKuUNyW6hCK1xfgDyWYrhXNwT_EhTkOBHo7ps0I0GsRrS6X9jpyghflKNbKirULO7b7u7LtRoP6sHnhBlf4Z4Xq6B9QTTylWWBwZnhGluVrOzHviDY_epcTE-qWBFZpvulggKX5rHr-fWEoQktcZ5wNL2TT_F0m2xInSLo0fyEBDuFYrWOUyEaMFvLr0ImLzM3P2rGecEetICufyWDYibZf5OW06z7CvynnC050Bnvs1KxR38L8yDt86zjOl7LgMk_GUr7XDQyP_KWqqOQz1f_Qdaxr-IzmM6Y53f5q-nePELIOwUFSVEERlKOjxvClgYsOpT9er4diiKukamjxOd-9LcdOEzzpuJPGxELC4UKiq_YF17FkcrhrNVEbBF1n7KmAXMT6igEOA9U9DTYD7QlsXDA5NgIcurOWxCs99pkVk95_7Y_0qINGr6-KeEt7KVpAkPwaBwrJ8dKFviVbOjIes9Vk_YlGQcriIx7Js6OHpW2ptMzcuDKCPYhUFwn906-0dT9xuImeHFnfm_wsoOCs0iz2fRjTPe7Hmjnc_AoMzGTf47L_cMnhZ-VNA22oQYVagas5NH_D38X_dEpwpyYeSZBTx0_o2LM5rU5yElQwk-_G_mQRxe-iOlB1vmJ1fmP3Bk1ggt_7HdTPu9EOdgCG376QdFzoHwOLwwHhuEeVwBpgjYhLJfR6cZXjz4ecshnCe1HpUgxbMvn80uSemB6rMNuuCS1S2pDPiOBBHRncqwyuxnX5b8mrRG_12fVtYsihcrKobi386-xg_Jmkh6YNe1XjXncS-vHjz7zo2AAYoVGyx2Uqc2MjZ-mbQCsXP1RhwMBBFjSd7dp5XP_15kqoiR8hbRQXr72ngmM8MiWoTGP8mPORvA6LIuhCfpDWOCUJz3uvmxw3Qz6i3k8m126OPBRoXq-wEiqvshrnjAHMVmvwsJyYOkwm0Cpx8uOURty1_mOOIFVIbFKV33s9KveEKhtO-dEUqCaPiTub8-kNLvWBfC8NulIldohM9dYfzlTV0p6HuGQCV00oRtRFCBLHwn2ss-z0jy25Ga6uuAIuA9cmIguVVMfS_WWjQliqVLKBKzB0wzB_ZzCbIES84IALrZBtLnCSe05xhZcCLm7ANfY1LSBuBZIgRl20_TqFofNb4KaEHCPiESEXgFxyDofOJ7d1ompxLGSc72PmuNBdi6esN8fqqFkxJ6epTr6LfYT5IyFgko6MxH6j_8HuKTllB59bIAL1g6sAKZjhaXxCC_p6tTgrAOVmN4PRJtkBjAtbMgNxLWKwGqEYkEFGREtgJ7jbh2lDtRQi-SHIBmGBuXb8BHJXIVTWwxDYBKpJY7DjOkzIdUJ9Nix6LxKNFcjtywJqw8DopSixHpd_DkaSJvhJZP5yVVU5FG1uqA2C35-6yAisaKc48E4Y9qjBbsLm8Zqo4X6UbTAEa23_XuJzF5sVqoRZ9H1oLdlbha1jP_QIVVnMZUTNl96xG3rmnsw0ODNKP0loKnmk8NAjz3I69S1EZSwRgGUZ7LeEFP3T9Xtwo_AIB_fYYC37Boc6qkEaN6Sl8Rd7BaqZB8usgNJ_oYu8hSoZ8xgaKm_ALS_Rer5GiNphAoP-SzloO9RO_fm75pTujqj6B9KwnsuJt6LbukQlSwkOgJqMilxDPWPh5hohfQjtZnrfNRHevmZxleVHAWOIf8vbYIijcrGBmf7L-ABvzIH5GIcixwk0d0Z8206_W-ayLzsCnsqOI8RZxwpDaI5I3lIPPz2WpnDmGWq4rdQf7cwPbQErDXOIWSunwUtimOBH_OrJfF8TroCZMZHXpuiC6wpRe-iWz0raA5sNHQC_FJ3Lvp9n5LXktkWWRClub4C7FNbNfQj-N_0sxUWJU5cZ_dmV7jAn2MG2rcDH7diThAaZmZwu7eo9Ggl3wQsK78JKOyQkFNvA_UqEV3tiyEIM4g4TqU3dDRytnsrLTlqlRxvPpnNQqdotXvuP2PB692laErBwAKo5UqBMxIfBrllRn0LgLoaeEpZe3ZOg1vzxRzBtDKaBDLy15FMkCFkRg2F0r4gEt_3Yj67X2mcWn6JXPIIFCiBprd5Ldzc2GS_0YMlSLGo-2Um1jN_Qf-Bwo&cid=CAASFeRoOsRcUU4weaRhxOB60m_AnTBU9w&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0cc0b5b0e055213fbbee5133b434b1dfa21e45cd4f848583134ff53cdabd6447

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27440
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D58F 42 B
63 B 68ms
67ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AZAlRI0ttwmHdHZjkiglNmvZgA1UoRWrxUnQKVE4Ee-BVmvCcI2TkCxUDOUF03m_GWB-PGSpevJHADaIF_Y4KT-ogktpJ7Rj5O1295FxpqQPIaiAQ

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D58F 2 KB
1 KB 57ms
56ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:49:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D58F 15 KB
6 KB 48ms
47ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:37:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D58F 0
0 90ms
58ms Image
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSaxBahlrOylYb6smPkFK7ymANdbDbvYW-7ry4oxEfSa5ytI2aipIL-rJ5O1xQga4Di1V3VPWgO5XxAR6pBZcQkRsBeMQ
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D58F 119 KB
37 KB 195ms
115ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 62ms
61ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=3801479109644815&bg=!MzClMHTNAAZKWFskSlg7ACkAdvg8WiOoCKxBVL_ZntyzHoQJtcqPR2B3MwxlZA9kwH_An9J0amHRvgIAAABgUgAAAEloAQeZAtF_RXXCil7_tXQX8Eq6CJ02MFb5a_J2wkWtE-sCtH9ItkHw01e1nJ6K6uybbcoL_Sza3vPeCUQXV8cUhtfDwcUhzyXVfwokGSVGRFIxypiDlmp68z1xvVz6bi6kSF4bfozDRZBW276QVOaiwBV_nnzROtC4VHQcS6duupTAqXI_Zam5BbKuXZuBdJtfSCcl9ZmqU8mGA_01pEt4g3GMf-6fxKBuOIrrgMgRV6kiAzp73LMeLhAV7vLhe4ri0zgp3hYfhVTybnjDH37MGepydgwuXsreZbBnT7ljdHwlVQsIhfogvVGvzNzvTfGIeoc4Z92JRIW20LZg42KdP4gcqNv9oSD5wlVzsESCB7Wkfg6nWdqvFmdnzr6i6-tGW72CsLVLgFcSf4iQIYMeq4kpP3GHwEo2PuvULZP3fyjPc5PR4XGUzNslLlBZ7zWYsYEQnqoEyP1abJVj6TBbF-FpqRVylKSfUfDZo0YdDzRyu8OIRffiP8NVIj_8urirgSs5KgQRxHRMh6E3zeJ22ssH-goTYzhlhHz5BQTUegQDSAh1Y8bTZutYeBm_KddrTdtD2f-_u97kFU-ReQaC7Q8BCASEZdOk4MQ_59LHFFyLkZj373CqOG-8VNm3B7RdPurtsrr51TwzfGcIxxl-IjygMlsjpznSD8RilYKeT6kE78fGPaN3AT8iMiqyH6I9TeUzDIAO82o-AcY3vslIu-qladWq7TVqOrEkfw52BD5GGEs6E-DQHp2OmlEBZV0esIRG3r5ucbpT_kO1UvXUQhEReE5drv358F9LmXbEtY_DDaRx7X09TmXrNVAmOg31cVKttPtz4mrhiu2aiSubmAcKkaGvpIewj3LET59eVL7Ui3H5a_7pDZajyjsO-1BM4pL-tvHAGCq1QDEdzInm0bFEmXxZPkZu35Nz109daqmAcE73DkYt0cOrCf7S5fJ004ZJr0m4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 102ms
101ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:19 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5938
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

43 B
1013 B

72ms
70ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARjviYOcATAB&v=APEucNU0URU0J_pEFN80riZbcyU8Qv-4XNYwxu3vX_8K16UEvFInzee-x0LtFS5kz3966-V0NjyIVh3a6N7AhJRZ5hDFTlMzckAjfSlG8sFIeUveOj9CoVI
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5938
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

43 B
893 B

57ms
57ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARjviYOcATAB&v=APEucNU0URU0J_pEFN80riZbcyU8Qv-4XNYwxu3vX_8K16UEvFInzee-x0LtFS5kz3966-V0NjyIVh3a6N7AhJRZ5hDFTlMzckAjfSlG8sFIeUveOj9CoVI
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5938
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

43 B
1002 B

147ms
147ms

Image
image/gif

68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARjviYOcATAB&v=APEucNU0URU0J_pEFN80riZbcyU8Qv-4XNYwxu3vX_8K16UEvFInzee-x0LtFS5kz3966-V0NjyIVh3a6N7AhJRZ5hDFTlMzckAjfSlG8sFIeUveOj9CoVI

Protocol

HTTP/1.1

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: b231390b-ba86-45ae-af10-49a8801e1623
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5938
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

170 B
188 B

104ms
57ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 07995952-2e74-42b8-9896-ecf947dd83c0
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5F25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

43 B
1013 B

75ms
73ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBEJ-hFBiR6d27ATAB&v=APEucNXj4ykVuirEfPyYq2xoJuxuVr0IimYes4Dp6ecQGj_NcnGWRRi9MKm9cM7pU1lVFvaEIkJFgZT0VL8ta6EhK-Z63173O9iK9nDSadxC7byL0MnOPBU
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5F25
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

43 B
893 B

55ms
54ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBEJ-hFBiR6d27ATAB&v=APEucNXj4ykVuirEfPyYq2xoJuxuVr0IimYes4Dp6ecQGj_NcnGWRRi9MKm9cM7pU1lVFvaEIkJFgZT0VL8ta6EhK-Z63173O9iK9nDSadxC7byL0MnOPBU
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5F25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

43 B
1002 B

44ms
44ms

Image
image/gif

68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBEJ-hFBiR6d27ATAB&v=APEucNXj4ykVuirEfPyYq2xoJuxuVr0IimYes4Dp6ecQGj_NcnGWRRi9MKm9cM7pU1lVFvaEIkJFgZT0VL8ta6EhK-Z63173O9iK9nDSadxC7byL0MnOPBU

Protocol

HTTP/1.1

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 8e9af2fc-6793-4a1f-8cbd-b5e42b6fb57b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5F25
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

170 B
243 B

58ms
58ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 46d3a151-fb92-478a-9e56-8a969481a692
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ADF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0

43 B
1013 B

71ms
69ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBENbEmQEYs5vxsQEwAQ&v=APEucNXoiLkFeeCdMyIMCcua90c1-m_64Za3DUhcI_ND96ngXJfpYXSNJTRdQHQdz0HS1UeuhELZuKDYARBwRtwcSuvqXFXXEuOeoKKOkgeGjKRS2S5fREA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM-BinRI58WJwR2aWWQpIrw&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ADF0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YczmK5HUD9X-pQUFzSEGOwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1

43 B
893 B

55ms
55ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBENbEmQEYs5vxsQEwAQ&v=APEucNXoiLkFeeCdMyIMCcua90c1-m_64Za3DUhcI_ND96ngXJfpYXSNJTRdQHQdz0HS1UeuhELZuKDYARBwRtwcSuvqXFXXEuOeoKKOkgeGjKRS2S5fREA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 29 Dec 2021 22:50:19 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE8Guw0FFHoYloUw8iEQSyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame ADF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

43 B
1002 B

55ms
55ms

Image
image/gif

68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNgBENbEmQEYs5vxsQEwAQ&v=APEucNXoiLkFeeCdMyIMCcua90c1-m_64Za3DUhcI_ND96ngXJfpYXSNJTRdQHQdz0HS1UeuhELZuKDYARBwRtwcSuvqXFXXEuOeoKKOkgeGjKRS2S5fREA

Protocol

HTTP/1.1

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 872e9798-3612-414d-8132-44e23421ea86
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEDoMAdeNPHVQgxh6Aw5pOcw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ADF0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

170 B
188 B

99ms
56ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:19 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 2ebb9390-1227-4256-8986-0aded38955a8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTI2MzA1NzM3OTE5MzU5Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0BC2 41 KB
15 KB 40ms
40ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4Xocpc3oVHKyKJaG0BpxVfhJvzSjxrgAsdkV_HmJ-hurafm7NkpMlMSqNH95to44m1yCMUkzofEQ56nYG7s6FR85jbiM2zyi3t_oXjDI4t5c-yZOruHxvEUVnStvnAxnf0_m9yBhx5Y3IJH1O2vCB52-TgA&dbm_d=AKAmf-BtP3oAHDjIDZOiQWAwugFnOXn6kbvNNYZQNvH9oBH_jrz3ZUSwvaw2avLjHwWoc5zpgR1w7RJAvITKCFEojC4kx4IO20m5FGEQ9gEqzQb1tCCV_OoJzzIJil26Y5qT9U3KlBw5h0veV9pMyWPBHFiwAETobuxIj89qvck-KMT1vBdS6IOO9HizVzSZMlfiIUlyd3y9a-ofI_x7ZfjHbJ97PBGjfiBu3IKlUp5_SCZ_sxx4oZ7dkDIhUGHeTCJPUNcLcaflvRCHISDKNSr781xly0rIi3Th24WdsZ-2r2W4u2kASDBXqHWcV-RoxuEnMZUZp3bZIkM0u3zNXSHUjIG6hj5OLtJdsY7cSfCyANEFI5QQtGtroi3BHKEproNlEyQJwF_26BXVkPFnMR6pOm2BF3vHlIex8ghK9k3MvG86HA2EAR5a8a0G3Fij0WWapJuKjKpfRRk3TuGhPeJyR4GQMSxDSEFS5D27BzUq8h_YAUMgYsUIUgb0wdXgZtGZdcXM5NXX6arT-GlZbnRBT73U1_p1sARVkS5VFEujHjGjJals61NUDDXF4xWHYS2wY1m5YIsxP-3vthWXxFGMNqI1vLDHcrRGPC1nsfVXC2TtCr0j5eHiitSpGz3HEoA0G1OchtUaV8JdICnNSKiVy0FFKBw6nVJamYkJxs8urmeloID5CCVIgNPlg8-5vknox8rj6jcEp6kVncyqQimSjF9gtbApNgxKJ3QWaIy5c6Ohv1clX3sU4lI5LcIuCbbc95YWiFh3GsUMq0eeOU9NwmxOdxP9kp-zI5U18COyV7wlPar0fUyIxrB_tN9c7g7Mp9cpdWl2HOU5IjHg9h0Rb_dFZH2bYTJ1rVlr-Kg0ombha3Kiw-6eYCu9fFGFY04brghYDFKguglZFSxVX0_n1re8ERfBFZZLf45Zq-KZAhCEe0e6oyNDAZAgb3DFlvYsZt1U-XM7bSh4FNdnJ-Fq-KRGH0zvhxSZQbf5Xc3h2LNa33DXJRO1EsrrfuC214ErapiGMvIhSRlDoz1QfdcFObMKPWdBl1OFgH0gPaNbL07qGcsjM2KCDX0riYJ04_fzuQnhQIhwTMID1UD7uthwjxs39AC8kWH0cQ4KdyrgPOG87w7ObADFjV2qZm8eSp88Dbihqg7GHIwe2VealaBtIqeUlVFqk2AilNPC9EER1uWdjWugqEN9iZ7-S84U8BqT21IwWijXuoY6KtNrhOd1BWkFmoRcBgm91N57by3IaGTBzoeUntTtJ8Hqn7xjScVzCABQbfTcUPpKRwbNrBx5_KUoyDUIOjNvWVk87P56m7WvfxpYIhwiBV4pD22-EXSlpvQ_0wjWtXjRh0kLKVIR-ESsUq4lN2mCwqdC6eSuOSX70hIQk1NeuFp-FdagaJM5a0yQqCELMBfwaZBE0vPtcPtE83dAXgDoQ-YEdLOst6dRjNfE2ijxwNobinMX52BxG9E4B658L12yFcQw-07Bc8sMnWSqFOR7-5_WwYh-t-tNACBGonN_BWQBBaDjIoX3q2zNigd0VxH3TVt6c3WyhIOVtNvAIHYALw-CmZagZprWuPEffV1XtE2mulpDFdSqjkGcSaJPzlcMu-RywF539UXegwdPcZSKLYkoADyUMOvrlnxVsIb3d-K2wJ7hhWpZX6Yh6w0jwAlxpZBDuIYXxNtY9qkmJl1w8o-IJLEmG-ukhrFhj-K8qV4zzUXKIH4bmFGaY_dr8oOJ-5Vhw10jojHGIMzMWVdTCKg2wQrg8HSbHMQViFsOQ7TgCOp8Hv0cJ-6IYLPLLjsBlSi4hLZyxSzZc0QsTRegb2wDyRFmCljFO2iA4DK2mJcIvLEPFE9YYjAIqz756RUz5M63-7j0pyV7cYztm8UY9BlDGwUZyqpP45fnQ89yuxCvIrB-HZTuPNTU1X1lkrY2Q1YYnP0WhhcG3vzcwRdN_E5HnfXHq4FL3VYhgpCDRGK037ij3TDKhFqlNq8Eb0HwmSBjZLWihAu6Xnb09pCmIVYoC31s0p-16uoWxE17TCwcN1M_Jj8W2NCHV8Il9Li927yim0Xx7K7wb-PcRzCZO6fOsArWNnpej0o26eztRYWVYukJvQw_zLHYhC8szvsx1lf2PbOOJHgJGee1QyZHfeqMh830LQfs_atu96iF1EiAk13eFTpTCa79iY704v7N7cGkKHGJX02b-KN9fR0evtULVe1qpXhiBjX6eQZy87EoU0M6GM2V8Qj61gUe_OFKWvmXokCPTRP24fS9GnRoJLiiAqthwpYfFWpFbrw6bBk1RazShCSVxuLU4huGmlY1YRd5Z1Ej23-I7Ubid1HGQO5wAFsl5IAHvhslOMe5dkDiHPDH-1N9TZboDWn3Fks9Z3c91VkmpU3cxIoiz071kTMyNBCjZEr48wlgOigTCMWCrqqZ63xzbV6TdpMePFGWOhRXm2FdkV3-1a7ZnIYKbYfLvfyaTO4Vdmh6cXViknpiTjbz27o7Diti89rSfMugWDp5aCGih71kO6Kwi7PJv9AOSiI7MnWeqpOcUhNeZ-oWDN0kui9b6vqNtPMNjv3xqTYU_v_VQp0EsZoE2uU-WO3sEopUZ6F7kq3s0VmxthIcRcKRSs_fBko2v2U6gXbZNHovK0adUv2pctTlsw4FESuxwAIAYT0GYnM8iPI4TqDem2fY9rsj1hNIKGcOJnrcWMohsPnMGcD8bjoGerIguq2WyABv8uDcJeHts_4&cid=CAASFeRoSGkBmeKXsP1r4Toa5eOamPYiFA&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317057
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 Dec 2022 06:46:02 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 0BC2
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/549590/52686815/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkx...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKP...

72 KB
22 KB

223ms
115ms

Script
text/javascript

142.250.123.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.123.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gh-in-f155.1e100.net

Software

cafe /

Resource Hash

54ee36c2d589423ebf3ec484e0fd062668e89a75e6500692c20da40e8a6ad4c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22401
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-server-name: app07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 9E35 80 KB
21 KB 283ms
87ms Script
application/javascript 2600:9000:20be:dc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20be:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 18:49:54 GMT
content-encoding: gzip
age: 11419226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 a9e73292d0b92053c3e38dcec15fd0e3.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: SEA19-C3
content-type: application/javascript
x-amz-cf-id: oesDP7JzZdEi4DTE1LLKkV91vRCFC3llubaMhSlVMQnkpl24GfGuvQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
216 B 125ms
34ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yeffsT,pingTime:-3,time:58,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:22%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:58,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B52~0%5D,as:%5B52~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-server-name: dt22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 123ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yeffsV,pingTime:-6,time:60,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:60,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B53~0%5D,as:%5B53~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:www.officeholidays.com*&br=c
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame D58F 24 KB
9 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Brm3bVjs9Fuv81ExAFLLaRvbbIpspz8qPRUbtFKFACOp0cmVMqsg2eGHl93CoHOLUCLSsIa-NFqSTVHBJs0C_DHuLWVuJbR0dSm_WwvxHtcHTHihgwW0LHv9nv-s_4139lrBR0bEJWSEmrrHNBCibIHRJaVg&dbm_d=AKAmf-CPSUYveOrZbxJx-5nDG8vzeP7bXWDPemEIggm6Ys45NlrQSJZIZcCaTnhHpEA3-ld7b_KuPnPl3M-Y7keZN3v1qZ7jXVGzlklsQUEGHSiTxIlXfEbm8BtYALlH2qpGjFAsudI8oYsO5zvaxxnqp5iblmxCOIJt6CCm4FzmUqYZzCYvRICsol0TefPowDlBrY5aCn3m-DnMve1cU8Iz3_nEJpDgGmAHPqNUFFgCWYj-Ht0vd8B3vUwgsF1hH-Vgv1I5aJItc62vL4E2CH5Qzpsufg_NnQ4_qU6578JyaVzgzM-DhaUGfkvYLaAe4xkX4Dv3e0MKpCjzNjie5RKuu1tnmDtecZR3yBfiA3tkUi0wcgP3vpXj2BfLEQqSirFNBnAIkL9-WeA7T_Uv9XC_W_FCM95yxzSD9q0AgSZkQUuyh9nxfXiX2wvB-mfS8JlsQDnzCxbD6L5QAGDAXWh9qieEtqoWniNfHdrMYfHlA_snCCL42lVWhcVLg9NMN-QSaIm1N5mCX1LakQo7Va2pzC_yATvfOQycbxcsedmKsglVHyDT_T2TBcIkf6GCPstlIYzI1r23bG5xUk414oZUsGA7yc8yrRBU038Ag6khzlPHpTpK3hOecz_iPxssswXoeQeUvZBOKZmewKfl9Fd1r0hK4K6pMIr6a9NSDDb4tkqp3z-d5EyGZBPniGA8jFqVWZJzzxJXNDJHoOn9Ig_iQ7HEyVL166puAQD-PB9AEhXugz93Xyi2nGegafq171hIieqwIQjBTg_bIHiQnfpNflMDA2h6HKTNhh76KDXZ3E75oMr-R6NOpGW2nuXjDrbP2oVKN5WFHD1hdjRxVlnDV9Omw0906kaXVeGGQqLr3NvdHGobSwPbuNB-SvpuEg10Opcexfro4S_tXQ2OctLvggHooy27r9ujm2XLhz19IBNF0W-enKMbDMsv4JLfZyf8HRvbAgYNcbACH5r7SnrQWvp-fuDFy2gAFgXvg2RBez1G58VIeIJp0_QAAQ2RD4AHBaf4vL6a1ttZxSGWhvMO87UtHZZIGh06gdcLtx6MtaYIrELsY29o3bZd1kL-mX6tQ9aKL3nKDDNzUGxMqYPw45zbT2IzHRQrgdr_WaVKUeLn_hP2412lO_Y_4kBLBPZndmXtWKuUNyW6hCK1xfgDyWYrhXNwT_EhTkOBHo7ps0I0GsRrS6X9jpyghflKNbKirULO7b7u7LtRoP6sHnhBlf4Z4Xq6B9QTTylWWBwZnhGluVrOzHviDY_epcTE-qWBFZpvulggKX5rHr-fWEoQktcZ5wNL2TT_F0m2xInSLo0fyEBDuFYrWOUyEaMFvLr0ImLzM3P2rGecEetICufyWDYibZf5OW06z7CvynnC050Bnvs1KxR38L8yDt86zjOl7LgMk_GUr7XDQyP_KWqqOQz1f_Qdaxr-IzmM6Y53f5q-nePELIOwUFSVEERlKOjxvClgYsOpT9er4diiKukamjxOd-9LcdOEzzpuJPGxELC4UKiq_YF17FkcrhrNVEbBF1n7KmAXMT6igEOA9U9DTYD7QlsXDA5NgIcurOWxCs99pkVk95_7Y_0qINGr6-KeEt7KVpAkPwaBwrJ8dKFviVbOjIes9Vk_YlGQcriIx7Js6OHpW2ptMzcuDKCPYhUFwn906-0dT9xuImeHFnfm_wsoOCs0iz2fRjTPe7Hmjnc_AoMzGTf47L_cMnhZ-VNA22oQYVagas5NH_D38X_dEpwpyYeSZBTx0_o2LM5rU5yElQwk-_G_mQRxe-iOlB1vmJ1fmP3Bk1ggt_7HdTPu9EOdgCG376QdFzoHwOLwwHhuEeVwBpgjYhLJfR6cZXjz4ecshnCe1HpUgxbMvn80uSemB6rMNuuCS1S2pDPiOBBHRncqwyuxnX5b8mrRG_12fVtYsihcrKobi386-xg_Jmkh6YNe1XjXncS-vHjz7zo2AAYoVGyx2Uqc2MjZ-mbQCsXP1RhwMBBFjSd7dp5XP_15kqoiR8hbRQXr72ngmM8MiWoTGP8mPORvA6LIuhCfpDWOCUJz3uvmxw3Qz6i3k8m126OPBRoXq-wEiqvshrnjAHMVmvwsJyYOkwm0Cpx8uOURty1_mOOIFVIbFKV33s9KveEKhtO-dEUqCaPiTub8-kNLvWBfC8NulIldohM9dYfzlTV0p6HuGQCV00oRtRFCBLHwn2ss-z0jy25Ga6uuAIuA9cmIguVVMfS_WWjQliqVLKBKzB0wzB_ZzCbIES84IALrZBtLnCSe05xhZcCLm7ANfY1LSBuBZIgRl20_TqFofNb4KaEHCPiESEXgFxyDofOJ7d1ompxLGSc72PmuNBdi6esN8fqqFkxJ6epTr6LfYT5IyFgko6MxH6j_8HuKTllB59bIAL1g6sAKZjhaXxCC_p6tTgrAOVmN4PRJtkBjAtbMgNxLWKwGqEYkEFGREtgJ7jbh2lDtRQi-SHIBmGBuXb8BHJXIVTWwxDYBKpJY7DjOkzIdUJ9Nix6LxKNFcjtywJqw8DopSixHpd_DkaSJvhJZP5yVVU5FG1uqA2C35-6yAisaKc48E4Y9qjBbsLm8Zqo4X6UbTAEa23_XuJzF5sVqoRZ9H1oLdlbha1jP_QIVVnMZUTNl96xG3rmnsw0ODNKP0loKnmk8NAjz3I69S1EZSwRgGUZ7LeEFP3T9Xtwo_AIB_fYYC37Boc6qkEaN6Sl8Rd7BaqZB8usgNJ_oYu8hSoZ8xgaKm_ALS_Rer5GiNphAoP-SzloO9RO_fm75pTujqj6B9KwnsuJt6LbukQlSwkOgJqMilxDPWPh5hohfQjtZnrfNRHevmZxleVHAWOIf8vbYIijcrGBmf7L-ABvzIH5GIcixwk0d0Z8206_W-ayLzsCnsqOI8RZxwpDaI5I3lIPPz2WpnDmGWq4rdQf7cwPbQErDXOIWSunwUtimOBH_OrJfF8TroCZMZHXpuiC6wpRe-iWz0raA5sNHQC_FJ3Lvp9n5LXktkWWRClub4C7FNbNfQj-N_0sxUWJU5cZ_dmV7jAn2MG2rcDH7diThAaZmZwu7eo9Ggl3wQsK78JKOyQkFNvA_UqEV3tiyEIM4g4TqU3dDRytnsrLTlqlRxvPpnNQqdotXvuP2PB692laErBwAKo5UqBMxIfBrllRn0LgLoaeEpZe3ZOg1vzxRzBtDKaBDLy15FMkCFkRg2F0r4gEt_3Yj67X2mcWn6JXPIIFCiBprd5Ldzc2GS_0YMlSLGo-2Um1jN_Qf-Bwo&cid=CAASFeRoOsRcUU4weaRhxOB60m_AnTBU9w&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:48:37 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame D58F 8 KB
3 KB 41ms
41ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:14:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:14:56 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D58F 0
571 B 166ms
72ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu5nj0_O5-siGjpH-InfNGWXG4a7y8qoGSWSIpYyzSpkhDdiJ6E7JoC_VfEHWAjvJB-Hd5DIwqvQEOvy9neIC2zdcd5Ku_SqTFWmvwgn71TKJZnZeXkz_pscCigoED19KUMnesHqLdclYawma15cBNT4-ZCWqsd2y2INFTykuEvsa1yWOjS4HursrTEi3fX77hAA_dilrySlrSMjMdYeOmY_AohGdaE4aUbCyFdFBTYtRO_fImnGUt1vG9hj-IGUL1_4kwAYCeH-F6QvvyfyvTh0h8CVnVYtaImhaZQob8Umck32_dKOc1IAk3kJTXXDswn3gNKvrFSX8GlWHlMb4oVjKNwcNr-w8hU4PPXNpoFQGYvusCSEkX9VA8uM-06BZJN0lNlhNFfTzK51zgFu0Knj9EKwp0j9gJVbzk0_9-YFjwT26au4xnzrAlAu3wGKX_Bj7i-BQ9aOgdVmBDRRniExLf0tKE0QP4ENE_U78ZrvB-ovo5hjCluXnryfVhR84HklPDpmA9O3ws3C-N6BKaUGf0h2zHa6Ed3VOcZRQOWYQzW64RaN8ARf3HgDqtK1UKQ8CExTQLHja-Po-z5WQ6eg-sOE0NJ7fvSFBrsu2XFElM4DnTZWHwNSzGjaCTKS-2n1Vej9PS7MMwPfNePLnnY74XKgz9NJGS3XQsqVSBVoxFzvAEGYxq-CeYk5x7AeQH8H7VZzfnpOs3CPLlosDQCL-Z2BSVaGxigcrrNR_q96kdYnRiH3EiG27GVX-dG63eEWZaEu57ZtlIqAUpUb8x_GRSwLTZ0Xy8-wwyGX3cOipsVabDltsNTMJxsibigdtI3alSp4wP9FmZDXM20vLfiGCh2YaGiIMyuek9JrbdmwxJsW0k91ZPFbiOPamabx1jrW6frRmn0EGnPy8iMO3rGwLmkzLX0MnFmCvHsZ8JHZmDEWFPU4E1xo2tNQCOUaEHmYII-81_6o9rHvusJuZ-PKHD2MG5uiuHfwbKzelYIhGoKgv5yyKqTCgzzN0vXOF4HkryvFgOsxl0oerk6COq7Ay7uwcf7WRUUSKrdDAxwvrqnLJI7iTroQKvGlPmHWwABNsatmeFZGIezgy45AtFsNAQ-3TSyyEsXr5aEdmWQfahdwNrOzABQBcCqS_YDQVm2k5Oks6iKCXtCoFD0-1uVnVES7ROtN5saw6L_ygeJqEWnHDGa1wCCOL7Oo5fJaLAh9g4&sai=AMfl-YTsSXv_w8ec7YSeNASr7XRxm_evvdrzm2pXCcn9_5MAHn2QeeYnsvlUm6syOTMDOw2e3vvpjFflYEHGbdwNPLqjnDwDnuGLo9P4iwIkVCpY7FamFmjC3-RA0q3y7H9sEbkP_SutnNQ9kCorIGGOamxfZ_bdoE8q1Foap-g&sig=Cg0ArKJSzPRusWBAO_vCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211207.16251&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 29 Dec 2021 22:50:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D58F 41 KB
15 KB 40ms
39ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317057
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 Dec 2022 06:46:02 GMT

GET
H2 200 DMvZl3FtBnhIWOLvXi42KHEo4HevN3gFCwZCtd_b3IOCiI7vCJgByEIWQw4lz0H1XunfTTyCi-ZRvLfYMwuJU5YFqBwPfYK78nwdbplHTUlXSHus8xLPIcx7KYAJJ8kinseg-VIsUg9-jAe2TyhG1gxabGh7D9rBY9eKS2yTZ1UR4mCUswm86kc=w728-h90-n
s2.2mdn.net/proxy/ Frame D58F 5 KB
6 KB 141ms
39ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s2.2mdn.net/proxy/DMvZl3FtBnhIWOLvXi42KHEo4HevN3gFCwZCtd_b3IOCiI7vCJgByEIWQw4lz0H1XunfTTyCi-ZRvLfYMwuJU5YFqBwPfYK78nwdbplHTUlXSHus8xLPIcx7KYAJJ8kinseg-VIsUg9-jAe2TyhG1gxabGh7D9rBY9eKS2yTZ1UR4mCUswm86kc=w728-h90-n

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

04baea505cbd5861ad3c2d57bfd1ff3600d00923c192766a811c90daaecb7258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:06:59 GMT
x-content-type-options: nosniff
server: fife
age: 6200
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5426
x-xss-protection: 0
expires: Thu, 30 Dec 2021 21:06:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9A4F 169 KB
59 KB 141ms
43ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Origin: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 18:50:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 9A4F 8 KB
3 KB 41ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMBS-AcUW9MfzMmFidsUtVTICWsgfCtumtcBDYMllTCFFnGCyq8DakJg-ZnoSZBAhEw5wQWTyNGGipLG7bKTe-qT5kcB_On7BlCDV_RRbIUz42XIiBUuruW3oUTm57eexW31zw0AtyKssZu8O-ekZPt2K46g&dbm_d=AKAmf-DsOYrKakzk4psS8KMreOYSwW5kCUVrNRjwXhN0-u3rV9ZnNHH9RZIbiCzLbRrHBOpya6pU-WWE-qccN4eirC-9oGcax0fDVA0_V7Dg03UPGzHUPwVEYZcxfAHrZs2gEhipf1LR-hjAuO7vuJaRk6B3MJKQ4jX8aiTqe_XJKpAwSENmUl7fVKRXJOay2GYGb66XeBVIidmBIXQZIv3q2K7joMLw4b6YW33Vb2QEvwWd6XEEigDBM4-fvShib6c58X2KRxW_7MnbG9xH5xHvR_O4Fk8q3zA3MyDlP6AdXPBwx5BWa9zxolfobBUaLUWFroeAnlHcZRmIvQJ0lsT4m152oEDA-8xfiNLfvolvucPDmvPO3uu-Q9QmZOXeT8J2-QdlX-6UNZORIG-5F97tFKh52BkW64IyXxbqQgrrYSA1vX6pZigqL6fj9-Qe7ejVhl8khu-4zZ9dZbX1iPSV8qwNXvOtf2W3cnnfEIMV7xf5slN25lgYzJcVPBs64yuY9tjWtQyWisU99CqWdkRoNlusu6PlKmJTJHMTN0L-6BPrd6uAwVv1Y72tNM53XEE1DsaaD44feB7d_3O8lWPU8oPWjszWgcsfDbh5oQR9DU_vqPryl_zc_RAVzpIXnpopl0qIjNNlsw0erta6rYc3pK3PnrZ54Qd9QK0pH7GnrZiUfrzz3NS2uMX6gGu1ucSswcnOVzSod5pdHHlZJMojVkI2V2FkJ1c4N7XNEI_JPu8U3V2qRM6OIqB063nSzYXYtqMOcwIKKIxW4Peq8_Slh7amrMnjNLVIJPBObVwObiR9ZQ3zy_cpMjAZEYVagu5G2i8YPnU_OzJ5POVVqq_zaDKQwM7pHBGvLdHWeKeyjU3oe2TPxFze6Z_avGa-PUcNqDDj9kxnZ38xFvMlj4IYO6aUCQgMsc4lF_xkbMBbkRbEzwY-jmE6YOzX-nYoMCMUVltanZi9FuzCTdQEt4OytmptBwPQOYjNUC1WPs1Mer7V-5KurHeT8e2IPMLdDv-plOFgsJGxFHS1Ws22rWzrjDLUPuYWAXb3oJbCmDkMZPG8v_UQjm1kYL3TlO03wHIlft6x1QzJjpslXcsgmB1GjOcAJ_aWztXvixlXuV7Xeax9-AVRscOL2D1KVS3tJTL0dbH8FP-bt7LWgQKrJbYYreqhoHmFALMlij7wUj883g5FfBm48la2dEl8jcBNgvqK-pqiuU_mERqxbAkDpxO-uIKamo6g9EKOa6G4m2vn3cYDZffEZhsI517Zc_TRu2_coT_6pfQCMvplzk_pCdxRUVul2Ddsk3daRYSvFfs1uQWjMIEnAj7Ay0iXLbR9P-jVuHz_s295G7C1AldlYxPcIMrH12K2j9CCxrHwwHtgYsocUohT65DzU2xfI9v_WnuVUoCqSCNJFmqgfEemZosF4aMB4lO0DuiTUxTJIoYRXnAcO9pbe0x6D5SDM5QpAmd10NnOE0rYDKTq12iAs1EnSbHwD_UYNeF4WyoGW6q4JIVaLnpR5ojMkh5-qXZCAxhP2hiH_s-SUgHZ1xGhgacgWvTQB_uw4iARw5wHpcjYjorhu3RITyN1mMxkQZ43fzScpfcECpAkvfH1s8FbUhxntySfRETk-Yeh0f1_6JethS4-mdpt6YQ6yjAak5JdDb5Xd6p4ew-3qUDwz2no3CaiSjuJPNS9VDNM-7zhZ5y1BFI8XyM_0dKeXP2u3mlV14SOOECcnp_klAaTPEkfv291G0lKWYphh816dtYJ-qKkqVDEA_0NpiQWI58SFS17BJc8vOaWmJc0LLDkvzsGfTQ8W9kMYTvTM4k1c5w1T-3T2y0PoepFcDyDuTKlGs3Ke77HPXuERIihr_b0P36IGwE8ueFK02kXpUo0S6SPk48w-_4ULM4aAkWxnsGzPXvLIXZp3R5Lw9MG3h6qmlIjQZGEfqO_Arq2tYLhsKcB0A3j60waSlRlTjfhysau5JXoVxhLbfq6Of2OK10rbkgKzMvETZ1o5PmhyXuF8OORQcLj64tlaLLN-aHiK4cOtlCcee-LX4UyUct2x6c0i8SQ0kyrKes2XoSuny-bj9DXFCQlwCbvg_y-YoMUlD4lvkJJcl1yrLpeZpFjpVsMEAckZVsDNNRLGpmpVVc9mVHQnNN5YmZspwgzkAzOLBmeEI2Y34bpi83S8TEYPRT3UdKfJbg8xB5Wnqh7AyCfI7j0rJX8c5nDcGVR2y6W95rW8HKMtR5G2guEidUAMJsxF2amEb02q-55346KXwnbywdq_H_AS7_bAwpqLtCm8E-JQWB_FLhHi2cHWAKDe5EMILq17TyIhdoFb9NqBXBUCXsEzbI52GF6_-ocCzSFPCUrzh9EFC2grZ2KA6CixqMmPuN0BcjdSe32m6gJX7EjP-EJ4on9OMLGTEA4wmE4ksCUvdgZsfWNek2qoyXZ0e8FEYzhpx8p_FRac1bb-a4O9JkRWTZMRZFjGZjZcavut_wLGIScKjQEQPMvVscX78uJTmHqEtR3WsCNd9esQ43Fn95ITuxWQHr7ivaQHGk4AWCjgS3fbzN2-jQzuHD2UW4YiFfFmfsMVKikwuM5qtVQWoaT5-y6U4Cm1CE4bdB5eN6nGdolVYIF5VEt2AQX6OapNAZPVaVIDixzTe86yroNJa958Z1m6KajDtV8Aa9aZPjJ9-qjgLRXi6FTxK9zJ6DBepNAA3aXYCdGWMrqk92bFApoyGpWP4b0QQ5Xbu9iHdC6Pt33xmv06fMFGxk1NToL2HG65SJPfnG7q6q6r3aBfLDZUu81B-Ma5mOSPqxXezJI3rK0o3nLXp9JL3Q-ut9GlqoTjQzeclWtExsXliVxAKKu6PR4phW_QwEL9Otqxi9IPFK7horRoJ8Vy4Z4fh0fR_WvXUaMx6uItZndcWrWpqATF2oqAZemIZTp96FCBfJngxn-1clxq44i3eu5OxfGYFw2nnFn4pFu50k1VxCLsCHHLgSOnG470FCxqsdSzj-wiO8USvqBjlvvu6BhkxaWDBkIfgLL3TgodIUs3PXTGznOZuB1NUJ6FYL36Gy89eIdPONcU47mNBlpj_lvRL3bCNXBwvKXkF7dcZH8DFWi7BrK30iZtSedKm6EgkmhGksFE65486fmziq5rV97e8vLkQd-qhMe-vQuwofSMHRmFWAJQyZ0Xegk66wHpl891RPEUS8oj7pKtBZ77kTwMUbGep-FDdZlXBY4vHztnp3XUSn8-A69jt7sg7sCL0TRn3mNdRW2Ve3guYZGFu3O&cid=CAASFeRoKJXaQa6LrAgpuxhLlfmpbDPzaw&rfl=1%2Chttps%253A%252F%252Fwww.officeholidays.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:14:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:14:56 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9A4F 24 KB
9 KB 46ms
45ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:48:37 GMT

GET
H2 200 redir.html Show response
p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame BC31 247 B
961 B 172ms
61ms Document
text/html 142.251.35.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f3.1e100.net

Software

sffe /

Resource Hash

8f480a46b2caaef6577a21716cf2df9b5b513d14bb4440020423e84b10920d32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-s437pcQcJgMUarnZI1LwmA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 204
date: Wed, 29 Dec 2021 22:50:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 52ms
36ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yeffu5,pingTime:-2,time:133,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:306,beZ:308,mfA:309,cmA:311,inA:311,inZ:316,prA:316,prZ:322,si:330,poA:331,poZ:352,cmZ:352,mfZ:352,loA:366,loZ:369,ltA:438,ltZ:438%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:22%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B126~0%5D,as:%5B126~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,sinceFw:107,readyFired:false%7D&br=c
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:19 GMT
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6F69 22 KB
8 KB 40ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 26 Dec 2021 06:46:02 GMT
expires: Mon, 26 Dec 2022 06:46:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 317057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D58F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52ef898310fc0837eda2493ac941a82f1fcf94bf22df64c54c0717ed690904b1

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F4E4 22 KB
8 KB 42ms
41ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 26 Dec 2021 06:46:02 GMT
expires: Mon, 26 Dec 2022 06:46:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 317057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9A4F 41 KB
15 KB 42ms
42ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317057
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 Dec 2022 06:46:02 GMT

GET
DATA 200
OK truncated
/ Frame 9A4F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 579a78f44a628cdf0c836669283858ede3c45d3cf1305051fbaddaa676035644

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D58F 0
23 B 109ms
61ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2608 22 KB
8 KB 41ms
40ms Document
text/html 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 26 Dec 2021 06:46:02 GMT
expires: Mon, 26 Dec 2022 06:46:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 317057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/ Frame 4F0B 3 KB
747 B 111ms
62ms Document
text/html 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed9e172ab55b78062f4797457165b7c7c70a5ac6136ba5b2c5d1013f0d9c2e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 720
date: Wed, 29 Dec 2021 22:50:19 GMT
expires: Thu, 30 Dec 2021 22:50:19 GMT
cache-control: public, max-age=86400
last-modified: Thu, 30 Sep 2021 17:43:38 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9A4F 0
24 B 78ms
69ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssu9hu3vCADcAeEbkX4wpyBROkrkHK_xWwLQlk5dB2UgHgUOQ2NekSCsI0y9IbpOig0gRZ5OBaKFydZrBtcgKznBs3hKHAP5yW2t7TDotl6cA1DdkpwxlDa59dLe7uHilcPfYrY3M6S-OMHB2J9Gg0nExxxpPJOjZv-78DORYyVbrPqTU8kxYIjB1iLCzyZttZy_lQQiIi4CXj3MwnHSyEFmmMQnVgH4M6cNmjN1vJZaM4OzblpEYGZMhTjaLgqO0pxcROtIS68IoXLg0kPowC1YmEuBj-A9SLotrgl2Cfi3BsaBq8RIc_D2Cj3evCvggpGkN2_FjcObirR6w6hLR7NKvb3CEHAbquCpW2SeRT8pLsi8VtzXUIPjTsE01lujt6SYd_DhZpr4wZHF99b2Ix4HS9BhKqvtpxib2uAyUr6nFSp20C0m5WExDZAMnTq0NYYYaa3uOPAxwQuy7tG6lE_8cZ3zyjCIjL5DmXTvXrj3OZhtVqM_NPWbViAtAeFGEjtiVSAmNqdfNNMdZjAg_Y7GWHEnFuAWzQicYTMfMfznmG8oodjz5mRkk_7i9GT2pGij-vDL5z50oPfpRL_AdCH1K20POIQJL1tnLqgGpARWDru48Ix626uO_qV8TRuP4nWuywWxz82d4AQIkCaikW_bQJFBoSLHw3DB2A7k9wzfvj-6oIBmfG42bvqKCN66T6gefUTkozt-SKdI1heEzRYdxm7Y6lo955drL9ufSfiC_PYAkW7AW1vKXAMwWHrPHFIuk3ttKGO_IRVH4ENS5GmaYO4SaAkyGQrx19nwD10H-ClqXRhdSDFfRYSfg9ak_GIRDEFJJn0GDJCq-jR7Ux4gCc8sMlFWWSjx33qyKcNJtV-DCELZG5zzofcgfMvURV0lCgeurXRzaaFnUqWEtIb5eSVB5pHxjq16EkHSiExSrMVdnmbDtD4I8IeD7zm1rli-MuMc1l6BL_Zsa2LkbktnrWhfURQSL8mCenuZMXXStxz84A2a1a-7cN5I-PrmB7l15ekg50YdKgplmBL2jnitxDeUGB4T-sEK5sgzb4-fZvfiPYMtKJVNdjIijRcBzyJsTBQYmf__MahEkp8mBcK8ybGsXqc8OSneMg3lk65VIfRN-W2BnP7MMZ5hd41F1HstbJmAzH0T_St9LKV2Z5YAW3nrOkayRlITvIc2Cxa0muJw2I0HwEwLOR3BdOGUPXq6Nwh4T85SsuS&sai=AMfl-YSqG6EFV2Gbe3pmPoACLlphaHAUaV18OTjL4KgXl8vXXdiXvDF9xXxu_Uvo4BofTuIrDiWW74Ld77RCie7pwwe-Wr-Cs9g7rX-AjDeRPXfIfcBXjLfBva9LOpH2xedUy-XMqrJfRbDzuKtffLs_nt7qp0yXZnyZSIsMEkI&sig=Cg0ArKJSzIm7xFpNYEVuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=204&cbvp=1&cstd=197&cisv=r20211207.91934&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 29 Dec 2021 22:50:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6F69 35 KB
13 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 317375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Dec 2022 06:40:44 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame F4E4 35 KB
13 KB 41ms
39ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 317375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Dec 2022 06:40:44 GMT

GET
H3 200 iframe.html Show response
p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame BC31 4 KB
2 KB 105ms
58ms Document
text/html 142.251.35.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f3.1e100.net

Software

sffe /

Resource Hash

4e3fc5a577782a3d70b68da457450da9f06f24681a3b554487595cecd627a6e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-Jek8Aiy_OgvnKSxjZWZXgg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1861
date: Wed, 29 Dec 2021 22:50:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 2608 35 KB
13 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 06:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 317375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Dec 2022 06:40:44 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 0BC2 169 KB
59 KB 86ms
40ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Origin: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 18:50:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 0BC2 8 KB
3 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/549590/52686815/xbbe/creative/adj?p=APEucNX2s6v7vhMFGyN1tiJvEVQUI07HqXR1jo9M-TkiYz_0x0LnrCU&d=CnkAoCZ_4G2alQSaUc1N3WkvbUB9oXOQCAXKbSfrd55ZJlNyx2XSeH9it1MTsnkxCC2042xBHmDFPwBkEIObLXIKPOPWyBfvMvKiaEykAIvpDQfPbX7G2uV1wVlbuQbTPSl7APqAZEylH3C75vDwlxmvNyli6uEHPt7NEokTAKAmf-CnhcNA0OZcUsjab0KCe0snw5nffo9fEDBUT9y56NHEB19AZuo4AIVtTDxT6Pxl5l2zjbJEjn26bs_6XBywuceN_0KYIkuuc_hefI-4RK6-_uT9l3RpPeBt3IvMHqavSg0wXrjAu4ySy_8dFxUlmI6lUPfhseWvFb7zNBJB3pU9LoBGIzNdCkp7LaBr2cwZNIBNNK1bLd0bhyH6hMgnub3p1qYtFfrxVTvBVQc_ZFtkT1-JOmJMK4kBmKTJ61YW0k0IF1m2WmFs73E9xpH882Q28cTTlR0NqJ560BhpfIyIP0R2B8mQ1pV4rAzYnNfefV-l_Gk2-RwOAkOEKkiq9wBoFxL1RNgAmEqxlalJkKLdmKEnIa0DUZSp6SfA5yiU1L6lqnpQGOxPJaaEwmuvlt813gwoT4_yctAFsp4nHV_klT9vU7EOqcvu41QnPRyB4mtrv9TRlY8kUisWqwwwoFaR3Upx4bfM9T3maBz4SkkN5N-mMgubh7SOf2Fe4PmoWpuNhdH1seyR2Fis8GYyq0d5s6gTi26T7BWItLq93AOlJFro7VUqIYkwxQRPncxaHzU-7Px3QvhZzM2VtJkQdQ0Rz8O61LMYHCSKTiQCOotvI8BhCnkyxOOwa1WJjpbeFl857I80n5v0pUFae15jXQaWxMvxFvhyK4kuWu3h7kuxd_JIy1IlESoDmF3cLiCT0xDXRUxb8sggy0lMTQbxY7kLhlwpiLAX8EFcQYXuLO_RRPEZHCa5MdaWmrieqWZkWYq9aktYoNQYWn9PjM_4Im_xeFO0C1mT5maT0JWESMKDCk-8pEmEOUL_KWLSMZnHeV1LgqQ4Na4T_uWrd7d4yo_vV7UOkoPSNvlF5XmZeWy-0OGAPvwpWwlnM2eWcYvERDgtjC7JAb0zELpKE9nuBorq8z_jogzs-O5vm_8Th_wVpsPsRsoiHPk365tNZHqOKdPANG3ZFW8BGela4scB6QH-k4eJ4l9xkVUQacloqo8Sxv4FF__XWb7nSU2xBQZ3eIKqYppOpUvZMXCrLHDVzvgtb4c780X7FShh9vQeYRqFUxx_plW0Jzv22Je5mDwZGCGP0eMjrPkERk3Q2Hl_AWtlQuIfcYP-7UUFBPwz7Q4Fy22bql0bFy9lbkeIF_r37qzXOEEA0D3IJp-vGHxIl5o26EwJuMY2Hkn7-HAWKEoOUXAxUoTRamoz95Ar1pz3dPDn27dbeVeK7DXZZ8e2bNlZ_pPAD1Qn4YakG61ZXoIg7lAkqua4V2zgM6ySynZM61n8r3i4hU_OYVO-80J0evJCNR6J0Rc1rG1a23mPzTSHxhF_A4v7k__i0sQyHpdWOEstUhcN79GPiyRzsR26J9kvTM-l_L57ZljIRQj72j23WHYXF1VFrJdryKLV9WathdF40_hllREqj0-dIs8uxUUxRUcoJABjsf31RGYYKFFciMVw590zc-TxGmjab_iMbtPG9G1mitDafXfshSMttmg_VPCQe4aRjfrYul-QGCXNWZN0K6iyTYSAzzltF4ADxg6VlESRF8jPc_I2WVoK-J6QDNKeL7ia6N8aWqDPc9QQM_ukbLJNFxuCCp2N52KJbXoTwf_xUlDahNV0c3rQaNoYM6X0qnaFpWp0ePGgc6NwCsUUWtVhybuUw0IsJas_qx8wQnmUGufTuWsb_N28rDbnXIArGlumOsoTCTn_zRFdj80V-tZwcSquDUhGWcH1WkxUBsbpuox-Ld1mBxQPEEckFfpabYOYrdyIJOSIau7Y3SQHYxNkdpxizHfA89IFN4N7Mwypx1JxWXk5VJwElq4OrAr2ai-J22ib37hXZNvFg726dAKDY0hTb7k3UT6WBHo2SV-6Lahm9QMPhQXuc-0vMISOMP7PbvoOlwWtjSEg2ydyuVXoHixv6xxO8Brk8igmB_5gYGKjzx6WjcsviQoPRvfr2KOSEo9S86fXbW-W-QrsQ7I3x69lGqWpwA8eTT-RNeAmNfwczTEpEQ01e_hiWfFIF6Q1g56IS7f9xso_LYtneyZO79Zir0_TzDRM_Jwl1UvjBab4JG7tARqR839glADpp9uRWPFSb1wuu7knOKqpia010-GcrFflKp78IP9BCfkUGKWoPiXknl0_aCuCpXqHJIQGNRh7IGu3gUeZaAj-m_ZNYwXyo6mZJTwOeKfK9lhvP51y7NTCbBNYVu7OvfyKX-bhAY9PJtkQwedlyFfZXBf1PBhFgt-WtPr2ZQjiS2qYJl0ovxrd16Y4kSUkQV6vzXSaHvAhUI1dxqixkXK394tZEGchBapzMrNm4KNBrXPhfRHJyxkq2u-sZvaIW9_9OaZ3JwKGObUzw909PEdFheFlOLwbCLhdrjaxdHUWQ41xhYLCbPzWnuAL-5xybXDd6Ws-2nLFQa1skBbTDsjh7swO4suBVp2kYk8xTvmZKd5QOE_Z43WDO92X8CXJhf9FrJi9XSIo-jpyc4uoqT5aCsc_2M-h6v4bg2Ha-9eGjrcPoU2tLTq8ULykVWuy8eK95PBghpC57TTELsUpGt3UazecIHpa_lV_hV7aVcfVkctN2nJbZilIetlyS1d0R3CKQKUPgcQ9hIJcK2gkoCm_SxPjlYHpxrRmWvzQihSQghqshg20IsYZLVkBHENvwXQNzlowCZ8rbGFRlGDRw9zf1DYJcRbjnIXdl3DnJxZJ1FrQdlfQhB1vbTXjE-U4gNnj5SwebMlJQM6Dc5c-L8IH7IVhB3Hq3lPkZVuOHkG8mJ5xy4sqNMzxOa5_3OBnkFODnuk0PZwmQe9QSJiHezQIbg_b-XJ6Jjet_-qL1wAXcFHOTzgn5XRQs5uhABzmA3sJWELFg1WzcZ3rwqcmJaa5js1ajNjMXwkidkNCtIFJrOWt-JOL7XHoFXfKkxpRkIVuJBC0UeRP3XnIirbuO6_Tn7M-CqUtEoHNpFR_3VBE69VxkOCFZMuRPyVx0OUI3uae2OP0iNXQzLsQR3hHHa26Z_LbjS2UmJ1jKO3Ng9znqYTZ09rWqFFcPyadMC6P_OOttgrmC8pEqaa2jgAVl-egXWSb2esbA4I7BMezRFWymunKHecxacMhAVZTQFSlFg8EAfB_aAnTWU009aB4wz0fiVICXBBaJG1ZRLqmvoAciOP1LYG4LVhwndLC-e3ooxDTb8z6v2ktmNyvH7dLgPJoWnuapPAD5EGTpTk6cAoz6YzgdlCv699kcGHqhIORMEk-JqhVVzVIoW31hPf0HrvUwTIaGQgAEhXkaEhpAZnil7D9a-E6GuXjmpj2IhRgAQ&adsafe_url=https%3A%2F%2Fwww.officeholidays.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:78f08659-13a4-c2bd-48ed-ae73c454071f,c:yeffsk,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-847b8989c9-nhtlb,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:b27cee26-68f9-11ec-9879-9675100f7e97,v:19.8.273,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:14:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:14:56 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 0BC2 24 KB
9 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jan 2022 22:48:37 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4F0B 118 KB
40 KB 44ms
43ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 18:50:11 GMT

GET
H3 200 main.css
s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/styles/ Frame 4F0B 7 KB
2 KB 46ms
45ms Stylesheet
text/css 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/styles/main.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93038d96baed98c8557b8f2a098bb0e937853a8d019fff3989cea0132648fc2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23910
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2323
x-xss-protection: 0
last-modified: Thu, 30 Sep 2021 17:43:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 16:11:49 GMT

GET
H3 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4F0B 54 KB
22 KB 87ms
86ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 29 Dec 2021 22:50:19 GMT

GET
H3 200 bundle.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/ Frame 4F0B 37 KB
11 KB 62ms
61ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6218c57d8a220485a855a3694cd471f9f520723cef3c9ae15fc25499bb70f87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:33:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76627
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10928
x-xss-protection: 0
last-modified: Thu, 30 Sep 2021 17:43:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 01:33:12 GMT

GET
DATA 200
OK truncated
/ Frame 0BC2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 802fd3c4ce52e6dec8d248c570452c9262044597643c8845c36866476c37ab48

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/ Frame 8C7B 826 B
454 B 61ms
61ms Document
text/html 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fee930dd98fba9481dd1b64245228b5632963a12695f9dcd8164b5af93b446ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 427
date: Wed, 29 Dec 2021 22:50:19 GMT
expires: Thu, 30 Dec 2021 22:50:19 GMT
cache-control: public, max-age=86400
last-modified: Wed, 03 Nov 2021 21:22:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BC2 0
23 B 60ms
59ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu59iGYX1GqgKfAM1GDGPfPmc7mVDm61O9V78dPQtsLUaxUS5GKzOoT6wR3zqks-O0tF3Zulji86Bq3bgEu9s28E1_v3ARO9N_H05vbNCrrST_S6hZ08-TA82jVN4OsPBMaN0AIrQKR&sai=AMfl-YSbk6kCN_l7-1KzxiE6OL6n6wtASb9UKBmBUmW70cA02fgvj4-7932l1Zi5dEPjZvlLoGiHMm2Yl2TRkJQsetoX0JUfKDnWVUEc1yQ&sig=Cg0ArKJSzLBuQXnvQS-eEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=178&cbvp=1&cstd=173&cisv=r20211207.88897&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK 74416
stags.bluekai.com/site/ Frame 0BC2 62 B
821 B 197ms
108ms Image
image/gif 184.50.205.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/74416?phint=event%3Dimp&phint=cid%3D25084426&phint=dcmsite%3D5176513&phint=placement%3D294469767&phint=crid%3D161691045&phint=adversion%3D512801448
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.50.205.90 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-50-205-90.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:50:20 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
BK-Server: cd9e
Content-Type: image/gif

GET
H3 200 css
fonts.googleapis.com/ Frame 4F0B 5 KB
627 B 107ms
56ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:400,500,700&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/styles/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1cb0f215c0d862cb672ee47e2f6aa9762a41626a21c3e055348ea193b58b1cf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 22:48:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 22:50:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8C7B 118 KB
40 KB 44ms
43ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14409
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 18:50:11 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8C7B 60 KB
24 KB 68ms
68ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H3 200 dynamic.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/ Frame 8C7B 17 KB
3 KB 51ms
50ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/dynamic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3790a93290ce2351a35552297d95cb8de78936d7e3346c8f2da1e93a74347b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:11:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2587
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 21:22:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 05:11:05 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/ Frame 8C7B 2 KB
838 B 51ms
51ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ea6b21a291dd7a36712a8e26441c14718206a4ced8aa7c5ac193d285d68ba7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63919
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 810
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 21:22:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 05:05:01 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4F0B 21 KB
21 KB 88ms
39ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:24:28 GMT
x-content-type-options: nosniff
age: 545152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 23 Dec 2022 15:24:28 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 35ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yeffEv,pingTime:-10,time:778,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1640818220082%7C%7Cf039ef1953afa348ae39deba4ccf0469%7C%7Ca2fdad25d911a8a4b39828759d282361%7C%7Cd4a73ca25db74e0d29fb1af21343646e%7C%7C11f135f5e46decea0b9778c3db2c5596%7C%7C8a31268892ca49e3884bea2615399b6c%7C%7C1c3313fc6cb44f6c81a2e6492ca4c962%7C%7Cdb18ec8aaae75ba91fe4a11183c0921a%7C%7C1629390669%7D
Requested by: Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4F0B 6 KB
4 KB 58ms
56ms XHR
application/json 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

35f81b1133dc1c32e73a6ab31936deeb8dc03feb055ab5719269fa3c20d7c0fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4533
x-xss-protection: 0

GET
H3

200

2-1x1.jpg
s0.2mdn.net/2537204/ Frame 4F0B
Redirect Chain

https://ad.doubleclick.net/ddm/ad/N5295.275509.TESTSITE/B11222446.149473255;sz=1x1;ord=111223147557;u=Buy:25117529%7CPID:311061394%7CAID:484134565%7CCID:137899826%7Cfeatureus-dr-feature-pixel5a-pre...
https://ad.doubleclick.net/ddm/ad/N5295.275509.TESTSITE/B11222446.149473255;dc_pre=CJr0npmMivUCFY-8swodohAKOQ;sz=1x1;ord=111223147557;u=Buy:25117529%7CPID:311061394%7CAID:484134565%7CCID:137899826%...
https://s0.2mdn.net/2537204/2-1x1.jpg

631 B
662 B

59ms
59ms

Image
image/jpeg

2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2537204/2-1x1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2

Protocol

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:31:11 GMT
x-content-type-options: nosniff
age: 76749
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 631
x-xss-protection: 0
last-modified: Wed, 29 Mar 2017 00:03:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 01:31:11 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://s0.2mdn.net/2537204/2-1x1.jpg
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F69 0
20 B 62ms
62ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BclacK-bMYaSXD4nW_gT7zrbQBAAAAAA4AeAEAg&bg=!R0SlRADNAAZKWFskSlg7ACkAdvg8Wlakq-CgtpZfFvg0GQC_xVKu12_FK--X5npjT-JSwehTAssP8gIAAAFPUgAAAD9oAQeZAyFKPcT5mNjYDoyyxKn-mPRDzxn4aQs58y3WkP3_Jvjh2WIdEyVKuAJzJOqHHJtWydBjOqNql-RV72nFeIhB9yugQyn8J_XLElZai4PzhAlBITOcHhvXhfXKb7OHL-QWzXnI2tZiCWnDgeXDfEd9ywcLWupFSXftnAaddAGeZYNr8C-lpHnCRy_jX1oL19oUz3ukAQ5qI-4HNXoT3Vv9UdaT7ZG1vlk567xcmip-PHzQBiQA7wMdmwa5SA7Mz8fbxBMpjzBdQlkbiyA9PhA_Ryz6kpqnoGa0BAkidvxhbbOSmiulDH0Wj_loYFEFhESNG2xxp-gPor9b4sGU8YC1GKAsVm042j66M04x7iLxicu4ZFu-RMDlYtXkG_nB2HLabiToUqU0pVk0Ae_tygRF6fvftk0rjfyRJ9wDuxl8IKO7tJ_okkz2BySvjKdDwFOlh8NIH6Ra_gVuLmg2giYpQKThOWTP50HQAh3OBgk2sLudSclQqaAZVTS5PihDAs0OE1gKKT6erTsWHWz4f_4K0TZ4ClS67ErRXoS_wLZINH0Yqwf0c_GALouGVKz6e5x6xcmXhSlciT1N7VgzPeVBwZKRVx9pTkBKCggTrFK78UE_L506eP1F47M3LucrhzHQfSZC6S-2zZM5_7EsUUa6S4VFViMXt--qh_7uH8wW3XYEug4I7Lz2mTO0z_nNB2SyjSxP3lcVTFRqmjcdBUAxLY9dqzHSa2SCC1ki-GQ3-OjKCTkffVOLs7vlS_j6fYP5MK8wtbDmXso4sNGqpWhZb7QVZuKO4PZDOFME_vEsfcqFIerGuzGRlpluSZ8wBTDc7_adiOCvgGHrmSnmyBF_6vB8tQa_msr2wqZSGcRiHGqLOerYID1OE_1sht4g5KXt_6Ad--6eqV12Iob2l6In7DKr92lgeHsC84qIUwrfuEurlJ_OQaELIGA_VXUo0DS3Rwm5ivKLDYiVps5TzaymYw07HwCYHyJ2AdDiEfdSSVRW3_W3BrO9i9ro6cBlUYiPE3nJGTqULHWvLo5tDbpoh__GWANvsmgaK4fYhv73BDZCAJ0

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E4 0
20 B 63ms
62ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4YNDK-bMYcyVD-LmzgXKmKmIBAAAAAA4AeAEAg&bg=!i4iliMzNAAZKWFskSlg7ACkAdvg8WiKa0xfd2-JmrgnF5G1hSSOu4e-nGXkhOtPZF4gCxzXLlaIc7wIAAAFmUgAAABdoAQeZAv-aah3qEd3CWMKFjqYtH8siOew6JllTAriM5BX_HFDyiwGj6765wuweskQLDx5ezSMaSUfHt5wMZRu8s7S7b2MIry8szNGIehFj74kkh2iF69EgR-oubHcV6CG6yVYI-ebQhmAa59VoUwaafdBTBjF5IjfsRDvZ09jSRbIVekF7vVDGanUa-TYN7Dkr6Dro_KpAS18xZGwieg4ndxX3RX-NQyu0AiKb3Mbqcz1fCzR-qcpyshxlZiQo-Rz_XQtubGXEVx6_gbJuI6Jl_8fUk4qB22zlP3CtRm9HlX9nl7fW-NPvnUhUt2cYyGXlCQPWSLIDhxysYQ2KYFcCZQFUzK8hxlivY3SC-QYFXPicq9dBkK95Bud88ZqM5wx1-nmiOSHGfLtACwZ7zbBLBBJ4g_WXpJIi-hSRvFQqWVbjQTkgTTqdkmqiRI4h-vxNhq70Cp6X2EnAYF6YAYnS67vc7iPdDKzGtAsGGVDezf4TJ_cT34JSc5UhMsfGcLNZUlLU14j0vfwaIjqpYzwiPyIrFzEpuPXWzpht5UB42FGf0ngeK1Gc_JmSZ_fQYe8eiezBqXAMUdWdyLRqRCXAVd7xK6CVIMFV1HdClaX0USF10lC-Oon7skwB1qmw2nhASmZ30MbOXQDH2QLhCL_KUwJAP21MuH-2s4LJeG9z6PUlEhkzMKi-nQicrhHItljvHq2L-3NbpyDUZj6HsUIqF7eWxjzaAWceG5UrYTFRxa8ZB_fN9-5p1u7hfHptB5FkrHKoxCpWU1F5WzvzYznm2S97Ho94JW92A5evZWqFn4HLRTpPSGB-AyeEYxIBHdTgwTUSCH9wMnYhaMdYPr8pgXiijm9zsoFCShpAfRHLrtnpbg7j-n70hnW99eeA7Be0Ab38lKRDB_eHAFdAEUieLJMYHJv6dnVXmThVlD8kAmfpiBnWtgNt376l0z421o4vaQo4TogmFKpOOtOzn9DOIjBDUTobfQM5wh8jQAxNlcPwEdWG5U8SbXM9D4iP7Db3jcdH7Q

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2608 0
20 B 62ms
62ms Image
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BLSweK-bMYdCbEOLmzgXKmKmIBAAAAAA4AeAEAg&bg=!tbaltvLNAAZKWFskSlg7ACkAdvg8Wmc7ocjKfF6pWhQJtDuBXAen_pf_6HZ5oCR-Kgd2Q5fop-RsGgIAAAFSUgAAABZoAQcKABlHHLYBW9xCMwIUbC3d0wTc2GYNYFL48sAHmQMHKx1Ki641HF78VI_Z7T57dtFQI0MnQckDnTJEzBpLlKmqwAtRrB0IXUPynflyCPhMZCEkRoHNj7Atfje3DwGMMKgaUdLU7GZjvlgoB68N0L2F0IGG28-j1n_wWxagsHDn9nRGzeg9PjmvnjKKwA4dP4x62xdGBxfeMjI7BkPRiU0-mTS6KABYSZqOT520B9lFCm-QkMiwY_WRiQ8lJkJkIMm0Xn-2gHvm4HSTkdpNYcCG6PpsgDliiUp-brxDWLjfaAiT1Ucex6AOWOrcd7M38RiRQy-KitkXsgrWl85oFVpvn492J29t4gK3nxJfkNumI-X0XD9PMitAo5Orj4n7hLF8WWiP5m3ofuzANJa5fwNRHSM9hJqulQFzKMUzqUgCKjO5qehGlA4Djp6Qiu2aGxJ-u7Tz-SpqSxvq-06jJzxPbVbdm6KUOkhGtIRvO8MjwRfMJuvk-irO5-xgaQYqNSaI8lnk0XP7cazgIDqAMa6gmMGt_RlLxpLc3Z3FS8s0GMOG4hbU6OwFhrD6acAtBkB9bxj8WBPpx8WCihQNGNkn0wL5EvnnfJv0TGy84x7KmQHlq0m2Hr64q3TooSvmENat9IuhtYFQAuloMCECfJq1-rpcE6XRwNTx7Vh9pe7H4VC1-vh9prrz8eXAc38awvE7wtwB9Tiu1TYJKu5KHihZJZdWav8isW2z9KZE-pp6UxW9r3Or2YCdZOAqucv6IkQpbOnzFeIJ7jh5P-WDeYEnhiIxcCWaG6lpYX2nOgoPB1s2MSTl0s3wxyS4tgYU4DFU7KzJi8CXZfqod91YU_JxKm8GKOYUUFChQ-5vCbxR_7RLbuM0uae1RvL61sJhqTdE75jBfd6FOuJ08kVS1d9Aqj6tZwSowCdlNhFejEGu3dNDvWVEMRh2QyQHhJGxCgF2bKrRJxYbXSd1D5xUEI4hQbFGYx5rfyFxEK3QLZlct4HEO5NtZh2_gw1yx8Iuw1Ck2Zvk-iFmW8k0xuyL8tpCUEtC6sOHdVg5Ar8X7FfP2nE0foqiuw

Requested by

Host: 2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
URL: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BC2 0
23 B 60ms
60ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu59iGYX1GqgKfAM1GDGPfPmc7mVDm61O9V78dPQtsLUaxUS5GKzOoT6wR3zqks-O0tF3Zulji86Bq3bgEu9s28E1_v3ARO9N_H05vbNCrrST_S6hZ08-TA82jVN4OsPBMaN0AIrQKR&sai=AMfl-YSbk6kCN_l7-1KzxiE6OL6n6wtASb9UKBmBUmW70cA02fgvj4-7932l1Zi5dEPjZvlLoGiHMm2Yl2TRkJQsetoX0JUfKDnWVUEc1yQ&sig=Cg0ArKJSzLBuQXnvQS-eEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=419&vt=11&dtpt=241&dett=3&cstd=173&cisv=r20211207.88897&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 tabbed-ram.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/ Frame 8C7B 101 KB
22 KB 44ms
44ms Script
text/javascript 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

648e4b524914f10b873fcd939163996ae33db25d9fa52c2fdc12070974961f57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 07:59:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53459
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22782
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 21:22:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 07:59:21 GMT

GET
H3 200 tabbed-ram.css
s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/ Frame 8C7B 7 KB
3 KB 43ms
43ms Stylesheet
text/css 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9269089fc6d2d55c4d24b54e7918b49050eb3b2760c18c7fca03cc39a1ee8187

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62003
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2977
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 21:22:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 05:36:57 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8C7B 6 KB
4 KB 55ms
55ms XHR
application/json 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

09aea0ebf5f82e8486bc7f91638ae08207a1b17e212520dcf8fde0b9a2272c02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4516
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 8C7B 3 KB
541 B 56ms
56ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:300,500&t=1640818220205

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

48adc4fd34d19792cd8b25388775c77f0d2f9ca464c4c76b4f0fc7474ff2c079

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 21:52:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 22:50:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8C7B 4 KB
618 B 54ms
54ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&t=1640818220205

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 21:01:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 22:50:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H3 200 40290727_20190626113434391_logo.png
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 10 KB
10 KB 45ms
45ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20190626113434391_logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa59a8c310a5ad9730d56167381ad6331f9040a4066860ddf21a0ee6b8d0ae4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:19:01 GMT
x-content-type-options: nosniff
age: 23479
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9944
x-xss-protection: 0
last-modified: Wed, 26 Jun 2019 18:34:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 16:19:01 GMT

GET
H3 200 40290727_20211118133604041_22-r15dt-970x250-brd-v2-artfull-f1.jpg
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 55 KB
55 KB 46ms
45ms Image
image/jpeg 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20211118133604041_22-r15dt-970x250-brd-v2-artfull-f1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c42baa68674179d2a624a365be53a6e9cf48898e199b695203e17e878bc0bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:01:21 GMT
x-content-type-options: nosniff
age: 6539
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55901
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 21:36:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 21:01:21 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8C7B 17 KB
6 KB 64ms
64ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H3 200 40290727_20211118133604041_22-r15dt-970x250-brd-v2-artfull-f1.jpg
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 55 KB
55 KB 43ms
43ms Image
image/jpeg 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20211118133604041_22-r15dt-970x250-brd-v2-artfull-f1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c42baa68674179d2a624a365be53a6e9cf48898e199b695203e17e878bc0bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:01:21 GMT
x-content-type-options: nosniff
age: 6539
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55901
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 21:36:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 21:01:21 GMT

GET
H3 200 40290727_20190626113434391_logo.png
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 10 KB
10 KB 50ms
50ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20190626113434391_logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/tabbed-ram.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa59a8c310a5ad9730d56167381ad6331f9040a4066860ddf21a0ee6b8d0ae4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:19:01 GMT
x-content-type-options: nosniff
age: 23479
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9944
x-xss-protection: 0
last-modified: Wed, 26 Jun 2019 18:34:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 16:19:01 GMT

GET
DATA 200
OK truncated
/ Frame 8C7B 1015 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 067d0bd30358c7a31e4f42ded3dfa16e316004889d0df81ce5288f36e52ade72

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v40/ Frame 8C7B 31 KB
31 KB 40ms
40ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:300,500&t=1640818220205

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 16:17:50 GMT
x-content-type-options: nosniff
age: 109950
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31624
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:38 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 16:17:50 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 8C7B 16 KB
16 KB 57ms
57ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&t=1640818220205

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 26 Dec 2021 00:09:49 GMT
x-content-type-options: nosniff
age: 340831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Mon, 26 Dec 2022 00:09:49 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 8C7B 15 KB
15 KB 61ms
61ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&t=1640818220205

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 16:23:56 GMT
x-content-type-options: nosniff
age: 109584
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 16:23:56 GMT

GET
H3 200 40290727_20211118135840274_22-r15dt-970x250-tec-v2-artfull-f2.jpg
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 49 KB
49 KB 45ms
45ms Image
image/jpeg 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20211118135840274_22-r15dt-970x250-tec-v2-artfull-f2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b95d24c4df1b1751da3fca115fa1811dccfaacfa73cf8ab6ac5c8b342657113d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:19:58 GMT
x-content-type-options: nosniff
age: 5422
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49671
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 21:58:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 21:19:58 GMT

GET
H3 200 40290727_20211118141528161_22-r15dt-970x250-lux-v2-artfull-f3.jpg
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 42 KB
42 KB 51ms
51ms Image
image/jpeg 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20211118141528161_22-r15dt-970x250-lux-v2-artfull-f3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d86d985b4043c83841ec502287acc973bcf816012d7a9526647191a5df84346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:01:22 GMT
x-content-type-options: nosniff
age: 6538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43138
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 22:15:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 21:01:22 GMT

GET
H3 200 40290727_20211027122213834_empty_pixel.png
s0.2mdn.net/ads/richmedia/studio/40290727/ Frame 8C7B 925 B
954 B 43ms
43ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/40290727/40290727_20211027122213834_empty_pixel.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

effc47acbc67a42414d0ac2699cadfd2f0d3a9d6dbbd0ec0955abf52f3530617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61940420/20211103142215500/index.html?e=69&leftOffset=0&topOffset=0&c=fWyqgwqRo9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 16:48:38 GMT
x-content-type-options: nosniff
age: 21702
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 925
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 19:22:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 16:48:38 GMT

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 2B3B 35 KB
13 KB 40ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 21:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 21:36:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4F0B 17 KB
6 KB 67ms
66ms Script
text/javascript 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Wed, 29 Dec 2021 22:50:20 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9A4F 0
23 B 60ms
60ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssu9hu3vCADcAeEbkX4wpyBROkrkHK_xWwLQlk5dB2UgHgUOQ2NekSCsI0y9IbpOig0gRZ5OBaKFydZrBtcgKznBs3hKHAP5yW2t7TDotl6cA1DdkpwxlDa59dLe7uHilcPfYrY3M6S-OMHB2J9Gg0nExxxpPJOjZv-78DORYyVbrPqTU8kxYIjB1iLCzyZttZy_lQQiIi4CXj3MwnHSyEFmmMQnVgH4M6cNmjN1vJZaM4OzblpEYGZMhTjaLgqO0pxcROtIS68IoXLg0kPowC1YmEuBj-A9SLotrgl2Cfi3BsaBq8RIc_D2Cj3evCvggpGkN2_FjcObirR6w6hLR7NKvb3CEHAbquCpW2SeRT8pLsi8VtzXUIPjTsE01lujt6SYd_DhZpr4wZHF99b2Ix4HS9BhKqvtpxib2uAyUr6nFSp20C0m5WExDZAMnTq0NYYYaa3uOPAxwQuy7tG6lE_8cZ3zyjCIjL5DmXTvXrj3OZhtVqM_NPWbViAtAeFGEjtiVSAmNqdfNNMdZjAg_Y7GWHEnFuAWzQicYTMfMfznmG8oodjz5mRkk_7i9GT2pGij-vDL5z50oPfpRL_AdCH1K20POIQJL1tnLqgGpARWDru48Ix626uO_qV8TRuP4nWuywWxz82d4AQIkCaikW_bQJFBoSLHw3DB2A7k9wzfvj-6oIBmfG42bvqKCN66T6gefUTkozt-SKdI1heEzRYdxm7Y6lo955drL9ufSfiC_PYAkW7AW1vKXAMwWHrPHFIuk3ttKGO_IRVH4ENS5GmaYO4SaAkyGQrx19nwD10H-ClqXRhdSDFfRYSfg9ak_GIRDEFJJn0GDJCq-jR7Ux4gCc8sMlFWWSjx33qyKcNJtV-DCELZG5zzofcgfMvURV0lCgeurXRzaaFnUqWEtIb5eSVB5pHxjq16EkHSiExSrMVdnmbDtD4I8IeD7zm1rli-MuMc1l6BL_Zsa2LkbktnrWhfURQSL8mCenuZMXXStxz84A2a1a-7cN5I-PrmB7l15ekg50YdKgplmBL2jnitxDeUGB4T-sEK5sgzb4-fZvfiPYMtKJVNdjIijRcBzyJsTBQYmf__MahEkp8mBcK8ybGsXqc8OSneMg3lk65VIfRN-W2BnP7MMZ5hd41F1HstbJmAzH0T_St9LKV2Z5YAW3nrOkayRlITvIc2Cxa0muJw2I0HwEwLOR3BdOGUPXq6Nwh4T85SsuS&sai=AMfl-YSqG6EFV2Gbe3pmPoACLlphaHAUaV18OTjL4KgXl8vXXdiXvDF9xXxu_Uvo4BofTuIrDiWW74Ld77RCie7pwwe-Wr-Cs9g7rX-AjDeRPXfIfcBXjLfBva9LOpH2xedUy-XMqrJfRbDzuKtffLs_nt7qp0yXZnyZSIsMEkI&sig=Cg0ArKJSzIm7xFpNYEVuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1018&vt=11&dtpt=814&dett=3&cstd=197&cisv=r20211207.91934&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.officeholidays.com
URL: https://www.officeholidays.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 23406897_20170911152007076_1x1.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 68 B
101 B 44ms
43ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20170911152007076_1x1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:10:45 GMT
x-content-type-options: nosniff
age: 63575
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68
x-xss-protection: 0
last-modified: Mon, 11 Sep 2017 22:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 05:10:45 GMT

GET
H3 200 23406897_20200929165734664_logo_google_store_horiz.svg
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 6 KB
3 KB 44ms
44ms Image
image/svg+xml 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20200929165734664_logo_google_store_horiz.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa52e452bf3d30d47428f3a207ff7f0b9ab0752bfd60faf7f5240f1bcdf9700e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2692
x-xss-protection: 0
last-modified: Tue, 29 Sep 2020 23:57:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 09:14:03 GMT

GET
H3 200 23406897_20210810124009145_pixel5a5g-feature-2-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 44 KB
44 KB 46ms
44ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210810124009145_pixel5a5g-feature-2-970x250.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39b375d2b20b76ca0653de22d169839fbcad3d8dce56625a742fa1a5d97e3ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45302
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 19:40:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H3 200 23406897_20210805113414483_pixel5a5g-feature-3-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 53 KB
53 KB 50ms
48ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210805113414483_pixel5a5g-feature-3-970x250.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fb09bcd929a9477b9525bdf08df161e242c6a95c9a4c6d93c2c23c03405b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54615
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 18:34:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H3 200 23406897_20210810124002215_pixel5a5g-feature-1-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 54 KB
54 KB 53ms
51ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210810124002215_pixel5a5g-feature-1-970x250.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

825e8b59525a9ef5b500dd221f4cf571d47098305549a58db04bce09fefc9581

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55286
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 19:40:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 36ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yeffK0,time:1119,type:e,im:%7Bpci:%7Btdr:1008%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1119,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1112~0%5D,as:%5B1112~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:46,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-server-name: dt20.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame BCD4 35 KB
13 KB 41ms
40ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 21:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 21:36:30 GMT

GET
H3 200 23406897_20210810124009145_pixel5a5g-feature-2-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 44 KB
44 KB 44ms
43ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210810124009145_pixel5a5g-feature-2-970x250.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39b375d2b20b76ca0653de22d169839fbcad3d8dce56625a742fa1a5d97e3ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45302
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 19:40:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H3 200 23406897_20210805113414483_pixel5a5g-feature-3-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 53 KB
53 KB 48ms
47ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210805113414483_pixel5a5g-feature-3-970x250.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fb09bcd929a9477b9525bdf08df161e242c6a95c9a4c6d93c2c23c03405b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54615
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 18:34:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H3 200 23406897_20210810124002215_pixel5a5g-feature-1-970x250.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 54 KB
54 KB 55ms
54ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20210810124002215_pixel5a5g-feature-1-970x250.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

825e8b59525a9ef5b500dd221f4cf571d47098305549a58db04bce09fefc9581

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 08:00:24 GMT
x-content-type-options: nosniff
age: 53396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55286
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 19:40:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 08:00:24 GMT

GET
H3 200 23406897_20170911152007076_1x1.png
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 68 B
101 B 56ms
55ms Image
image/png 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20170911152007076_1x1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:10:45 GMT
x-content-type-options: nosniff
age: 63575
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68
x-xss-protection: 0
last-modified: Mon, 11 Sep 2017 22:20:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 05:10:45 GMT

GET
H3 200 23406897_20200929165734664_logo_google_store_horiz.svg
s0.2mdn.net/ads/richmedia/studio/23406897/ Frame 4F0B 6 KB
3 KB 56ms
55ms Image
image/svg+xml 2607:f8b0:4006:823::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23406897/23406897_20200929165734664_logo_google_store_horiz.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/scripts/bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa52e452bf3d30d47428f3a207ff7f0b9ab0752bfd60faf7f5240f1bcdf9700e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61572723/20210930104338104/index.html?e=69&leftOffset=0&topOffset=0&c=5J0hXzs5o9&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2692
x-xss-protection: 0
last-modified: Tue, 29 Sep 2020 23:57:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Dec 2021 09:14:03 GMT

GET
H3 200 4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4F0B 21 KB
21 KB 50ms
50ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLV154tzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 22:08:28 GMT
x-content-type-options: nosniff
age: 520912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21444
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 23 Dec 2022 22:08:28 GMT

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4F0B 21 KB
21 KB 41ms
40ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 25 Dec 2021 17:46:18 GMT
x-content-type-options: nosniff
age: 363842
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 25 Dec 2022 17:46:18 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D58F 42 B
64 B 56ms
55ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuuGv_FsARueg7eLnpR-3wR0ZOhCqB7u2Um1jxbqyZjODNAwFnq-6pd5OpKDuuJFeVXdw3s8_RzvVnMCqjG8ubdLpoBquhJJHF6hHTWR3qD7xy7mxA&sai=AMfl-YQ5-Q8orcqNKLfoLfZGd9oB9hAxyPgY1hQt0_ymAR3tPIJKX5AwNWtBMebPgRlKONjImLegTaDy6zKmrQocR0hvoqcol3lDDQA-7byQCkz6XaXunBQwV2MakNuEZWw&sig=Cg0ArKJSzPcNKRlOcSwUEAE&cid=CAASFeRoOsRcUU4weaRhxOB60m_AnTBU9w&id=lidar2&mcvt=1021&p=1100,591,1194,1319&mtos=0,1021,1021,1021,1021&tos=0,1021,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3276980286&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640818219008&rpt=542&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
35ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:20 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0BC2 42 B
64 B 56ms
55ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsval-Z0vbhYi14cq3pvs2IQyEGh_rNAsyevBaPl3aGuvtNa6hcTqiqJUsDfPt-AFc_5o__FixGs0Bb7r4ksZ2s92nDUH7nZw33vLsKtRRSnLQztzNs&sai=AMfl-YS8ir1kpp9P-8FnGd4ulMXTyUNMJ8y66rrmMNUKbP26T6FACiJWgsSQCUZrYVTZYcE38Kr3z2PqRNX5kCTzKDD1HeNTgXSHLCQ6548_l_Re19CjEkhBRWAY5ykyVHQ&sig=Cg0ArKJSzFCt8i6p5dQLEAE&cid=CAASFeRoSGkBmeKXsP1r4Toa5eOamPYiFA&id=lidar2&mcvt=1000&p=617,315,867,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4129706618&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1640818218999&rpt=861&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 officeholidays.com Show response
e.deployads.com/e/ 2 B
126 B 35ms
35ms XHR
text/plain 18.214.233.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://e.deployads.com/e/officeholidays.com
Requested by: Host: tags-cdn.deployads.com
URL: https://tags-cdn.deployads.com/a/officeholidays.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.233.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-233-191.compute-1.amazonaws.com
Software: Jetty(7.6.12.v20130726) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.officeholidays.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 29 Dec 2021 22:50:21 GMT
server: Jetty(7.6.12.v20130726)
content-length: 2
content-type: text/plain;charset=UTF-8

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 0AEE 0
91 B 37ms
35ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.0.0
date: Wed, 29 Dec 2021 22:50:21 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 15D8 2 KB
1 KB 128ms
42ms Document
text/html 23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D9DD 52 KB
17 KB 150ms
62ms Document
text/html 23.52.160.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.130 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-130.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 30 Dec 2021 22:50:23 GMT
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 11BA
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1

2 KB
2 KB

37ms
36ms

Document
text/html

67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 2c2e12252bf34ad876b49528d19a6ed42c440be457af90ae9ae821d4709bc5f6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 1634
date: Wed, 29 Dec 2021 22:50:20 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
content-length: 0
date: Wed, 29 Dec 2021 22:50:21 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8F97 14 KB
5 KB 131ms
44ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=57276
expires: Thu, 30 Dec 2021 14:44:57 GMT
date: Wed, 29 Dec 2021 22:50:21 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 5DE7 281 B
554 B 137ms
45ms Document
text/html 104.105.42.146
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.105.42.146 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-105-42-146.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 index.html Show response
cdn.districtm.io/ids/ Frame 59D5 116 B
464 B 97ms
49ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
content-type: text/html
cf-ray: 6c56963c4bd063c9-ATL
age: 65767
last-modified: Thu, 20 May 2021 02:18:27 GMT
via: 1.1 b2f9e47860fb9957b48159f2b1f3173e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-cf-id: FcTn7MIlPwa-IKCtOh7BXwQ6te8-gwJ-hgdodHVnuHA08cNxw7U84Q==
x-amz-cf-pop: ATL56-C2
x-cache: Hit from cloudfront
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 5AF1 0
0 118ms
118ms Document
text/plain 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?us_privacy=1---&informer=9465460
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Server: nginx
Date: Wed, 29 Dec 2021 22:50:21 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap2ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/ib/static/usersync/v3/ Frame 8C35 995 B
875 B 127ms
42ms Document
text/html 23.52.160.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: www.officeholidays.com
URL: https://www.officeholidays.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.160.130 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-160-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 29 Dec 2022 22:50:21 GMT
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=558661cc-e62d-4700-ade9-dfe73f377cca

49 B
951 B

142ms
37ms

Image
image/gif

69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=558661cc-e62d-4700-ade9-dfe73f377cca

Protocol

HTTP/1.1

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-63
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: MT3 4133 baa842e master iad-pixel-x1 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=558661cc-e62d-4700-ade9-dfe73f377cca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d237a970-b0c0-4241-b196-f25e8b25f827&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=aXZhaFQ4cGpQTTV1T0M5dTd2dnphZw&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEMMJSQe0o5PFMVDseJzrec8&google_cver=1
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kKLvhsdg4nDb

49 B
927 B

58ms
37ms

Image
image/gif

69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kKLvhsdg4nDb

Protocol

HTTP/1.1

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-19
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kKLvhsdg4nDb
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-685df6f7b9-tcs4m
expires: -1

GET
H/1.1 200
OK sync.php
demand.trafficroots.com/ 0
0 223ms
73ms Image
text/html 162.254.186.187
SCALEMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://demand.trafficroots.com/sync.php?buyer=3091&buyeruid=TRRT&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.254.186.187 Temecula, United States, ASN33695 (SCALEMATRIX, US),
Reverse DNS: www.abcbymebath.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2

200

r1
c.deployads.com/cs/
Redirect Chain

https://sync.1rx.io/usersync2/sortable?us_privacy=1---
https://sync.targeting.unrulymedia.com/csync/RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005?redir=https%3A%2F%2Fc.deployads.com%2Fcs%2Fr1%3Fb%3DRX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005%26us_privacy...
https://c.deployads.com/cs/r1?b=RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005&us_privacy=1---

43 B
365 B

35ms
35ms

Image
image/gif

44.193.114.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.deployads.com/cs/r1?b=RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005&us_privacy=1---
Protocol: H2
Server: 44.193.114.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-114-165.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: no-cache
server: SortableCactus/1.0
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: Tengine
ETag: RXbbe6faa1b1774c37bc75b423d14af9bf005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://c.deployads.com/cs/r1?b=RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005&us_privacy=1---
Connection: keep-alive
Content-Type: text/html

GET
H2

200

CNVT
c.deployads.com/cs/
Redirect Chain

https://sortable-match.dotomi.com/match/bounce/current?networkId=64743&version=1&us_privacy=1---
https://sortable-match.dotomi.com/match/bounce/current?DotomiTest=6905d54e0c7a08ef&is_secure=true&networkId=64743&version=1&us_privacy=1---
https://c.deployads.com/cs/CNVT?b=AAADLIcwUvSDHANEhez0AAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1---

43 B
296 B

40ms
39ms

Image
image/gif

44.193.114.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.deployads.com/cs/CNVT?b=AAADLIcwUvSDHANEhez0AAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1---
Protocol: H2
Server: 44.193.114.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-114-165.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: no-cache
server: SortableCactus/1.0
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://c.deployads.com/cs/CNVT?b=AAADLIcwUvSDHANEhez0AAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1---
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET

6.gif
id5-sync.com/cq/434/916/4/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=fb9580c293&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=fb9580c293&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=9b404231-23ab-467b-a268-f4f258cb6e8b&pubid=fb9580c293
https://id5-sync.com/s/434/9.gif?puid=d237a970-b0c0-4241-b196-f25e8b25f827&gdpr=0&gdpr_consent=
https://id5-sync.com/c/434/434/9/1.gif?puid=d237a970-b0c0-4241-b196-f25e8b25f827&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent=
https://id5-sync.com/c/434/2/8/2.gif?puid=5281263057379193593&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
https://id5-sync.com/c/434/3/7/3.gif?puid=558661cc-e62d-4700-ade9-dfe73f377cca&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
https://id5-sync.com/k/264.gif?puid=9b404231-23ab-467b-a268-f4f258cb6e8b&ttl=%%TTL%%
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033
https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domi...
https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=103...
https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEO60M9U4p82FjJb0Il7b07Q&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0Rv...
https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=5281263057379193593&opid=apx&ops=&utidl=tech:goo:CAESEO60M9U4p82FjJb0Il7b07Q&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0a...
https://id5-sync.com/qp/18.gif?puid=vec%3A23994171262&sd=Y2FzY2FkZXNSZW1haW5pbmc9NSZjYXNjYWRlc0RvbmU9NSZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F4%2F6.gif%3Fpuid%3...
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMO13YRPzqpjrhgNLUkHSRYv-rfAqw-RlUgTKda8g&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F4%2F6.gif%3F...
https://id5-sync.com/cq/434/916/4/6.gif?puid=8e0bcac4-1871-4742-bc72-03f582e3e215&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

0
0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758876085678044

49 B
933 B

134ms
35ms

Image
image/gif

69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758876085678044

Protocol

HTTP/1.1

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-46
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758876085678044
Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

AMOB
c.deployads.com/cs/
Redirect Chain

https://ad.turn.com/r/cs?pid=56&us_privacy=1---
https://c.deployads.com/cs/AMOB?b=8370084033819338431

43 B
384 B

35ms
34ms

Image
image/gif

44.193.114.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.deployads.com/cs/AMOB?b=8370084033819338431
Protocol: H2
Server: 44.193.114.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-114-165.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: no-cache
server: SortableCactus/1.0
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://c.deployads.com/cs/AMOB?b=8370084033819338431
pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=86af9886-5932-44b0-a103-d403cbdc6a7c&google_hm=ODZhZjk4ODYtNTkzMi00NGIwLWExMDMtZDQwM2NiZGM2YTdj
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJKaL-hyVva8e2KMTGA8US8&google_cver=1&ssp=sonobi&bsw_param=86af9886-5932-44b0-a103-d403cbdc6a7c
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=86af9886-5932-44b0-a103-d403cbdc6a7c

49 B
864 B

36ms
36ms

Image
image/gif

69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=86af9886-5932-44b0-a103-d403cbdc6a7c

Protocol

HTTP/1.1

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.officeholidays.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-19
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=86af9886-5932-44b0-a103-d403cbdc6a7c
Date: Wed, 29 Dec 2021 22:50:21 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 idsync.d5cb6b96.js Show response
cdn.districtm.io/ids/ Frame 59D5 3 KB
2 KB 43ms
43ms Script
application/javascript 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js
Requested by: Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aebd50af0cd8da2f314a52e2088788775d1a441bd674ef9379578e7bc1b5ad50

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/ids/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
via: 1.1 a20436c6d109fe9002d093f519ad4399.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 158314
cf-polished: origSize=3302
x-cache: Hit from cloudfront
cf-bgj: minify
content-encoding: br
last-modified: Thu, 20 May 2021 02:18:27 GMT
server: cloudflare
etag: W/"74ede07ef946dc2316f86b2661cf2dd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
x-amz-cf-pop: IAD89-C2
cf-ray: 6c56963cbcda63c9-ATL
x-amz-cf-id: 1eRSpWhdVAkBadFJp4F5rFN7MnzWD6LrYuBkp7TuCOeRux1TRVDlcg==
expires: Fri, 31 Dec 2021 22:50:21 GMT

GET
H2 200 buyers Show response
dmx.districtm.io/s/v1/ Frame 59D5 483 B
819 B 48ms
46ms XHR
application/json 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/buyers

Requested by

Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04795708b8881350f9f4ab4006bd7b92a3f9dc62b278841abd4f89bcb3cba93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: DELETE, GET, OPTIONS, POST
content-type: application/json
access-control-allow-origin: https://cdn.districtm.io
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6c56963d2dc663c9-ATL
access-control-allow-headers: Origin, Content-Type

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5DE7 32 KB
10 KB 50ms
49ms Script
text/html 104.105.42.146
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.105.42.146 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-105-42-146.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Dec 2021 23:04:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=44186
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9702
Expires: Thu, 30 Dec 2021 11:06:47 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8F97 2 KB
2 KB 122ms
40ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=2153805&p=156961&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 7e3f9c9993362adbf52e8ae4850c28af191b0cd658b3b8322a7d8b3fe5a56495

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 1570
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK async_usersync Show response
secure.adnxs.com/ Frame 8C35 0
729 B 161ms
75ms Script
text/html 68.67.160.25
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.25 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

563.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:21 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 563.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 0dfdf6af-596b-4bc1-a9c2-687a99549a3e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

mxubsQJATC1TvDUj7p_ja1x3E0k Show response
dmx.districtm.io/s/10026/ Frame 59D5
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=132
https://dmx.districtm.io/s/10026/mxubsQJATC1TvDUj7p_ja1x3E0k

83 B
149 B

54ms
53ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10026/mxubsQJATC1TvDUj7p_ja1x3E0k

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b07cf0ad0900044debc66be48a1e08c77415aa2ce9112b5e063c615379183c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Wed, 29 Dec 2021 22:50:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6c56963e69d563c9-ATL

Redirect headers

Location: https://dmx.districtm.io/s/10026/mxubsQJATC1TvDUj7p_ja1x3E0k
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Content-Length: 83
Content-Type: text/html; charset=utf-8

GET
H2

200

y-KpChjp9E2uEtA2ZYx.X2soZHMlu5ObuG_HZTeeM-~A Show response
dmx.districtm.io/s/10057/ Frame 59D5
Redirect Chain

https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent=
https://dmx.districtm.io/s/10057/y-KpChjp9E2uEtA2ZYx.X2soZHMlu5ObuG_HZTeeM-~A

100 B
180 B

64ms
63ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10057/y-KpChjp9E2uEtA2ZYx.X2soZHMlu5ObuG_HZTeeM-~A

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

339a727ccf15256ee933abc2c251dd68a838b0ba5c0b15b5c1faa99fdeb37826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Wed, 29 Dec 2021 22:50:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6c56963e294563c9-ATL

Redirect headers

location: https://dmx.districtm.io/s/10057/y-KpChjp9E2uEtA2ZYx.X2soZHMlu5ObuG_HZTeeM-~A
date: Wed, 29 Dec 2021 22:50:21 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

y-iypMXUJE2uHG_.P8_dq8JwWnxIJz8BX7~A~UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf Show response
dmx.districtm.io/s/10051/ Frame 59D5
Redirect Chain

https://pixel.advertising.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58270/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf
https://dmx.districtm.io/s/10051/y-iypMXUJE2uHG_.P8_dq8JwWnxIJz8BX7~A~UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf

131 B
187 B

52ms
52ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10051/y-iypMXUJE2uHG_.P8_dq8JwWnxIJz8BX7~A~UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2152a6c5c3e7546a46e0ceb1db0710c7162245e43f54674caf72b83d19dea621

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Wed, 29 Dec 2021 22:50:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6c56963eaa5463c9-ATL

Redirect headers

location: https://dmx.districtm.io/s/10051/y-iypMXUJE2uHG_.P8_dq8JwWnxIJz8BX7~A~UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf
date: Wed, 29 Dec 2021 22:50:21 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

86af9886-5932-44b0-a103-d403cbdc6a7c Show response
dmx.districtm.io/s/10009/ Frame 59D5
Redirect Chain

https://x.bidswitch.net/sync?ssp=districtm&user_id=22ymV7OIuNmZY4PbgXB2IS2Wlv8
https://server.cpmstar.com/usersync.aspx?bsw_custom_parameter=86af9886-5932-44b0-a103-d403cbdc6a7c&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D440%26ssp...
https://x.bidswitch.net/sync?dsp_id=440&ssp=districtm&user_id=y-sfm0vYgBt64MXqdRV10
https://dmx.districtm.io/s/10009/86af9886-5932-44b0-a103-d403cbdc6a7c

92 B
141 B

53ms
53ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10009/86af9886-5932-44b0-a103-d403cbdc6a7c

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a45653af53700c6a9fc019b7b33b5862ef49d0c937f2a90d1d7022edcaa7fe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Wed, 29 Dec 2021 22:50:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6c56963f0b4263c9-ATL

Redirect headers

Location: //dmx.districtm.io/s/10009/86af9886-5932-44b0-a103-d403cbdc6a7c
Date: Wed, 29 Dec 2021 22:50:21 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

c823a97a-46b2-4e5c-9a9f-0de433db094e Show response
dmx.districtm.io/s/10059/ Frame 59D5
Redirect Chain

https://match.sharethrough.com/1PQ8qgv7/v1/
https://dmx.districtm.io/s/10059/c823a97a-46b2-4e5c-9a9f-0de433db094e

92 B
140 B

58ms
57ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10059/c823a97a-46b2-4e5c-9a9f-0de433db094e

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaa6120847310e097bf212e46e0154f2ed4cf57bcfe1e669a2540c9051d03ea8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Wed, 29 Dec 2021 22:50:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6c56963e396e63c9-ATL

Redirect headers

location: https://dmx.districtm.io/s/10059/c823a97a-46b2-4e5c-9a9f-0de433db094e
date: Wed, 29 Dec 2021 22:50:21 GMT
content-length: 0

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B9B3
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=1---
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---

281 B
554 B

55ms
55ms

Document
text/html

104.105.42.146
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.105.42.146 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-105-42-146.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: about:blank

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---
Date: Wed, 29 Dec 2021 22:50:21 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2

200

user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B193
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=1---&ts=1640818221663.6&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26pre...
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=1---&predirect=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D25%26external_...

14 KB
5 KB

43ms
43ms

Document
text/html

23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=1---&predirect=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D25%26external_user_id%3D
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: about:blank

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=57276
expires: Thu, 30 Dec 2021 14:44:57 GMT
date: Wed, 29 Dec 2021 22:50:21 GMT
vary: Accept-Encoding

Redirect headers

p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01-Jan-70 00:00:01 GMT
x-33x-status: 40000000008200000A
server: 33XP001
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=1---&predirect=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D25%26external_user_id%3D
content-length: 0
date: Wed, 29 Dec 2021 22:50:20 GMT

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame 11BA
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=1---
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=the33across&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=93&user_id=9b404231-23ab-467b-a268-f4f258cb6e8b&expires=30&ssp=the33across&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
https://ssc-cms.33across.com/ps/?gdpr_consent=&ri=10&ru=https%3A%2F%2Fcms-xch.33across.com%2Fmatch%3Fgdpr_58%3D%24gdpr_58%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D%26bidder_id%3...
https://cms-xch.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c
https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c

68 B
127 B

44ms
43ms

Image
image/png

34.117.239.71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: nginx/1.20.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
via: 1.1 google, 1.1 google
server: nginx/1.20.1
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: clear
content-length: 68
content-type: image/png

Redirect headers

location: https://cms-xch-chicago.33across.com:443/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=86af9886-5932-44b0-a103-d403cbdc6a7c
date: Wed, 29 Dec 2021 22:50:22 GMT
server: awselb/2.0
content-length: 134
content-type: text/html

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame 11BA
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=1---&ts=1640818221663.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%2...
https://sync.mathtag.com/sync/img?us_privacy=1---&mt_exid=73&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D1---%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
https://cms-xch-chicago.33across.com/match?liv=g&us_privacy=1---&bidder_id=1&external_user_id=558661cc-e62d-4700-ade9-dfe73f377cca

68 B
213 B

77ms
42ms

Image
image/png

34.117.239.71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?liv=g&us_privacy=1---&bidder_id=1&external_user_id=558661cc-e62d-4700-ade9-dfe73f377cca
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: nginx/1.20.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
via: 1.1 google, 1.1 google
server: nginx/1.20.1
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: clear
content-length: 68
content-type: image/png

Redirect headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: MT3 4133 baa842e master iad-pixel-x7 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cms-xch-chicago.33across.com/match?liv=g&us_privacy=1---&bidder_id=1&external_user_id=558661cc-e62d-4700-ade9-dfe73f377cca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame 11BA
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d~A
https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d%7EA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
127 B

119ms
69ms

Image
image/png

34.117.239.71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d%7EA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: nginx/1.20.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
via: 1.1 google, 1.1 google
server: nginx/1.20.1
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: clear
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:20 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-VbJ..vJE2uEPQrDmEHFFjkVqexboa.2d%7EA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame 11BA
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=1---
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=3c275114b74b08f0&is_secure=true&networkId=78390&version=1&us_privacy=1---
https://ssc-cms.33across.com/ps?xi=64&xu=AAADLZgJhd8OKgMGIJSJAAAAAAA&expiration=1640904621&is_secure=true&us_privacy=1---
https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAADLZgJhd8OKgMGIJSJAAAAAAA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---

68 B
127 B

63ms
42ms

Image
image/png

34.117.239.71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAADLZgJhd8OKgMGIJSJAAAAAAA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: nginx/1.20.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=bB6WE2N0Cr6QCOaKkGJozW&gdpr_consent=undefined&us_privacy=1---&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
via: 1.1 google, 1.1 google
server: nginx/1.20.1
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: clear
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
referrer-policy: unsafe-url
server: 33XP004
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAADLZgJhd8OKgMGIJSJAAAAAAA&ts=1640818221&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 042E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208

35 B
467 B

44ms
44ms

Document
image/gif

185.167.164.37
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.37 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 29 Dec 2021 22:50:21 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Wed, 29 Dec 2021 22:50:21 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=03ABEA37-B440-463C-BB9F-909645C52208
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

502

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9E41
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm

568 B
650 B

86ms
39ms

Document
text/html

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 7921a6035cc8a0981a5dee737dd3d29b150ddd48407717d3fca4b6376f2b0e70

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 29 Dec 2021 21:48:57 GMT
content-type: text/html; charset=UTF-8
content-length: 568

Redirect headers

server: Varnish
retry-after: 0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm
accept-ranges: bytes
date: Wed, 29 Dec 2021 22:50:21 GMT
via: 1.1 varnish
x-served-by: cache-atl18458-ATL
x-cache: HIT
x-cache-hits: 0
x-timer: S1640818222.843692,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H2 200 pubm Show response
c.deployads.com/cs/ Frame 1BDC 43 B
330 B 36ms
34ms Document
image/gif 44.193.114.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.deployads.com/cs/pubm?b=03ABEA37-B440-463C-BB9F-909645C52208
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.193.114.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-114-165.compute-1.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
content-type: image/gif
content-length: 43
server: SortableCactus/1.0
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
pragma: no-cache

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8F97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=A6vqN7RARjy7n5CWRcUiCA%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

45ms
44ms

Image
text/html

23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=57276
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Thu, 30 Dec 2021 14:44:57 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 8F97
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=03ABEA37-B440-463C-BB9F-909645C52208
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDAzQUJFQTM3LUI0NDAtNDYzQy1CQjlGLTkwOTY0NUM1MjIwOBAAGg0IrcyzjgYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=efc06d99f8bed6bada834ce60873cebafbd48f65881b24909f15d6bf12b98561791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlZmMwNmQ5OWY4YmVkNmJhZGE4MzRjZTYwODczY2ViYWZiZDQ4ZjY1ODgxYjI0OTA5ZjE1ZDZiZjEyYjk4NTYxNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlZmMwNmQ5OWY4YmVkNmJhZGE4MzRjZTYwODczY2ViYWZiZDQ4ZjY1ODgxYjI0OTA5ZjE1ZDZiZjEyYjk4NTYxNzkxNDI2YjU0MTdkY2UyMRAAGgwIrsyzjgYSBAgCEABCAEoA&goog...
https://usermatch.krxd.net/um/v2?partner=liveramp_identity
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity

0
337 B

396ms
128ms

Image
text/plain

52.18.40.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 52.18.40.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-40-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1640818222
x-served-by: beacon-n013-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
date: Wed, 29 Dec 2021 22:50:22 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a001-ash-prod.krxd.net

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=558661cc-e62d-4700-ade9-dfe73f377cca

0
259 B

144ms
40ms

Image
text/plain

104.36.115.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=558661cc-e62d-4700-ade9-dfe73f377cca
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:20 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Server: MT3 4133 baa842e master iad-pixel-x12 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=558661cc-e62d-4700-ade9-dfe73f377cca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 29 Dec 2021 22:50:20 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDNBQkVBMzctQjQ0MC00NjNDLUJCOUYtOTA5NjQ1QzUyMjA4&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
186 B

113ms
35ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:22:54 GMT
cache-control: no-store, no-cache, private
x-lat: va2pug001:0:451
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC59CVTe-bSEjezCmQv_Fgc&google_cver=1

42 B
437 B

107ms
35ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC59CVTe-bSEjezCmQv_Fgc&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 18:12:46 GMT
cache-control: no-store, no-cache, private
x-lat: va2pug002:0:417
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC59CVTe-bSEjezCmQv_Fgc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7F2FCDF0C65740BE9AC81D5744563E67

42 B
533 B

126ms
34ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7F2FCDF0C65740BE9AC81D5744563E67
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: no-store, no-cache, private
x-lat: va1pug015:0:405
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Wed, 29 Dec 2021 22:50:21 GMT
x-content-type-options: nosniff
server: nginx
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:7F2FCDF0C65740BE9AC81D5744563E67
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 28 Dec 2021 22:50:21 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=9b404231-23ab-467b-a268-f4f258cb6e8b

42 B
595 B

146ms
40ms

Image
image/gif

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=9b404231-23ab-467b-a268-f4f258cb6e8b
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 21:06:09 GMT
cache-control: no-store, no-cache, private
x-lat: njrpug030:0:423
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=9b404231-23ab-467b-a268-f4f258cb6e8b
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

502

Pug
simage2.pubmatic.com/AdServer/ Frame 8F97
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2534263341677307583&gdpr=0&gdpr_consent=&us_privacy=

0
0

85ms
40ms

Image
text/html

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2534263341677307583&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2534263341677307583&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 29 Dec 2021 22:50:21 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B9B3 32 KB
10 KB 58ms
57ms Script
text/html 104.105.42.146
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.105.42.146 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-105-42-146.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 22:50:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Dec 2021 23:04:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=44186
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9702
Expires: Thu, 30 Dec 2021 11:06:47 GMT

POST
H2 204 users Show response
dmx.districtm.io/s/v1/ Frame 59D5 0
732 B 90ms
89ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/users

Requested by

Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://cdn.districtm.io/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: DELETE, GET, OPTIONS, POST
access-control-allow-origin: https://cdn.districtm.io
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6c5696401e4463c9-ATL
access-control-allow-headers: Origin, Content-Type

OPTIONS
H2 204 users
dmx.districtm.io/s/v1/ Frame 0
0 102ms
54ms Preflight 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://cdn.districtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
cf-ray: 6c56963fbf17eaeb-ATL
access-control-allow-origin: https://cdn.districtm.io
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type
access-control-allow-methods: DELETE, GET, OPTIONS, POST
access-control-max-age: 14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 35ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yefg9q,pingTime:1,time:2695,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:1693%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1693,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1687~0,0~100%5D,as:%5B1687~970.250%5D%7D%7D,%7Bsl:i,t:1693,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:46,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 35ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yefg9r,pingTime:1,time:2696,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:1693%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1003,o:1693,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1687~0,0~100%5D,as:%5B1687~970.250%5D%7D%7D,%7Bsl:i,t:1693,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:46,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0BC2 43 B
215 B 36ms
35ms Image
image/gif 3.212.141.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=549590&asId=78f08659-13a4-c2bd-48ed-ae73c454071f&tv=%7Bc:yefg9r,pingTime:1,time:2696,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:22%7D,%7Bpiv:100,vs:i,r:,t:1693%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1003,o:1693,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1687~0,0~100%5D,as:%5B1687~970.250%5D%7D%7D,%7Bsl:i,t:1693,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:46,fm:sT1E20N+11%7C12%7C131%7C14%7C15%7C161%7C17*.549590-52686815%7C171%7C181%7C191,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.141.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-141-148.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5DE7
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1---
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MjJmMTc1NTRmNmJjZGNlYmYzNTU1NWZjZjUwZWMzODM5M2U5OGU4ZA&us_privacy=1---

170 B
188 B

57ms
56ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MjJmMTc1NTRmNmJjZGNlYmYzNTU1NWZjZjUwZWMzODM5M2U5OGU4ZA&us_privacy=1---

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MjJmMTc1NTRmNmJjZGNlYmYzNTU1NWZjZjUwZWMzODM5M2U5OGU4ZA&us_privacy=1---
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0963d041a95f271fbba7f411adc03573
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 5DE7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1---
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDwLmjRuF0HrJIIYslO0c8&google_cver=1

42 B
710 B

303ms
76ms

Image
image/gif

8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDwLmjRuF0HrJIIYslO0c8&google_cver=1
Protocol: HTTP/1.1
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 750589468d5634b7e99830971becaf64
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDwLmjRuF0HrJIIYslO0c8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 5DE7
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1---
https://pr-bh.ybp.yahoo.com/sync/rubicon/ah52-EGraOQ5IKBRQVQFBQ?csrc=&us_privacy=1---
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6759607224088720442

42 B
710 B

78ms
78ms

Image
image/gif

8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6759607224088720442
Protocol: HTTP/1.1
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 750589468d5634b7e99830971becaf64
Content-Type: image/gif

Redirect headers

date: Wed, 29 Dec 2021 22:50:22 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6759607224088720442
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 5DE7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1---
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YczmLQABqCmoGQAm&us_privacy=1---

42 B
710 B

305ms
76ms

Image
image/gif

8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YczmLQABqCmoGQAm&us_privacy=1---
Protocol: HTTP/1.1
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 750589468d5634b7e99830971becaf64
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1640818222.289593,VS0,VE0
x-served-by: cache-atl18458-ATL
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YczmLQABqCmoGQAm&us_privacy=1---
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 709414.gif
id.rlcdn.com/ Frame 5DE7 42 B
315 B 49ms
46ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif?us_privacy=1---
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Dec 2021 22:50:22 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 5DE7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&us_privacy=1---
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=558661cc-e62d-4700-ade9-dfe73f377cca&expires=28

42 B
710 B

302ms
76ms

Image
image/gif

8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=558661cc-e62d-4700-ade9-dfe73f377cca&expires=28
Protocol: HTTP/1.1
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: b2a5c63b17f16a8024ffc6259157eaa8
Content-Type: image/gif

Redirect headers

Date: Wed, 29 Dec 2021 22:50:22 GMT
Server: MT3 4133 baa842e master iad-pixel-x13 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=558661cc-e62d-4700-ade9-dfe73f377cca&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 29 Dec 2021 22:50:21 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 5DE7
Redirect Chain

https://token.rubiconproject.com/token?pid=26594&us_privacy=1---
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXS4SVXC-Y-5VDJ&sigv=1&esig=2~21e2ee0121cf8bd5bbe95637ab111a3233eaf0a5&us_privacy=1---

0
445 B

113ms
37ms

Image
text/plain

2001:4998:14:800::1000
YAHOO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXS4SVXC-Y-5VDJ&sigv=1&esig=2~21e2ee0121cf8bd5bbe95637ab111a3233eaf0a5&us_privacy=1---

Protocol

Server

2001:4998:14:800::1000 Ashburn, United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KXS4SVXC-Y-5VDJ&sigv=1&esig=2~21e2ee0121cf8bd5bbe95637ab111a3233eaf0a5&us_privacy=1---
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dbbc2dbf689859fb5870b364473d5441
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 5DE7
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1---
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9b404231-23ab-467b-a268-f4f258cb6e8b&gdpr=0&gdpr_consent=&expires=30

42 B
710 B

304ms
77ms

Image
image/gif

8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9b404231-23ab-467b-a268-f4f258cb6e8b&gdpr=0&gdpr_consent=&expires=30
Protocol: HTTP/1.1
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 750589468d5634b7e99830971becaf64
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9b404231-23ab-467b-a268-f4f258cb6e8b&gdpr=0&gdpr_consent=&expires=30
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 289

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame B9B3
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=1---&us_privacy=1---&khaos=KXS4SVXC-Y-5VDJ
https://ssc-cms.33across.com/ps/?xi=1&xu=KXS4SVXC-Y-5VDJ&us_privacy=1---
https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KXS4SVXC-Y-5VDJ&ts=1640818222&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---

68 B
127 B

42ms
41ms

Image
image/png

34.117.239.71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KXS4SVXC-Y-5VDJ&ts=1640818222&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: nginx/1.20.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:22 GMT
via: 1.1 google, 1.1 google
server: nginx/1.20.1
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: clear
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 29 Dec 2021 22:50:22 GMT
referrer-policy: unsafe-url
server: 33XP002
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KXS4SVXC-Y-5VDJ&ts=1640818222&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=1---
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D9DD 0
729 B 46ms
45ms Script
text/html 68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 22:50:22 GMT
X-Proxy-Origin: 92.119.19.73; 92.119.19.73; 634.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 212cb53a-7e4d-4ca5-8a4a-80c70fbea1cc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 8F97 0
260 B 598ms
35ms Script
text/plain 8.28.7.84

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156961&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156961&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Fc.deployads.com%2Fcs%2Fpubm%3Fb%3DPM_UID&us_privacy=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 22:50:23 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: id5-sync.com
URL: https://id5-sync.com/cq/434/916/4/6.gif?puid=8e0bcac4-1871-4742-bc72-03f582e3e215&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

112 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.officeholidays.com/	1970-01-20 17:18:10	Name: _ga Value: GA1.2.654536387.1640818217
.officeholidays.com/	1970-01-19 23:48:24	Name: _gid Value: GA1.2.156153302.1640818217
.officeholidays.com/	1970-01-19 23:46:58	Name: _gat_gtag_UA_1309994_2 Value: 1
www.officeholidays.com/	1970-01-19 23:47:00	Name: __rtgt_sid Value: kxs4sv7zpvkbse
www.officeholidays.com/	1970-01-20 09:17:12	Name: __atuvc Value: 1%7C52
www.officeholidays.com/	1970-01-19 23:47:00	Name: __atuvs Value: 61cce6292b7a013f000
.addthis.com/	1970-01-20 09:17:12	Name: uvc Value: 1%7C52
.addthis.com/	1970-01-20 09:08:34	Name: ouid Value: 61cce6290001892f56975e46c432ff2ff25eddc8514dde43d0c9
.addthis.com/	1970-01-20 09:08:34	Name: di2 Value: aVQTi#&0x#&g#%Os#%Or#%Km#%Kf#%IX#%IQ#%HV#%F\|#%FS#%FR#%FQ#%E~#%/p#%/o#%/n#%$~#$Mr#$M`#$Ll#$L^#$LZ#$Gr#$CT#$7r#$1~#$0\|#$+U#$)\|#$){#$(w#$(T#$(S#$(R#$(Q#$$c#$$b#$!}##NW##Mz##Md##LU##Iz##Ix##Gr##Ed##Eb##EZ##Bq##Bp##@q##>W##>U##'V###l#!0}#!/p#!$s#!!xPNePNdPNcPNbPDtPC]PC[P<nP8UP7sP7rP7qP7mP7lP7kP2SO1iO1hO1gO(rO(qO(pO(cO(bO'vO'uN+gN+QN'yN#xMLcM?gM?fM>VM>UM>TM>SM>RM>QM7oM7nM7mM7lM7]M7XM-{M-rM-qM+}M+zMfM'fM'bM&oM&nM&mM&^M&]M&[LFTLEsLErLEqLEpLDkL.wJEXJ&ZJ&YJ&XJ&WJ&VJ&UJ#\|J#{J#sJ#rIIYIIXIHcIHbIH[IFcIFbICiI?VI?UI6rI5fI5TI5SI3\|I3{I3yI3rI2bI1oI/}I/\|I/jI+lG'`$+S83}7>Z7:m77h77g7.k7.b7-~7-}7o7k7)\|7)m7'h7'g7#t6L]6L[6Kh6Kg6Hu6Hq6Hp6Ho6Hn6Hm6FW6FV6C{6@t6@s5)z5)y5)`5)_5)^5(n5(b5'~4JX4?Z4=a4=^0%w0%v0%q)1i)1b#=-u#91x#84{#61Q#6+S#5LV#54R#2Ol#08^#08W#03h#-Iy#/}#/{#/R#.~#&]#&Z#)N}#)N{#)Gc#)Ga#)-i#)-g#)-e#)V#)T#))~#))\|#(8k#(5i#(5Q#(4~#(1t#(/]#'FX#'E{#'8f#'&U#'&T#&He#&GQ#&@r#&@q#&@p#&<]
.addthis.com/	1970-01-20 05:55:36	Name: bt2 Value: 61cce629001xs0002001Ps0002
.addthis.com/	1970-01-20 09:08:34	Name: um Value: j.'2021122922501786900081878001'
.addthis.com/	1970-01-20 09:08:34	Name: uid Value: 61cce629fe3c9fa6
.addthis.com/	1970-01-20 09:08:34	Name: na_id Value: 2021122922501786900081878001
.addthis.com/	1970-01-20 09:08:34	Name: vc Value: 2
.addthis.com/	1970-01-20 09:17:12	Name: loc Value: MzcwMTNOQVVTVE4yMTYwMDkzNDY1OTAwMDBDSA==
.go.sonobi.com/	1970-01-20 00:30:10	Name: __uis Value: d237a970-b0c0-4241-b196-f25e8b25f827
.go.sonobi.com/	1970-01-19 23:48:24	Name: _usd_officeholidays.com Value: df12da01-cbe8-4ecd-8358-076d77c77f3c
.go.sonobi.com/	1970-01-19 23:48:24	Name: __uir_td Value: 1
.go.sonobi.com/	1970-01-20 00:08:34	Name: __uir_mm Value: 1
.go.sonobi.com/	1970-01-19 23:47:27	Name: __uir_bw Value: 1
.go.sonobi.com/	1970-01-20 00:05:41	Name: __uir_pp Value: 1
.go.sonobi.com/	1970-01-20 00:05:41	Name: __uir_zt Value: 1
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8A Value: s8556\|YczmL
.adnxs.com/	1970-01-20 01:56:34	Name: icu Value: ChgI671tEAoYASABKAEwqsyzjgY4AUABSAEQqsyzjgYYAA..
.adnxs.com/	1970-01-20 01:56:34	Name: uuid2 Value: 5281263057379193593
.yahoo.com/	1970-01-20 08:32:55	Name: A3 Value: d=AQABBCrmzGECEIoRj6c2oY-MEtB1IoOPvMAFEgEBAQE3zmHWYQAAAAAA_eMAAA&S=AQAAAo49mPKLW-S1sxCOtm-K0Ok
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|Cdq1KlsL5K/eRzGv3MM1DE/cu41hP7athSVRSZb1VQ0brISUOGOPRcSYCqaOieGkTxzCtT3GWjvGeUmnD2WgFA74oVwAuQBYukd6VYKHEQIhzG3GS+IOU6uTSg==
.amazon-adsystem.com/	1970-01-20 04:11:55	Name: ad-id Value: AyHj_p4RVUwlnGhb80NoWyc
.amazon-adsystem.com/	1970-01-21 19:40:43	Name: ad-privacy Value: 0
.rubiconproject.com/	1970-01-20 08:32:34	Name: khaos Value: KXS4SVXC-Y-5VDJ
.yieldmo.com/	1970-01-20 08:32:34	Name: yieldmo_id Value: g73c5bf6e62aef112220%7C1640818218358%7C2910513261237290771%7C
.deployads.com/	1970-01-20 08:32:55	Name: d7s_uid Value: r4wffucx7tim
.lijit.com/	1970-01-20 08:32:34	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 08:32:34	Name: ljt_reader Value: b09351c974ffe5083d9f8d21
.simpli.fi/	1970-01-20 08:34:00	Name: suid Value: 7F2FCDF0C65740BE9AC81D5744563E67
.officeholidays.com/	1970-01-20 09:08:34	Name: __gads Value: ID=3936b05ccacb8915-22cd5bb201cf00ed:T=1640818218:S=ALNI_MY14-qetzDjrVhCG-Zi7YrNfc12xA
.doubleclick.net/	1970-01-20 09:08:34	Name: IDE Value: AHWqTUnHMJai5yCucnjqwgT0bzNO6z8C8YERMkw3e7ogMzeTdOwwksS344M6Nex1fWs
.casalemedia.com/	1970-01-20 01:56:34	Name: CMPS Value: 2847
.casalemedia.com/	1970-01-20 08:32:34	Name: CMID Value: YczmK5HUD9X-pQUFzSEGOwAA
.adnxs.com/	1970-01-20 01:56:34	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>>ev+5U!]tbPl1M>e)ZlrFUfJ+tGXxo7c=?%A[fG=LAGCKHP:+TcFs>gWaaVNiW/>mebpRzqF1`b_q.2g/7
.casalemedia.com/	1970-01-20 01:56:34	Name: CMPRO Value: 937
.casalemedia.com/	1970-01-19 23:48:24	Name: CMST Value: YczmK2HM5isA
.casalemedia.com/	1970-01-20 08:32:34	Name: CMRUM3 Value: 2d61cce62b2760CAESEE8Guw0FFHoYloUw8iEQSyo
.bluekai.com/	1970-01-20 04:06:10	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 04:06:10	Name: bkpa Value: KJyNpW6mCY91CrcEbaSvozOiTLSnssQ0ERxCuM0d4X00Edm2y0bPOTL/BJVF8wgCQlw+hkkubPXJW32qsIDxBEV1/5lEbtc9AGshKPZUymkBS/2/lon2CfS7O9EAxSaoF1ue+NNIIRkooyeH7jPDnpA=
.bluekai.com/	1970-01-20 04:06:10	Name: bku Value: LY/O9YpZpsW5r51k
.33across.com/	1970-01-20 08:32:34	Name: 33x_ps Value: u%3D118866095161189%3As1%3D1640818221416%3Ats%3D1640818221416
.adsrvr.org/	1970-01-20 08:32:34	Name: TDID Value: 9b404231-23ab-467b-a268-f4f258cb6e8b
.mathtag.com/	1970-01-20 09:12:53	Name: uuid Value: 558661cc-e62d-4700-ade9-dfe73f377cca
.bidswitch.net/	1970-01-20 08:32:34	Name: tuuid Value: 86af9886-5932-44b0-a103-d403cbdc6a7c
.bidswitch.net/	1970-01-20 08:32:34	Name: c Value: 1640818221
.bidswitch.net/	1970-01-20 08:32:34	Name: tuuid_lu Value: 1640818221
.contextweb.com/	1970-01-20 08:25:22	Name: V Value: kKLvhsdg4nDb
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 6b9da7bdd37b2779
.1rx.io/	1970-01-20 08:32:34	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005%22%7D
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSsjS3MDe1sDA3M7AwNTO3MDAxEeIz1DXJCHFKMneNLPGuygUAPvHOdCQAAAA
.rfihub.com/	1970-01-20 09:08:34	Name: eud Value: H4sIAAAAAAAAAFslymtoZmJgYWhhZGRoam4KAHNgvDsQAAAA
.rfihub.com/	1970-01-20 09:08:34	Name: rud Value: H4sIAAAAAAAAAOMSsjS3MDe1sDA3M7AwNTO3MDAxEeIz1DXJCHFKMneNLPGuypXiNTQzMbAwtDAyMjQ1NwEAnfGgiTMAAAA
.tynt.com/	1970-01-20 08:32:34	Name: uid Value: 1QSUTGHM5i0ZNW1bSGkjMA==
.tynt.com/	1970-01-20 01:56:34	Name: pids Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%2C%7B%22p%22%3A%22bac1bc34e2%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1640818221663%7D%5D
.contextweb.com/	1970-01-20 08:32:34	Name: pb_rtb_ev Value: 3-1bb5\|7LJ.0.d237a970-b0c0-4241-b196-f25e8b25f827\|4is.0.CAESEMMJSQe0o5PFMVDseJzrec8
.go.sonobi.com/	1970-01-20 08:32:34	Name: __uin_mm Value: 558661cc-e62d-4700-ade9-dfe73f377cca
.pubmatic.com/	1970-01-20 01:56:34	Name: KADUSERCOOKIE Value: 03ABEA37-B440-463C-BB9F-909645C52208
.pubmatic.com/	1970-01-20 01:56:34	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-19 23:48:24	Name: pi Value: 156961:2
.pubmatic.com/	1970-01-20 01:56:34	Name: DPSync3 Value: 1641340800%3A164%7C1640822400%3A174%7C1641945600%3A201_197
.pubmatic.com/	1970-01-20 01:56:34	Name: SyncRTB3 Value: 1641945600%3A220_21_13_54_22%7C1641340800%3A2
.go.sonobi.com/	1970-01-20 08:32:34	Name: __uin_zt Value: 978758876085678044
.go.sonobi.com/	1970-01-20 08:32:34	Name: __uin_td Value: 9b404231-23ab-467b-a268-f4f258cb6e8b
.go.sonobi.com/	1970-01-20 08:32:34	Name: __uin_pp Value: kKLvhsdg4nDb
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s8519\|YczmL
.dotomi.com/	1970-01-19 23:46:58	Name: DotomiTest Value: 3c275114b74b08f0
.advertising.com/	1970-01-20 08:34:00	Name: APID Value: UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf
.sharethrough.com/	1970-01-20 08:32:34	Name: stx_user_id Value: c823a97a-46b2-4e5c-9a9f-0de433db094e
.targeting.unrulymedia.com/	1970-01-20 08:32:34	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005%22%7D
.go.sonobi.com/	1970-01-20 08:32:34	Name: __uin_bw Value: 86af9886-5932-44b0-a103-d403cbdc6a7c
sync.srv.stackadapt.com/	1970-01-20 08:32:34	Name: sa-user-id Value: s%3A0-9b1b9bb1-0240-4c2d-53bc-3523ee9fe36b.Y1uZM2nTxlXfaC6y7BIj5NNONKSzBM%2F6qXrghtqBIvY
.srv.stackadapt.com/	1970-01-20 08:32:34	Name: sa-user-id-v2 Value: s%3A0-9b1b9bb1-0240-4c2d-53bc-3523ee9fe36b%24ip%2492.119.19.73.BT3m33MUF%2FUMD0FTWEFqahgbmmGT265m%2BLNmRVDBUjM
.everesttech.net/	1970-01-20 08:32:34	Name: everest_g_v2 Value: g_surferid~YczmLQABqCmoGQAm
.analytics.yahoo.com/	1970-01-20 08:34:00	Name: IDSYNC Value: "191l~22da:18ym~22da"
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UPb3fde8cd-68f9-11ec-b27e-025cac56ffcf
.yahoo.com/	1970-01-19 23:48:24	Name: APIDTS Value: 1640818221
.turn.com/	1970-01-20 04:06:10	Name: uid Value: 2534263341677307583
.server.cpmstar.com/	1970-01-27 07:06:10	Name: USER_ID Value: %cb%eb%1f%9bK%d8%80%1bz%e0%c5%eau%15u
c.deployads.com/	1970-01-20 08:32:55	Name: d7s_dc Value: 44AMBEK8370084033819338431x4CNVTSAAADLIcwUvSDHANEhez0AAAAAAAx4pubmb03ABEA37-B440-463C-BB9F-909645C52208x2r1iRX-bbe6faa1-b177-4c37-bc75-b423d14af9bf-005x
.adform.net/	1970-01-20 00:31:36	Name: C Value: 1
.pubmatic.com/	1970-01-20 00:30:10	Name: KRTBCOOKIE_148 Value: 19421-uid:7F2FCDF0C65740BE9AC81D5744563E67
.pubmatic.com/	1970-01-20 01:56:34	Name: PUBMDCID Value: 2
.pubmatic.com/	1970-01-20 00:30:10	Name: KRTBCOOKIE_80 Value: 16514-CAESEC59CVTe-bSEjezCmQv_Fgc&KRTB&22987-CAESEC59CVTe-bSEjezCmQv_Fgc&KRTB&23025-CAESEC59CVTe-bSEjezCmQv_Fgc
.rlcdn.com/	1970-01-20 01:13:22	Name: pxrc Value: CK3Ms44GEgUI6AcQABIFCOhHEAA=
.adform.net/	1970-01-20 01:13:22	Name: uid Value: 6831036295479135812
.pubmatic.com/	1970-01-20 00:30:10	Name: SPugT Value: 1640818220
.pubmatic.com/	1970-01-20 00:30:10	Name: KRTBCOOKIE_377 Value: 6810-9b404231-23ab-467b-a268-f4f258cb6e8b&KRTB&22918-9b404231-23ab-467b-a268-f4f258cb6e8b&KRTB&23031-9b404231-23ab-467b-a268-f4f258cb6e8b
.pubmatic.com/	1970-01-20 00:30:10	Name: PugT Value: 1640811969
.pippio.com/	1970-01-20 08:32:34	Name: did Value: Tcsx6Q7P7VovU_rP
.pippio.com/	1970-01-20 08:32:34	Name: didts Value: 1640818222
.pippio.com/	1970-01-20 01:13:22	Name: nnls Value:
.pippio.com/	1970-01-20 01:13:22	Name: pxrc Value: CK7Ms44GEgQIAhAAEgYI3awrEAA=
.districtm.io/	1970-01-20 00:12:53	Name: _dm_uid Value: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAwLCJ1c3IiOiJxZ2FzQXJJR0d6SXllVzFXTjA5SmRVNXRXbGswVUdKbldFSXlTVk15VjJ4Mk9Mb0dLUWlaVGhJa09EWmhaams0T0RZdE5Ua3pNaTAwTkdJd0xXRXhNRE10WkRRd00yTmlaR00yWVRkanVnWWdDS3BPRWh0dGVIVmljMUZLUVZSRE1WUjJSRlZxTjNCZmFtRXhlRE5GTUd1NkJnTUlyazY2QmdNSXNFNjZCbEFJdzA0U1Mza3RhWGx3VFZoVlNrVXlkVWhIWHk1UU9GOWtjVGhLZDFkdWVFbEtlamhDV0RkK1FYNVZVR0l6Wm1SbE9HTmtMVFk0WmprdE1URmxZeTFpTWpkbExUQXlOV05oWXpVMlptWmpacm9HTVFqSlRoSXNlUzFMY0VOb2FuQTVSVEoxUlhSQk1scFplQzVZTW5OdldraE5iSFUxVDJKMVIxOUlXbFJsWlUwdGZrRzZCaWtJeTA0U0pHTTRNak5oT1RkaExUUTJZakl0TkdVMVl5MDVZVGxtTFRCa1pUUXpNMlJpTURrMFpRPT0iLCJpYXQiOjE2NDA4MTgyMjJ9.dedc9H7pAGMryX0zU4sKRLuFwWY4w7vFXBY_1hsfjAh04YVxicG7qh_dstM9sUpYQrPsKTJsWvwPEGA9bsDAIQ
.id5-sync.com/	1970-01-19 23:46:58	Name: id5 Value: 109176c3-395f-46ea-bed2-cd3ae4503a7d#1640818222202#1
.id5-sync.com/	1970-01-19 23:46:58	Name: callback Value:
.mathtag.com/	1970-01-20 00:30:10	Name: mt_mop Value: 9:1640818222
.rlcdn.com/	1970-01-20 08:32:34	Name: rlas3 Value: A+6lvfTmad93DXtLjiAHo5j51NiK8q/IosKX0A1dMuA=
.krxd.net/	1970-01-20 04:06:10	Name: _kuid_ Value: Okg2QJwJ
.rubiconproject.com/	1970-01-20 08:32:34	Name: audit Value: 1\|tcR/wBEzWcI0FYzi8u2q6hZHAElEatFj92QhCIMfuqjsN3aNOZhe2rv9ka6tQFULpy7E5DdrsLBA51cfoFYhWKL/o5JuxWs94HEYI5ehIrUPlBwr1XC8wdzpQ7vzkXQ/
.adsrvr.org/	1970-01-20 08:32:34	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjUwN6H9MmlOhAFEhgKCWJpZHN3aXRjaBILCJKZuYj0yaU6EAUSFgoHcnViaWNvbhILCMKl34z0yaU6EAUYASABKAIyCwj-37e-isqlOhAFOAFaBzhoOXUxMWhgAg..
.id5-sync.com/	1970-01-20 01:56:34	Name: 3pi Value: 434#1640818222331#-799225449\|2#1640818222500#975435264#5281263057379193593\|3#1640818222676#2086726103#558661cc-e62d-4700-ade9-dfe73f377cca\|264#1640818222861#-647164370#9b404231-23ab-467b-a268-f4f258cb6e8b
.id5-sync.com/	1970-01-19 23:46:58	Name: cf Value:
.id5-sync.com/	1970-01-19 23:46:58	Name: cip Value:
.id5-sync.com/	1970-01-19 23:46:58	Name: cnac Value:
.id5-sync.com/	1970-01-19 23:46:58	Name: car Value:
.id5-sync.com/	1970-01-19 23:46:58	Name: gdpr Value:

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2534263341677307583&gdpr=0&gdpr_consent=&us_privacy= Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YczmLQABqCmoGQAm&gdpr=0&gdpr_consent=&_test=YczmLQABqCmoGQAm Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://id5-sync.com/cq/434/916/4/6.gif?puid=8e0bcac4-1871-4742-bc72-03f582e3e215&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2143a71010642ac92e11a0111ef0a6aa.safeframe.googlesyndication.com
33across-match.dotomi.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
ap.lijit.com
apex.go.sonobi.com
api.btloader.com
apis.quantcast.mgr.consensu.org
beacon.krxd.net
bh.contextweb.com
bid.g.doubleclick.net
btloader.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.deployads.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.districtm.io
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms-xch-chicago.33across.com
cms-xch.33across.com
code.jquery.com
confiant-integrations.global.ssl.fastly.net
de.tynt.com
demand.trafficroots.com
dmx.districtm.io
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.deployads.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
m.addthis.com
match.adsrvr.org
match.sharethrough.com
officeholidays.com
p.rfihub.com
p4-e3f3yqtyhmo5a-t3jtu4wvp3hcmzp7-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
pippio.com
pixel-us-east.rubiconproject.com
pixel.advertising.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
quantcast.mgr.consensu.org
s.amazon-adsystem.com
s0.2mdn.net
s2.2mdn.net
s7.addthis.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
server.cpmstar.com
simage2.pubmatic.com
simage4.pubmatic.com
snapsort-d.openx.net
sortable-match.dotomi.com
ssc-cms.33across.com
ssc.33across.com
stags.bluekai.com
static.adsafeprotected.com
static.officeholidays.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tags-cdn.deployads.com
test.quantcast.mgr.consensu.org
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
usermatch.krxd.net
v1.addthisedge.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.officeholidays.com
x.bidswitch.net
z.moatads.com
id5-sync.com
s7.addthis.com
104.105.42.146
104.16.190.66
104.16.68.69
104.36.115.109
104.36.115.113
104.36.115.114
107.178.254.65
130.211.23.194
142.250.123.155
142.250.65.194
142.250.65.226
142.250.65.230
142.250.81.226
142.251.35.163
151.101.193.194
151.101.66.49
162.254.186.187
174.129.162.246
18.214.233.191
184.50.205.90
185.167.164.37
198.148.27.139
198.24.170.50
199.127.204.142
199.38.167.129
2001:4998:14:800::1000
2001:4de0:ac18::1:a:3a
209.54.176.128
23.199.204.79
23.208.216.126
23.211.130.59
23.52.160.130
23.52.161.180
23.52.162.21
23.52.163.40
2600:1f18:4e9:5a02:b6fc:4de6:8023:56cb
2600:9000:20be:6600:9:46dc:4700:93a1
2600:9000:20be:dc00:8:48e:53c0:93a1
2600:9000:20be:f800:3:a4cd:8380:93a1
2602:803:c002:200::41
2606:4700:20::6819:c73e
2606:4700:20::681a:246
2606:4700:20::ac43:4686
2606:4700::6810:135e
2606:4700::6810:5514
2606:ae80:1471:18::1400
2607:f8b0:4006:809::2003
2607:f8b0:4006:80b::2002
2607:f8b0:4006:817::2002
2607:f8b0:4006:81d::2004
2607:f8b0:4006:81d::200a
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2008
2607:f8b0:4006:81f::200e
2607:f8b0:4006:820::2001
2607:f8b0:4006:823::2003
2607:f8b0:4006:823::2006
2607:f8b0:4006:824::2002
2607:f8b0:4023:1404::9c
2620:112:f002:bbbb::21
3.212.141.148
3.230.217.116
34.117.239.71
34.149.20.76
34.194.7.56
34.207.4.184
34.225.113.77
34.234.8.115
34.98.64.218
35.190.60.146
35.211.178.172
44.193.114.165
52.116.221.248
52.18.40.211
52.204.3.213
52.205.171.189
52.223.40.198
52.45.33.138
54.144.110.34
54.174.90.60
67.202.105.23
67.202.105.32
68.67.160.25
68.67.178.10
69.166.1.10
69.166.1.15
72.251.249.13
74.121.140.14
8.28.7.83
8.28.7.84
8.39.36.141
8.39.36.142
8.43.72.97
99.86.32.39
99.86.38.72
02a3d2b1c51fa7c978d0ceeabb1253da4b02194d2f4e3c83ce840aa26306b242
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
04795708b8881350f9f4ab4006bd7b92a3f9dc62b278841abd4f89bcb3cba93a
04baea505cbd5861ad3c2d57bfd1ff3600d00923c192766a811c90daaecb7258
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
06030a1358bf0d9f32b30dc63121927b368266552ed780854982b11c1c05488f
067d0bd30358c7a31e4f42ded3dfa16e316004889d0df81ce5288f36e52ade72
0685def41f0d2d2f304118aa2fbf5faa8835a199ec1814e24ccca2b2d980c52e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09a2817cee6b86c568356351dece241237b70037bf0fae6016d097be7cb0722f
09aea0ebf5f82e8486bc7f91638ae08207a1b17e212520dcf8fde0b9a2272c02
0a3bb1e382060c6999c26faac38aed7e3d6cc03f7376a9a36b881a7e5ba923ca
0a45653af53700c6a9fc019b7b33b5862ef49d0c937f2a90d1d7022edcaa7fe6
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc0b5b0e055213fbbee5133b434b1dfa21e45cd4f848583134ff53cdabd6447
0cc345d22f1ed5dbaf7fa98df0e236705b31d23f5991dac5e52569bc58d183ce
0cf7bc9a3888ca594b41bed34e611ecbce65d00a9c51128cde7e95ce4a03194b
0d400eab5166c11b17631329351d8d01a44ecda94fde03ccbb39ad69bec0d858
0ea6b21a291dd7a36712a8e26441c14718206a4ced8aa7c5ac193d285d68ba7b
1125977d75831f8dd16c659421295ccf41a7cc32adec67af0cea7ca10a3064c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
1611c5690cd41f6ce3a5d02d1bacf2289b1ef4cfc8a834ac1b9ebea422790ea3
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1c51a27985c6077f7233804d8152b4fc3d4e2c95e8b70aa3a4a60e6753712264
1cb0f215c0d862cb672ee47e2f6aa9762a41626a21c3e055348ea193b58b1cf5
202dbea5d39a060ad39306a2daa1875cb41c3ca42d432d32fba88b9894ef37ef
204ce05b7140f861848112b7bcdcb6c4cd389d6b35aa5d88fe92089eb7f2b947
2152a6c5c3e7546a46e0ceb1db0710c7162245e43f54674caf72b83d19dea621
21b5fa657cd268fefff948ed87eb7a8fe30e0df5cc537ec665f79544bdd2f65f
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
22c277fec155a581caf9461dec20a16698215d8349b4721be129adaaf2fa887a
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23fb09bcd929a9477b9525bdf08df161e242c6a95c9a4c6d93c2c23c03405b90
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
268b503e9627e3e23c011eb87c50154bd6c04880972fb78c4f967208bded495e
27a407945f1c4fc8f072ce7ed5544ec732e115614010459a7f88d71590719af3
28e8611171b308eecd0a4c622aead50b9e296072a89a1212ce8faceba22c1011
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c2e12252bf34ad876b49528d19a6ed42c440be457af90ae9ae821d4709bc5f6
2cd5a2de50f72198595e3e547da487d02663341c94e132c58b3cc68037b7e209
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2d86d985b4043c83841ec502287acc973bcf816012d7a9526647191a5df84346
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
339a727ccf15256ee933abc2c251dd68a838b0ba5c0b15b5c1faa99fdeb37826
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35f81b1133dc1c32e73a6ab31936deeb8dc03feb055ab5719269fa3c20d7c0fe
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3700d5a6abb21693f3b9103449a5c85e3a4b265a2663b78b4fcfd82dd1b880a8
3708959f8cbc9c5f5a3e85798381d956a47c89961a019c67c452164cc4c4c8e1
37a4ed7a297852402f1b06cd536f4691f686bc41d7306871bbde291874d3f080
3903ae8dd43a056b904c4f09209de29aa40657c4a3df8b2de3d044e4da309b54
3bb5d5d2717e9ad8ba305b99a41ce87231864486e18d323385a800a038f39a96
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d790aa9ffe3bfff038ed28fb2e130f83835fab53bde5e1dd0fda13c3ba7a1e8
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44e1795e8723279fbb50c90bd8ca61ba2916bd201ce01cf7d14c1480878bfb5f
44f76ed0bd408e8caef4449962732a82c68e87bd531c77bd05386224cfdccc4a
48adc4fd34d19792cd8b25388775c77f0d2f9ca464c4c76b4f0fc7474ff2c079
4b07cf0ad0900044debc66be48a1e08c77415aa2ce9112b5e063c615379183c3
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cfab73f48ea3a2c03aa2520f0de01c65bb730a123b6966d3585a5627351e181
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e3fc5a577782a3d70b68da457450da9f06f24681a3b554487595cecd627a6e6
4f20d4fa5c14d44506e0437b5f35799e765281ac679f618e1a18206f0d99b7cd
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
515d85169cf9ae53de2d7db755dedd04b8ae24470112669a1eaf085f2f24c372
525da265947c5c84a9087de19417eb024e9a5f4aeb1a5003894c09592505f858
52ef898310fc0837eda2493ac941a82f1fcf94bf22df64c54c0717ed690904b1
54ee36c2d589423ebf3ec484e0fd062668e89a75e6500692c20da40e8a6ad4c5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
578c46a0ee69579fd4b43f55f14bf7ba956e6e68c63c1bef3e4f9b707f06fa32
579a78f44a628cdf0c836669283858ede3c45d3cf1305051fbaddaa676035644
587850a77b5db30eb330bfc7cbc76511a668bdc641c7eb46e186bdf498605930
58e3ef4c026058906edb35ef189f46e7e663dae1005cad79034ea5db85ce1eb9
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6039f00f4484246fa16029b5e04f4261ca254f965fc273e192c53df95937bef9
609dcf743f97363f9c5479388285eac4168baf15917b021fdae2b5fc08da5d3a
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6438deeda87c2438473fc3c887e708b7f23b9c27dbf7df19e2e525f3b299abd9
648e4b524914f10b873fcd939163996ae33db25d9fa52c2fdc12070974961f57
68845971c0a28da55e6f681f5d18d3d48323de4da906d18918771f8ab627a36b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ea2206661cf77dcef9574403b5a3ce0f31eb26d64bb3a473143ed455bfc3353
6ffecd15aeaeb30b1472cfc416bc939bba82e7019524d1787506eaf6c5f112fd
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
70bda16ea767ea8e9bd4b25d146eda792eacfda3c305b494c0875c667eda4274
732d151fef134926aa169836bc38fa46930482ef961e157db8ddb5cb6b1b7923
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
74d38305973765ec542da866b9f153eb85370545dfb86e19aa00793b3d4d5224
755c4e219a345179b1749e1fda5ffe48aeff2c7ad1af8fc739264050d84cda67
757af2c764065126975ce04518d003a63d00853b40b725c6a32c4886ba886256
76018b64f68c6ccb319a0be1082807bf46c108b6d7ad5b1b82963606c0037f6c
7621c495c5d0c20ec8e37f7d5e8192ba68bb13a8949d6418acdd3bfdf56d0210
7921a6035cc8a0981a5dee737dd3d29b150ddd48407717d3fca4b6376f2b0e70
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7e3f9c9993362adbf52e8ae4850c28af191b0cd658b3b8322a7d8b3fe5a56495
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
802fd3c4ce52e6dec8d248c570452c9262044597643c8845c36866476c37ab48
80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6
80dc76a667b3a90efcf6548a9ee2fa74ae6ede9c70f3e97fdb4de201127cadba
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
825e8b59525a9ef5b500dd221f4cf571d47098305549a58db04bce09fefc9581
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
8eef52bc243cf10c90c10cd8acdb1bceed23158b83d024e68fe6593f6478920b
8f480a46b2caaef6577a21716cf2df9b5b513d14bb4440020423e84b10920d32
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
910a193b9e3ef8129a764b3c8c1d3ca49ff2eff9382aa5f06027216ccd965059
91cac24d01f053c0be372048a86bfa17e5fd3d60559e250f182364552bc12fc1
9269089fc6d2d55c4d24b54e7918b49050eb3b2760c18c7fca03cc39a1ee8187
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
93038d96baed98c8557b8f2a098bb0e937853a8d019fff3989cea0132648fc2d
9367eed2ee9736d2892608ab0439c481f9351f183e0a7a36369949f8fea86025
9481159f47f085b8d789b71c6c0016dc2062cc001d6abf40a679fe65ecf6eef7
9962c3584bde9960eb31b23561d2a5563345b9c02c0909436d2f20be3f14d775
9c42baa68674179d2a624a365be53a6e9cf48898e199b695203e17e878bc0bf8
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9d0e234d09d84193f7a6864d7d8d49fde5308dede27ac235b91faafc18f4502b
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
a05749d141ac2afe2bb058728835b431089ef1c0006712cc367bb8237d415471
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a1e87a2481a375c768957ed1d6a8c924b6ba4b9fda03f067201ed2be978828e2
a49daf1adab44f7d14521bb0870395c0ed706fbead34e1f93449645e504b96d7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c591ad7018d1195feb0ee8e0cd81b1cbd12c7d4c82376040c6596210b5249c
a5d77cad6a7b51728b9896a822aef251af8447b69c77d461314a6b3e918d8850
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa4705fef8829451b1263de04ba31d0d7ea800eac5798de165f01f63f0a887fa
aaa6120847310e097bf212e46e0154f2ed4cf57bcfe1e669a2540c9051d03ea8
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
abe3d35dcffac55040ee5290ed3b0a5861f13727499b7b17d6ba8bbfc970d9d3
ac2214e3d6ee5afcdabb7581dfee1a9cb27ceabf1cc2967b4a7c9bd69a7e9d46
ac9ecc4bf8b1b73eb7a9a62952ae97fcca97a0c4f0e5c7357728329f8da36ae0
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
adaf43b6c06749e6927c89d27729b9226aa833810a7a9b5160d7f3aacc58cc77
aebd50af0cd8da2f314a52e2088788775d1a441bd674ef9379578e7bc1b5ad50
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b59b500c10081c7361b2f747cd0ee8007d7fd662b6cc5cd4f73024e247b941f7
b6caa475a6e60a972a981cf3abeb5a2ff01c09bee551831d38f18ae2b28ccfe4
b95d24c4df1b1751da3fca115fa1811dccfaacfa73cf8ab6ac5c8b342657113d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bbbc44e5ebb0694e2faa4b84737dc33d6b8fa9d0eaa8b5f63ac3537130cb07bf
bc626e59a6cdb607d4d6e0c5d4ae45051821d1130303f1cf37af443c31cf1bf7
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
c1882cbc586d2fb4262ff0dbcebbfa31147f72c2ad7792cc73af5cf4edd9bc52
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2be488436bf0a6517c4073dbde2c705bc4b6e13e948a674df4ce1704ee7663e
c2f5cdc26695f52b874cd392a7e550a39f498f04fd6b31f2bb5c93cb13fd2413
c39b375d2b20b76ca0653de22d169839fbcad3d8dce56625a742fa1a5d97e3ad
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c67c8743c99bac3190d43b996a8d9337da29825a7cccea995c097cc43ea353d0
c8853e8db8dbd87dbd0de8f513e1fe5bccd647932a7f3a36953fe041f460bf71
ca827c0395102a2e85d1f12cc4cb5f418a0b0615602b00f093cef3102a30ba46
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd3a745dc42a3e3c6217f75ac99d3a0b69be5d6648145a93bd90315f8731199b
cd95e9a4ef006fdcf7f729f436e1af189514efdb25a44c6d2e19c7d90dad83b2
ce3790a93290ce2351a35552297d95cb8de78936d7e3346c8f2da1e93a74347b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8
d352ac4017027726a121e27264ee558de67630940437446adbb0358a1cd31601
d4b794fff6d83ab31a9b5c54bb5c471c04f15e5b834cffbd43583aab059c8abc
d4baf0bc4e6b687e5796f6c3f9c3b097e3cb9677c164a9f9cce3000a6da1d345
d6cf8343bc71a42312d5cbc829872d3f8d906a1b061d3ad16bca509e9596350e
d8c62b0d4ac621bedd0ca5a4e96b12a77118338d4166f94d65c15bb154d455aa
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
dd584d2c8e67e3f9ea33d3279be34ad664c6992f21d6f8ba390ed2895be03440
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e08ee0a0555b2527719a5d5581fb11ae492e0a111be1f89ceedd3b51e995c7c5
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d623bf1104ad8b66f9031d2c1e922ff46fdb603a06f0c860311b7d43e9da13
ea2ac75d9d205853c5fcb249b650fa719db9d3ae0f681379c72f7d5bd8a6ca35
ea39291de39d04da5d1f2f1548c075c80750499b3ebc331e51a31ed1856a9d13
ea530c33c96a407bc89b262fe9c38e2e0ba1f7847685bae2bb1441c48d57e8c8
ed9e172ab55b78062f4797457165b7c7c70a5ac6136ba5b2c5d1013f0d9c2e1c
ee5b1d3c5bf9e58c1f15fe57944a5a39a0a50be21ddcad91f543f4bcb458d637
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effc47acbc67a42414d0ac2699cadfd2f0d3a9d6dbbd0ec0955abf52f3530617
f394701fcbe618a85c1e53521cd9169079d089c69024284c855546769ba03c66
f39f2b8b4e274e310c742d4698faccfcd554d9399bff6a1288f6a6dbff43a2ee
f6218c57d8a220485a855a3694cd471f9f520723cef3c9ae15fc25499bb70f87
f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e
f9037aba2e7c62538e6816cfea5c59488eb6023912853f02e0d5d978d20b0395
fa2df4ecafe8d43a9e9f5b22493e6b55223d3e40d282db18c4a150825d6dddaa
fa52e452bf3d30d47428f3a207ff7f0b9ab0752bfd60faf7f5240f1bcdf9700e
fa59a8c310a5ad9730d56167381ad6331f9040a4066860ddf21a0ee6b8d0ae4a
fee930dd98fba9481dd1b64245228b5632963a12695f9dcd8164b5af93b446ca
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
ffefec92a4d82b341b1aac5231b3343d597bfeda81baf06cff0fb91329be9193

www.officeholidays.com Open in urlscan Pro 2606:4700:20::6819:c73e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

331 Requests

85 %HTTPS

28 %IPv6

58 Domains

107 Subdomains

73 IPs

7 Countries

3323 kBTransfer

8142 kBSize

112 Cookies

9 Outgoing links

Page URL History

Redirected requests

331 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.officeholidays.com Open in urlscan Pro
2606:4700:20::6819:c73e Public Scan

Screenshot
Live screenshot

Full Image

331
Requests

85 %
HTTPS

28 %
IPv6

58
Domains

107
Subdomains

73
IPs

7
Countries

3323 kB
Transfer

8142 kB
Size

112
Cookies

331 HTTP transactions
5 data transactions