heho.com.tw Open in urlscan Pro
34.149.230.38 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://heho.com.tw/
Effective URL:
https://heho.com.tw/
Submission: On December 01 via api (December 1st 2023, 10:44:05 pm UTC) from US — Scanned from DE

Summary HTTP 376 Redirects Links 49 Behaviour Indicators

Summary

This website contacted 52 IPs in 12 countries across 42 domains to perform 376 HTTP transactions. The main IP is 34.149.230.38, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is heho.com.tw. The Cisco Umbrella rank of the primary domain is 666790.
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.

This is the only time heho.com.tw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35 65	34.149.230.38 34.149.230.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
15	139.162.82.98 139.162.82.98	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
30	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
44	2606:4700:303... 2606:4700:3038::6815:ebd5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2400:52e0:1e0... 2400:52e0:1e00::1082:1	200325 (BUNNYCDN) (BUNNYCDN)
1 10	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	65.9.95.81 65.9.95.81	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:bdf::44 2620:1ec:bdf::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1 11	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
11 31	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
4	20.10.16.51 20.10.16.51	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2011	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
67	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3037::ac43:8652	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	61.219.68.119 61.219.68.119	3462 (HINET Dat...) (HINET Data Communication Business Group)
4	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:21::1690	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	2a05:d018:d29... 2a05:d018:d29:3602:d09c:564c:cd27:b30c	16509 (AMAZON-02) (AMAZON-02)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
4 10	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 7	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
4	119.63.193.220 119.63.193.220	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
3 3	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
1 2	52.210.223.89 52.210.223.89	16509 (AMAZON-02) (AMAZON-02)
2 2	52.57.12.239 52.57.12.239	16509 (AMAZON-02) (AMAZON-02)
1	35.157.241.1 35.157.241.1	16509 (AMAZON-02) (AMAZON-02)
2 2	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.160.236.64 34.160.236.64	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2600:9000:212... 2600:9000:2127:b200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2600:1f13:800... 2600:1f13:800:7781:5f9f:1259:c76c:3ebc	16509 (AMAZON-02) (AMAZON-02)
3	139.162.79.137 139.162.79.137	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	119.63.198.189 119.63.198.189	38627 (BAIDUJP B...) (BAIDUJP Baidu)
3	119.63.198.143 119.63.198.143	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1	119.63.198.188 119.63.198.188	38627 (BAIDUJP B...) (BAIDUJP Baidu)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
376	52

65 34.149.230.38 (Kansas City, United States) 35 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.230.149.34.bc.googleusercontent.com

heho.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 139.162.82.98 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1562-98.members.linode.com

ml.oxra.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2606:4700:3038::6815:ebd5 (United States)

ASN13335 (CLOUDFLARENET, US)

img.heho.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1082:1 (Germany)

ASN200325 (BUNNYCDN, SI)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.95.81 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-81.prg50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

docs.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 142.250.186.98 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.10.16.51 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

z.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2011 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

csp.withgoogle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8652 (United States)

ASN13335 (CLOUDFLARENET, US)

json.geoiplookup.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 61.219.68.119 (Taipei, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 61-219-68-119.hinet-ip.hinet.net

oxra.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:21::1690 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:d09c:564c:cd27:b30c (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.53 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 119.63.193.220 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

api.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.28 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.223.89 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-223-89.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.12.239 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-12-239.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.241.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-241-1.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.192.160.219 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.236.160.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:b200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f13:800:7781:5f9f:1259:c76c:3ebc (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.162.79.137 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 139-162-79-137.ip.linodeusercontent.com

lifestyle.heho.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kids.heho.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.189 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

tw.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 119.63.198.143 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

log.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.63.198.188 (Japan)

ASN38627 (BAIDUJP Baidu, Inc., JP)

r.popin.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
112	heho.com.tw 35 redirects heho.com.tw — Cisco Umbrella Rank: 666790 img.heho.com.tw — Cisco Umbrella Rank: 796616 lifestyle.heho.com.tw kids.heho.com.tw	4 MB
76	gstatic.com www.gstatic.com fonts.gstatic.com	5 MB
51	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75 ad.doubleclick.net — Cisco Umbrella Rank: 139 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	321 KB
45	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	450 KB
21	oxra.com.tw ml.oxra.com.tw — Cisco Umbrella Rank: 926922 oxra.com.tw — Cisco Umbrella Rank: 816950	37 KB
17	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 docs.google.com — Cisco Umbrella Rank: 126 region1.analytics.google.com — Cisco Umbrella Rank: 2693 play.google.com — Cisco Umbrella Rank: 32	86 KB
16	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	304 KB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	103 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	7 KB
9	popin.cc api.popin.cc — Cisco Umbrella Rank: 31958 tw.popin.cc — Cisco Umbrella Rank: 96359 log.popin.cc — Cisco Umbrella Rank: 33420 r.popin.cc — Cisco Umbrella Rank: 34110	171 KB
9	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	75 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 796 z.clarity.ms — Cisco Umbrella Rank: 7336 c.clarity.ms — Cisco Umbrella Rank: 1377	28 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
5	unpkg.com unpkg.com — Cisco Umbrella Rank: 857	144 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 773 r.turn.com — Cisco Umbrella Rank: 3570	2 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6765	733 B
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 560	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	191 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 172	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	221 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1786	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	2 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5555	961 B
2	ctnsnet.com 2 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 6100	1 KB
2	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	1 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	297 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 802 s.tribalfusion.com — Cisco Umbrella Rank: 2218	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 14517	3 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 228	761 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1226	213 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 336	146 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 780	762 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 685	589 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	24 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 714	444 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2627	104 B
1	geoiplookup.io json.geoiplookup.io — Cisco Umbrella Rank: 47800	612 B
1	withgoogle.com csp.withgoogle.com — Cisco Umbrella Rank: 415
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138	2 KB
376	42

	Domain	Requested by
67	fonts.gstatic.com	docs.google.com www.google.com
65	heho.com.tw	35 redirects heho.com.tw
44	img.heho.com.tw	heho.com.tw ml.oxra.com.tw
30	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net heho.com.tw
30	pagead2.googlesyndication.com	heho.com.tw pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
16	s0.2mdn.net	googleads.g.doubleclick.net heho.com.tw s0.2mdn.net
15	tpc.googlesyndication.com	heho.com.tw googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
15	ml.oxra.com.tw	heho.com.tw ml.oxra.com.tw
11	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com www.googletagmanager.com googleads.g.doubleclick.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
10	www.google.com	1 redirects heho.com.tw googleads.g.doubleclick.net www.gstatic.com www.google.com tpc.googlesyndication.com
9	dt.adsafeprotected.com	googleads.g.doubleclick.net heho.com.tw
9	www.gstatic.com	www.google.com docs.google.com www.gstatic.com
9	cdnjs.cloudflare.com	heho.com.tw ml.oxra.com.tw cdnjs.cloudflare.com s0.2mdn.net
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	oxra.com.tw	ml.oxra.com.tw
5	unpkg.com	ml.oxra.com.tw
4	api.popin.cc	ml.oxra.com.tw api.popin.cc
4	ad.doubleclick.net	heho.com.tw
4	z.clarity.ms	www.clarity.ms
4	www.google.de	heho.com.tw
3	log.popin.cc	heho.com.tw
3	c1.adform.net	3 redirects
3	www.googletagservices.com	googleads.g.doubleclick.net
3	fonts.googleapis.com	docs.google.com
3	docs.google.com	heho.com.tw www.gstatic.com
3	sb.scorecardresearch.com	1 redirects heho.com.tw
3	www.googletagmanager.com	heho.com.tw www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	kids.heho.com.tw	ml.oxra.com.tw
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	heho.com.tw
2	e.dlx.addthis.com	2 redirects
2	pm.w55c.net	2 redirects
2	fw.adsafeprotected.com	1 redirects heho.com.tw
2	ads.travelaudience.com	2 redirects
2	ius.ctnsnet.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	match.adsrvr.org	googleads.g.doubleclick.net
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	play.google.com	www.gstatic.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.clarity.ms	heho.com.tw www.clarity.ms
2	connect.facebook.net	heho.com.tw connect.facebook.net
2	images.dmca.com	heho.com.tw
2	securepubads.g.doubleclick.net	heho.com.tw securepubads.g.doubleclick.net
1	c.bing.com	1 redirects
1	r.popin.cc	heho.com.tw
1	tw.popin.cc	api.popin.cc
1	lifestyle.heho.com.tw	ml.oxra.com.tw
1	odr.mookie1.com	googleads.g.doubleclick.net
1	x.bidswitch.net	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	code.jquery.com	ml.oxra.com.tw
1	onetag-sys.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	json.geoiplookup.io	ml.oxra.com.tw
1	csp.withgoogle.com	heho.com.tw
1	www.googleadservices.com	www.googletagmanager.com
376	65

This site contains links to these domains. Also see Links.

Domain
tools.heho.com.tw
pse.is
forum.heho.com.tw
npower.heho.com.tw
www.youtube.com
cancer.heho.com.tw
kids.heho.com.tw
lifestyle.heho.com.tw
myhope.com.tw
cparty.com.tw
sport.heho.com.tw
gogoal.com.tw
www.dmca.com
www.104.com.tw
heho.tw

Subject Issuer	Validity	Valid
heho.com.tw R3	`2023-10-17` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
oxra.com.tw R3	`2023-11-22` - `2024-02-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
images.dmca.com R3	`2023-10-26` - `2024-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-10` - `2023-12-09`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.appspot.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
geoiplookup.io GTS CA 1P5	`2023-10-30` - `2024-01-28`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.popin.cc Secure Site Pro CA G2	`2023-09-27` - `2024-10-27`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://heho.com.tw/
Frame ID: 8B06257327C1544B9F02532E9FE99853
Requests: 132 HTTP requests in this frame

Frame: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true
Frame ID: FD084B83D1FD41BF0802753C3B568D29
Requests: 78 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw
Frame ID: FFECDB00D902A23A8FE725EE196D6DF2
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world
Frame ID: 3189955C47E65E319D19BFD41A2FA91E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Frame ID: 91EAA73076ABCFF139136434027AAFE8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Frame ID: 6AB0A627FDE83B68F3BB13AC886842FD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222
Frame ID: 536C82BB93816F8B177066D08E441C15
Requests: 1 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ox/mkt/ox-ra.html
Frame ID: 95936BDBA7ACB7CCD86E804F0353D8CA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGMi2s_wBMAE&v=APEucNUDCD6Emfz_PlaIY_vCO_xRi8eCqQ9rl82z-2G0t7IMSfovZ7L5e2y2OgY36XihPaBPerPQFHLEGis970jb27C42xHhytOY9R6ul7mTh6S-FnvPNedoQtx5J2v7192BEwovihiePj32FRvpuT9NwJJ2B5NxvZZO4VG2wEP71OIT01OERFc
Frame ID: A327B67F557EF762099661868A7A73DA
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Frame ID: BDF4C3BD644A13F7977AEF004E27B01D
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A5AC64CD88E4F91B148E0E1F29DDD638
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 35BEB4697C62319624B9C2426E173A1C
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARj2rJL2ATAB&v=APEucNUp_N6zdPF3rSDMhim7VxXPf4zDnCAbN_fjP41SJ0J5or9pNB-FOahfK8VleHycVeIKGOQzHpijZBZbWszlXDRUtmmbHWqLtW41b1lJ3VZm9j3ZDTeHvVzJjGKOzrcF-D6HEnphnfKRqIZO6ynBme-QvgyAhjD1PjS6t9w5d4BnYhKJzwM
Frame ID: 9D40BCED9E71304E10A5A6FD3F0D1544
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Frame ID: E7D980C2164642BD530496F29C6A545E
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 984616F3CD6E742515F761AE331612FD
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&adk=1812271804&adf=3025194257&lmt=1701469803&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x810_l%7C236x810_r&format=0x0&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470634633&bpp=1&bdt=1629&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6863b3003f5c394f%3AT%3D1701470633%3ART%3D1701470633%3AS%3DALNI_Macqn5W7dKQM4-fAarYzzlrvfADeA&gpic=UID%3D00000d016883c875%3AT%3D1701470633%3ART%3D1701470633%3AS%3DALNI_MaVmLMVzGI2L2Dokc_Rh9CMb50s-g&prev_fmts=1050x120%2C1050x120%2C1050x120&nras=1&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=52
Frame ID: 09C293976322FF9A415C91D2E29C660A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&co=aHR0cHM6Ly9oZWhvLmNvbS50dzo0NDM.&hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=nlc8aqw0rtiw
Frame ID: B528A90C08B63021C3F7B7B3499653C0
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A364E3C2AC77A3399DD729308F6D1B33
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNUMNnUnmG--TrC4xFwWJgie0RIAaHANl9Pqlwc1aIJF6QGw85mRhRWx-nIKNYtmifSWJHZyqH7AHlNzu6nDXyTzkDznXv4H43r8lWX84sv91pI0vRryzFuEB2xVXoUrBmkAjZ5e5RhbLhk0VGteJnJWhFeyR8FWW6q0S7UZ92H1ewVLd-g
Frame ID: EE2BFD16CC2A8D38E4600C5FE3A2B940
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: F0E29333AAABE9C2B826541033C20EF5
Requests: 30 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EB40CC110DE2519313FDC394FA28FC23
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 57A33BAF715A8AC1746A28110B7E8DC0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
Frame ID: 4E35372B232C2EF64992F2350829FB49
Requests: 15 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 4B4334EC282CD23CCD328431E1D40F2A
Requests: 1 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Frame ID: 173EA6F5AB0949221968C1541D0F0682
Requests: 1 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Frame ID: 4B55A87C7BD048ED3DFE7BECF527E31E
Requests: 1 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Frame ID: 2483E29069794643F5C8E89431DDCE13
Requests: 11 HTTP requests in this frame

Frame: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Frame ID: 7FAF3347A6FA18633196833F63C25498
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7ED59949B24F4BFDBB19B748E3010C73
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AAE6AEE45C1082A849E107524E34C9E9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Heho健康 - 最多人看的專業健康媒體

Page URL History Show full URLs

http://heho.com.tw/ HTTP 301
https://heho.com.tw/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

376
Requests

82 %
HTTPS

54 %
IPv6

42
Domains

65
Subdomains

52
IPs

12
Countries

11070 kB
Transfer

17427 kB
Size

58
Cookies

49 Outgoing links

These are links going to different origins than the main page.

URL: https://tools.heho.com.tw/
Title: 健康小幫手

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bmi
Title: BMI 計算機 HOT

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodyfat
Title: 體脂率計算機 HOT

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/search-hospital/index.php
Title: 找院所

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bmr
Title: BMR/TDEE 計算機 HOT

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/search-medicine.php
Title: 藥品查詢

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/search-pharmacy/index.php
Title: 找藥局

Search URL Search Domain Scan URL

URL: https://pse.is/hehoapp
Title: Heho App

Search URL Search Domain Scan URL

URL: https://forum.heho.com.tw/
Title: 討論區

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bmi/
Title: BMI 計算機

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bmr/
Title: BMR/TDEE 計算機

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodymap
Title: 人體地圖查疾病

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodymap/body-map-body2.php
Title: 腦部/頸部/胸部

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodymap/body-map-body3.php
Title: 腹部

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodymap/body-map-body4.php
Title: 泌尿/生殖系統

Search URL Search Domain Scan URL

URL: https://tools.heho.com.tw/bodymap/body-map-body5.php
Title: 皮膚/骨骼/肌肉

Search URL Search Domain Scan URL

URL: https://npower.heho.com.tw/
Title: 營養師說

Search URL Search Domain Scan URL

URL: https://npower.heho.com.tw/search-nutrition
Title: 營養查詢

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLXKQ6-iPJblHHaZLIpdX7MkSWxcUwcjEu

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLXKQ6-iPJblFb-_qRu-kAlhcluxNEfWRR

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLXKQ6-iPJblGOlQRC08D0fXdub7ojh3W7

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLXKQ6-iPJblGLe3SnaHbfpTaA6vt1Bg3e

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/
Title: 癌症百科

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/%E8%AA%8D%E8%AD%98%E7%99%8C%E7%97%87
Title: 認識癌症

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/prevent-cancer
Title: 預防癌症

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/%E6%B2%BB%E7%99%82%E7%99%8C%E7%97%87
Title: 治療癌症

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/research
Title: 抗癌新知

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/experience-sharing
Title: 抗癌故事

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/rehabilitation-conditioning
Title: 康復調理

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/resource
Title: 協助資源

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/%e8%aa%8d%e8%ad%98%e7%99%8c%e7%97%87

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/archives/category/cancer_encyclopedia/%e6%b2%bb%e7%99%82%e7%99%8c%e7%97%87

Search URL Search Domain Scan URL

URL: https://npower.heho.com.tw/?utm_source=heho-menu
Title: 營養 N 次方營養/生活/美學

Search URL Search Domain Scan URL

URL: https://kids.heho.com.tw/?utm_source=heho-menu
Title: Heho 親子懷孕/育兒/教養

Search URL Search Domain Scan URL

URL: https://cancer.heho.com.tw/?utm_source=heho-menu
Title: Heho 癌症症狀/治療/預防

Search URL Search Domain Scan URL

URL: https://lifestyle.heho.com.tw/?utm_source=heho-menu
Title: Heho 生活品味/美食/旅行

Search URL Search Domain Scan URL

URL: https://myhope.com.tw/?utm_source=heho-menu
Title: 希望商城健康/用心/選物

Search URL Search Domain Scan URL

URL: https://cparty.com.tw/?utm_source=heho-menu
Title: CParty 餐酒文化/餐飲

Search URL Search Domain Scan URL

URL: https://sport.heho.com.tw/
Title: Heho Sports 運動知識/運動營養

Search URL Search Domain Scan URL

URL: https://gogoal.com.tw/?utm_source=heho-menu
Title: GoGoal 勁球網國內/國際足球

Search URL Search Domain Scan URL

URL: https://kids.heho.com.tw/

Search URL Search Domain Scan URL

URL: https://lifestyle.heho.com.tw/

Search URL Search Domain Scan URL

URL: https://gogoal.com.tw/

Search URL Search Domain Scan URL

URL: https://cparty.com.tw/

Search URL Search Domain Scan URL

URL: https://myhope.com.tw/

Search URL Search Domain Scan URL

URL: https://npower.heho.com.tw/nutrition-course?utm_source=floating&utm_medium=heho

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=92f4d6c1-aaf5-4037-9b43-72143adcf46e&refurl=https://heho.com.tw/

Search URL Search Domain Scan URL

URL: https://www.104.com.tw/company/1a2x6bl1fx
Title: 徵才資訊

Search URL Search Domain Scan URL

URL: https://heho.tw/QFIBRN9h4C?pub=428

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://heho.com.tw/ HTTP 301
https://heho.com.tw/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png

Request Chain 22

https://heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png

Request Chain 25

https://heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg HTTP 301
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg

Request Chain 26

https://heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg HTTP 301
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg

Request Chain 27

https://heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg HTTP 301
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg

Request Chain 28

https://heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg HTTP 301
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg

Request Chain 46

https://sb.scorecardresearch.com/cs/36287102/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 60

https://heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png

Request Chain 61

https://heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png

Request Chain 62

https://heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png

Request Chain 63

https://heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png

Request Chain 64

https://heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png

Request Chain 65

https://heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png

Request Chain 66

https://heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png

Request Chain 67

https://heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png

Request Chain 68

https://heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png

Request Chain 69

https://heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png

Request Chain 70

https://heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png

Request Chain 71

https://heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png

Request Chain 73

https://heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png

Request Chain 94

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&ocp_id=qWFqZbLrLr_7x_APyNWtiA8&sscte=1&crd=&pscrd=EkxDaEFJZ0tXbXF3WVFnUDdtaTktQWk2WWxFaVVBNTRNVWNGS0FWaXhOTVdMblNEU01ZUVFSMkZKS0tFbnZDbkJZSlAzR013Q2ZaZDl0GlhDaEVJZ0tXbXF3WVE4dkxodmQzQXJlcjZBUkl0QU55dWtTX0ZEU2JrMUtaVjlSUmJLZWJiMkt2Wmc5aFhDZlJvMFJ5UUQ2QkcxOVpQcmZSbkl0OUxpWVAxIhMI8uPihajvggMVv_0RCB3Iagvx HTTP 302
https://www.google.com/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0tXbXF3WVFnUDdtaTktQWk2WWxFaVVBNTRNVWNGS0FWaXhOTVdMblNEU01ZUVFSMkZKS0tFbnZDbkJZSlAzR013Q2ZaZDl0GlhDaEVJZ0tXbXF3WVE4dkxodmQzQXJlcjZBUkl0QU55dWtTX0ZEU2JrMUtaVjlSUmJLZWJiMkt2Wmc5aFhDZlJvMFJ5UUQ2QkcxOVpQcmZSbkl0OUxpWVAxIhMI8uPihajvggMVv_0RCB3Iagvx&is_vtc=1&ocp_id=qWFqZbLrLr_7x_APyNWtiA8&cid=CAQSKQDICaaNR7JXmQstMASmTJ0Ph7BlL6m-S5WW_-rhcbsXrEk4qRyvZwNX&random=1758401660 HTTP 302
https://www.google.de/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0tXbXF3WVFnUDdtaTktQWk2WWxFaVVBNTRNVWNGS0FWaXhOTVdMblNEU01ZUVFSMkZKS0tFbnZDbkJZSlAzR013Q2ZaZDl0GlhDaEVJZ0tXbXF3WVE4dkxodmQzQXJlcjZBUkl0QU55dWtTX0ZEU2JrMUtaVjlSUmJLZWJiMkt2Wmc5aFhDZlJvMFJ5UUQ2QkcxOVpQcmZSbkl0OUxpWVAxIhMI8uPihajvggMVv_0RCB3Iagvx&is_vtc=1&ocp_id=qWFqZbLrLr_7x_APyNWtiA8&cid=CAQSKQDICaaNR7JXmQstMASmTJ0Ph7BlL6m-S5WW_-rhcbsXrEk4qRyvZwNX&random=1758401660&ipr=y

Request Chain 130

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1&google_push=AXcoOmQQbIlKQZdMgSIzFwY6dNCvD_nStVhk0fsu6VNtyWakmSV3e9ebzWebQEEiGutyP7l6x-zVq2_Xodpvr-W7xQvDMvyAfPDEJngwq4nMPVcjZCdJQR7x8Zg7BoeJ8eeYwPi_BQDXUxQuJQur-I3k-oDVcxI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwMDQ3ODQ1NzE0MTU0MzE4Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1

Request Chain 132

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 134

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDNB9YIfgYDXvN11hrGDip0&google_cver=1&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7-3JjVWF1mjSPlptbPQS53-cHzHWeZIEx0L6rcGdlw7osGQw1mKpNbhK794e12xss HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7-3JjVWF1mjSPlptbPQS53-cHzHWeZIEx0L6rcGdlw7osGQw1mKpNbhK794e12xss&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B

Request Chain 135

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHJ_jOpXPu2hrPHuI7DnKbU&google_cver=1&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnDdRjzTSPBcTzD9uFCz7ES-VkJUMx2aFxcko4e-WNsycGtPYhg_8IOzDU2mTtMZa6tfDHV78AtC3M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnDdRjzTSPBcTzD9uFCz7ES-VkJUMx2aFxcko4e-WNsycGtPYhg_8IOzDU2mTtMZa6tfDHV78AtC3M

Request Chain 136

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESENHzR639UNXaWkegin2nPf0&google_cver=1&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxESMPI8Qrc7yXUJU9XQAFw-75r7Kl_BjntMwVio5LVujhoFXfXPD3IwMicmt6dpk17hqBktgdd1sncsnRoYoKcRqItK-Jg0s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxESMPI8Qrc7yXUJU9XQAFw-75r7Kl_BjntMwVio5LVujhoFXfXPD3IwMicmt6dpk17hqBktgdd1sncsnRoYoKcRqItK-Jg0s&google_hm=-QgfQGsyStWGav7rmvh_KY4

Request Chain 138

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1

Request Chain 139

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGrswNFr2yhaBVQwqy7iXu4&google_cver=1

Request Chain 141

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Request Chain 161

https://heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE5ObOqmkFKLYk09JTh1B-Y&google_cver=1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Request Chain 249

https://heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png

Request Chain 250

https://heho.com.tw/wp-content/uploads/2018/07/%E6%94%BE%E5%B0%84%E6%B2%BB%E7%99%82-01.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2018/07/%e6%94%be%e5%b0%84%e6%b2%bb%e7%99%82-01.png

Request Chain 251

https://heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png

Request Chain 252

https://heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg

Request Chain 253

https://heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png

Request Chain 254

https://heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png

Request Chain 255

https://heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png

Request Chain 257

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1&google_push=AXcoOmRwV7ifXMgEDmrxUmBBnmVzOvnqjZTT2Hpgemr_WYqxjc6j0xf4T9x0X30mG6NPUW8HAhoNobfgQsadNir3R98M9CopFyyrFBFVr-BlQQ5ioHJoR65Ilkc2Q0SfTYNN9RmLFUaek2QC8_wklAeubEY-vcw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwMDQ3ODQ1NzE0MTU0MzE4Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1

Request Chain 258

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEGP1fnEOxeMw0rpmrPw9gnc&google_cver=1&google_push=AXcoOmRP90LbEy50wZumIzqthTFJC91eXR7tb4bwupDvplmv4sKVueJR0zMJ7neqtbPxkoKFcRlndu8zzBjE9Hexqo7zTJ5SbML_gDCuOgsvvmJlz9FjWp8hr1vPqc7qnuSBYB2nKsSky92fpeeBbHaCd4T5Vv4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGP1fnEOxeMw0rpmrPw9gnc&google_push=AXcoOmRP90LbEy50wZumIzqthTFJC91eXR7tb4bwupDvplmv4sKVueJR0zMJ7neqtbPxkoKFcRlndu8zzBjE9Hexqo7zTJ5SbML_gDCuOgsvvmJlz9FjWp8hr1vPqc7qnuSBYB2nKsSky92fpeeBbHaCd4T5Vv4

Request Chain 259

https://um.simpli.fi/gp_match?google_gid=CAESECkJearHa8KA6GsEkJCVSOA&google_cver=1&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c31JvUjJvd_3a9tflVo99-nzx-QcRgrXFLyfzzLDyxSwMfUBpjA69M9MmELh5U3XNbSI3Lxig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A98A7BD7251347A38CEB55ABBB6A71C7&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c31JvUjJvd_3a9tflVo99-nzx-QcRgrXFLyfzzLDyxSwMfUBpjA69M9MmELh5U3XNbSI3Lxig

Request Chain 261

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJMZeLSwlupidJe2YQBySHY&google_cver=1&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3MRkontEl2WTjFNHRJ1ldcLGOxDMUTeg8A9K-XZ63Z1MvALu2QRWUnDGT-F1dnQtX4XyjuSA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3MRkontEl2WTjFNHRJ1ldcLGOxDMUTeg8A9K-XZ63Z1MvALu2QRWUnDGT-F1dnQtX4XyjuSA

Request Chain 262

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMQqBQ2uy3F8jFVhrHwXF4s&google_cver=1&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak73-B5aqIw8kDse6iHBwq7_NGAwqaO9dsm8V4Rp5KTDZEU89_oNtb0cVd2FZHHT-kmFb2JF-8DS9rNQk HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEMQqBQ2uy3F8jFVhrHwXF4s&google_cver=1&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak73-B5aqIw8kDse6iHBwq7_NGAwqaO9dsm8V4Rp5KTDZEU89_oNtb0cVd2FZHHT-kmFb2JF-8DS9rNQk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak73-B5aqIw8kDse6iHBwq7_NGAwqaO9dsm8V4Rp5KTDZEU89_oNtb0cVd2FZHHT-kmFb2JF-8DS9rNQk

Request Chain 263

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEMM0AKpHQmLCOhQg_jwMMxs&google_cver=1&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptSo1K2Itl4rAi39PXBFf3UJVaEoStxtbMxWmgAN5k4i2CPO1assJORBPOIABmGymEoKIAquHk_XF0PI3eXMNo2weNNg9Gdbp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptSo1K2Itl4rAi39PXBFf3UJVaEoStxtbMxWmgAN5k4i2CPO1assJORBPOIABmGymEoKIAquHk_XF0PI3eXMNo2weNNg9Gdbp&google_hm=-QgfQGsyStWGav7rmvh_KY4

Request Chain 280

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1

Request Chain 281

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1

Request Chain 282

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDP2gw60-pwCmireenCV10s&google_cver=1

Request Chain 283

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Request Chain 295

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9O3UI4kf5UtcpErvO4k5wDzAl3hy0mGsoluHz_4KZtWRCwVzd426LfDGY HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9O3UI4kf5UtcpErvO4k5wDzAl3hy0mGsoluHz_4KZtWRCwVzd426LfDGY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFczaTJUV3YxUjljZUw1&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9O3UI4kf5UtcpErvO4k5wDzAl3hy0mGsoluHz_4KZtWRCwVzd426LfDGY

Request Chain 296

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGyStl_JoluZ0Z0OsSuun4I&google_cver=1&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXdZnKK3e22QeowWAI HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXdZnKK3e22QeowWAI

Request Chain 298

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0tee-DWg9_WpLj5hax4dpSW93guraepVOptU&google_gid=CAESELUf9Cuk2QG7TpG4lWkurZ8&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0tee-DWg9_WpLj5hax4dpSW93guraepVOptU&google_gid=CAESELUf9Cuk2QG7TpG4lWkurZ8&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDEyMjQzNTUwMDAxNjg4MTE4NTIyNQ%3D%3D&google_push=AXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0tee-DWg9_WpLj5hax4dpSW93guraepVOptU

Request Chain 299

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENL_RYDCHNLd1iy6UETpA5Y&google_cver=1&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETuHqC-tsuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETuHqC-tsuA&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B

Request Chain 301

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZ5dpu5G6P4g0ySKF_651o&google_cver=1&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7txHGp1MCacqOi8SwLmSmzaouro HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7txHGp1MCacqOi8SwLmSmzaouro

Request Chain 323

https://fw.adsafeprotected.com/rfw/st/1627455/73523880/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5693807149055825&ias_chanId=1&ias_placementId=20492285957&bidurl=https://heho.com.tw/&ias_dealId=&xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&adContainerId=brand_safety_q2FqZYuLDp6b9u8P8Z-UgAM&cbFunctionName=goog_wrapCb_q2FqZYuLDp6b9u8P8Z-UgAM&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fheho.com.tw&adsafe_type=g&adsafe_url=https%3A%2F%2Fheho.com.tw%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5693807149055825%26output%3Dhtml%26h%3D120%26slotname%3D5043471010%26adk%3D4021446544%26adf%3D3642469225%26pi%3Dt.ma~as.5043471010%26w%3D1050%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1701469803%26rafmt%3D12%26format%3D1050x120%26url%3Dhttps%253A%252F%252Fheho.com.tw%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rh%3D120%26rw%3D1050%26sfro%3D1%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1701470633636%26bpp%3D2%26bdt%3D632%26idt%3D203%26shv%3Dr20231129%26mjsv%3Dm202311300101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D5208131103481%26frm%3D20%26pv%3D2%26ga_vid%3D592758939.1701470634%26ga_sid%3D1701470634%26ga_hid%3D518088041%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D275%26ady%3D766%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079437%252C31079759%252C44809005%252C44809316%252C31078301%252C31079890%252C44806139%252C44807763%252C44808149%252C44808285%252C44809071%26oid%3D2%26pvsid%3D1856709619181146%26tmod%3D1612921631%26uas%3D0%26nvt%3D1%26fc%3D640%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D211&adsafe_type=bed&adsafe_jsinfo=,id:68f6326b-f26a-b90a-855c-1b30e53cfe91,c:vAK1H4,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66f6d74bff-jgh6c,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:13,oid:1bb0184c-909b-11ee-b9c8-66a7b92443f6,v:19.8.461,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adContainerId=brand_safety_q2FqZYuLDp6b9u8P8Z-UgAM&cbFunctionName=goog_wrapCb_q2FqZYuLDp6b9u8P8Z-UgAM&true_pb=

Request Chain 335

https://heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png

Request Chain 347

https://heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png

Request Chain 348

https://heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png

Request Chain 350

https://heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png

Request Chain 356

https://heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png

Request Chain 358

https://heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png

Request Chain 359

https://heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png HTTP 301
https://img.heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png

Request Chain 378

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&RedC=c.clarity.ms&MXFR=28D801487CCA603F0736129278CA6E75 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&MUID=2555B5D50DB8692731D2A60F0CB868C4

376 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
heho.com.tw/
Redirect Chain

http://heho.com.tw/
https://heho.com.tw/

422 KB
61 KB

358ms
328ms

Document
text/html

34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 77ab5b552a399c4eb4b978fd813eb79ee7e17efe56e40f843ddf2a19b17f1da0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 22:43:52 GMT
expires: Mon, 29 Oct 1923 20:30:00 GMT
last-modified: Fri, 01 Dec 2023 22:30:03 GMT
pragma: no-cache
server: Apache/2.4.41 (Ubuntu)
vary: User-Agent,Accept-Encoding
via: 1.1 google

Redirect headers

Cache-Control: private
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 22:43:52 GMT
Location: https://heho.com.tw:443/

GET
H2 200 styles.css
heho.com.tw/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 326ms
323ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.4
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 30 Nov 2023 06:21:51 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1015
expires: max-age=2592000, public

GET
H2 200 front.min.css
heho.com.tw/wp-content/plugins/image-sizes/assets/css/ 126 B
198 B 343ms
341ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/image-sizes/assets/css/front.min.css?ver=4.1
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bc3fa17b0c4f879f13a223996f66eb9fad7c84385b2967e3781a3680a6e6a811

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 17 Aug 2023 06:06:30 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 117
expires: max-age=2592000, public

GET
H2 200 style.css
heho.com.tw/wp-content/uploads/maxmegamenu/ 137 KB
11 KB 345ms
343ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/uploads/maxmegamenu/style.css?ver=efd62a
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 60f4bc6d7145eac78eacce4c985befa2f47a66af0fc33f5e5f99f43cc2c080f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 29 May 2023 07:25:45 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11518
expires: max-age=2592000, public

GET
H2 200 dashicons.min.css
heho.com.tw/wp-includes/css/ 58 KB
35 KB 330ms
328ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/css/dashicons.min.css?ver=6.3.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 10 Jun 2021 23:13:18 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35730
expires: max-age=2592000, public

GET
H2 200 jquery.auto-complete.css
cdnjs.cloudflare.com/ajax/libs/jquery-autocomplete/1.0.7/ 653 B
932 B 32ms
13ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-autocomplete/1.0.7/jquery.auto-complete.css?ver=1.0.7

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d7fab9e736b5a64ab2fd063444bc8737b54f6e0a559c2a6a04149d952a75017

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 316214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 252
last-modified: Mon, 04 May 2020 16:11:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec1-28d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BzEv5ulO%2FnOJeLTA%2FvnSh%2Fb5Sw9Oh%2BuLSyyTOifSZ5M%2FJCcIyH6%2FupOj68H%2B83VrnoirL4zrV6ssCRHN5DlDvs%2BoaxuPDYUOLtcMpT4%2BP3qdqGBCXuo8tZy%2FmTw%2BLXvD7XrBq0MP8HpRz%2FLHDNFZNH8q"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda007c661907-FRA
expires: Wed, 20 Nov 2024 22:43:53 GMT

GET
H2 200 flatsome.css
heho.com.tw/wp-content/themes/flatsome/assets/css/ 148 KB
30 KB 344ms
342ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 47f1d0dc5c8ad11e9fcc9fb81023552a39854dfe3a8f67609b8ea44c1685c3db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30142
expires: max-age=2592000, public

GET
H2 200 style.css
heho.com.tw/wp-content/themes/flatsome-child/ 18 KB
5 KB 321ms
320ms Stylesheet
text/css 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome-child/style.css?ver=3.17.3
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 308bd8594b227122898d10838a3b719f545cd4ba4f02a408fc0b7ff43f17ca30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Tue, 28 Nov 2023 01:56:55 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4947
expires: max-age=2592000, public

GET
H2 200 jquery.min.js Show response
heho.com.tw/wp-includes/js/jquery/ 85 KB
30 KB 335ms
334ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 16 Oct 2023 00:47:08 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30343
expires: max-age=2592000, public

GET
H2 200 jquery-migrate.min.js Show response
heho.com.tw/wp-includes/js/jquery/ 13 KB
5 KB 290ms
288ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 16 Oct 2023 00:50:55 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4872
expires: max-age=2592000, public

GET
H2 200 seo-automated-link-building.js Show response
heho.com.tw/wp-content/plugins/seo-automated-link-building/js/ 493 B
432 B 287ms
286ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/seo-automated-link-building/js/seo-automated-link-building.js?ver=6.3.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 3a8566c410bdc9c4b1a222d4e198c179255893accb662ed34ac308c39fc01bac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 29 Jun 2023 02:46:27 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 291
expires: max-age=2592000, public

GET
H2 200 inputtitle_submit.js Show response
heho.com.tw/wp-content/themes/flatsome/js/ 649 B
427 B 417ms
416ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/js/inputtitle_submit.js?ver=6.3.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 48d68ba83268a7d5262f2af34a516346aa970e5212d9605664c6dc390bfed129

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 28 Dec 2020 08:13:27 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 345
expires: max-age=2592000, public

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 132 KB
51 KB 89ms
26ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-105027460-1

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4acc9e2c1caa37e3b0ce7913d2cf4fe979eb8f6579dda4b9f77627d3bd382f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 51639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2 200 heho-mkt-global.js Show response
ml.oxra.com.tw/ox/mkt/js/ 33 KB
7 KB 883ms
247ms Script
application/javascript 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f16700a582fbcb0a4dce154cb5fab6fd32ed12a495c7e2678be5d0ad93e282c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
last-modified: Fri, 03 Nov 2023 03:24:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"654467e4-83b8"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 heho-infinite-sdk-heho.js Show response
ml.oxra.com.tw/ox/mkt/js/ 43 KB
7 KB 1127ms
491ms Script
application/javascript 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/js/heho-infinite-sdk-heho.js
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5bd95d97908d15bffb7bee4ac7fafc2b7c19de43cb27447eb8ea21fd72d476b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
last-modified: Fri, 03 Nov 2023 02:56:32 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"65446160-ad31"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 sticky-kit.min.js Show response
cdnjs.cloudflare.com/ajax/libs/sticky-kit/1.1.3/ 3 KB
2 KB 33ms
15ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/sticky-kit/1.1.3/sticky-kit.min.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

738465a35668cea4cf13644bbaf6eeb18dfe494d6941a242d138ee87280c8a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 155540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1245
last-modified: Mon, 04 May 2020 16:16:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fdc-cd3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FrI7%2Bb2h6TPLJ1bxk1skxwq7GSSILkFWI84wntJccunMOZ5L%2BOYeDFgTkoIxUJ1wEYkI%2B%2FjNcurAw%2FIgbqrbpfXLvFQ1QzIAydalBDDMr0LwFRny053Y1BfXGvhXtUoqNnqXrHivrCwbiLKQkPgNsgw9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda007c671907-FRA
expires: Wed, 20 Nov 2024 22:43:53 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 106ms
40ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7453c683665441feaae6521513c1bbb98265e66ec6f984891a3962feac07455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51895
x-xss-protection: 0
server: cafe
etag: 16953315269554724281
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 92ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33cffd5ef7d78d156bcfc9d8ef02e0c5e1fe88663d958b78404b6a58b4d0d07a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30275
x-xss-protection: 0
server: cafe
etag: 352 / 19692 / 31079857 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2

200

b28837887ae86c49b66bc05e04dd346e.png
img.heho.com.tw/wp-content/uploads/2020/07/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png
https://img.heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png

3 KB
4 KB

76ms
23ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cecb66bde508c9248d803c80e120330c2390474f21df544bee4d8d34b22810e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1703254
alt-svc: h3=":443"; ma=86400
content-length: 3295
last-modified: Thu, 27 Aug 2020 06:39:33 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1H9OPi7qTR9mRkuc%2FZlrMeHCyO6Vu1Uu%2BHCVtpe4AZbFMQHMxlajyDhEJhel18Fao%2BO%2FQjXknJQtgLWokXIcQhIKjyPpmtSjMt3Pu7%2FFuS%2FjTuSz5Jx%2FzgRSG205k216b9ZWG8gzSXq8pqDjHUM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda027f23b97e-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2020/07/b28837887ae86c49b66bc05e04dd346e.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 373
content-type: text/html; charset=iso-8859-1

GET
H3 200 flatsome.js
heho.com.tw/wp-content/themes/flatsome/assets/js/ 0
16 KB 343ms
338ms Other
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/flatsome.js?ver=be4456ec53c49e21f6f3
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16738
expires: max-age=2592000, public

GET
H3 200 chunk.slider.js
heho.com.tw/wp-content/themes/flatsome/assets/js/ 0
13 KB 413ms
408ms Other
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13382
expires: max-age=2592000, public

GET
H3 200 chunk.popups.js
heho.com.tw/wp-content/themes/flatsome/assets/js/ 0
7 KB 325ms
320ms Other
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7220
expires: max-age=2592000, public

GET
H3 200 chunk.tooltips.js
heho.com.tw/wp-content/themes/flatsome/assets/js/ 0
10 KB 393ms
388ms Other
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10106
expires: max-age=2592000, public

GET
H2

200

1685591982.4705.png
img.heho.com.tw/wp-content/uploads/2023/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png
https://img.heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png

143 KB
144 KB

23ms
23ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd37899aca2011cdf18276fe93b568460f41a8a9aa4af0dedae29e28e0f7cc8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 230998
alt-svc: h3=":443"; ma=86400
content-length: 146514
last-modified: Thu, 01 Jun 2023 03:59:47 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiC3aGy0T6wvYoDXDYHgDsQsIo%2F%2FyTOAKbSzzjq%2F%2FgeeaXkFMVfc1SgY3AsswhQEeNdXAo5qdmmVYuhuIJOQ6xSuzchn7b0w%2FNkboBoSwp3Hk%2FHP1fK7NoHA5ybkNcj4pfds0W2et9AanNQXWYM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda02df6cb97e-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H2 200 dmca_protected_sml_120n.png
images.dmca.com/Badges/ 2 KB
3 KB 80ms
19ms Image
image/png 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/dmca_protected_sml_120n.png?ID=92f4d6c1-aaf5-4037-9b43-72143adcf46e
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: 45ec09974d948120c9f97cbedd141f4fa8df876bd2206f0c41133ae3a13fdf13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 18:59:51
cdn-pullzone: 1574055
content-length: 2060
last-modified: Tue, 04 May 2010 23:19:10 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "a7af7333e0ebca1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: e40c13c3fe77a2116b00c8918e9315ac
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://dmca-images.azurewebsites.net/Badges/dmca_protected_sml_120n.png?ID=1749cafb-2fcb-4f72-bfc7-9694f5610177>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ 465 B
832 B 18ms
18ms Script
application/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:40
cdn-pullzone: 1574055
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"26b181f16d28d51:0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 2f04e82d079b23e400d64e6672da3b48
cdn-requestcountrycode: DE
link: <https://dmca-images.azurewebsites.net/Badges/DMCABadgeHelper.min.js>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3

200

1623040116.8368.svg
img.heho.com.tw/wp-content/uploads/2021/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg

4 KB
2 KB

23ms
23ms

Image
image/svg+xml

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fdf44c84e33e64332bb97121e566eb096f411850877443b97c310e598ef10e72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 236637
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 07 Jun 2021 04:28:36 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEQbDdnzdk3GmVRUwig01n%2FF6OlEuAOZIhF2XXBQAmF56nIm%2Fx%2BXTuBH8IOwjlPiV50LS4knTZZqo3AvjkdoAamAtlW8Kh8y8vgRVB9cFVztOPn1DrQlQZSntURZzSeyssg%2FxIXn3psI0JXLt8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82eeda03ff3b66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.8368.svg
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1623040942.0376.svg
img.heho.com.tw/wp-content/uploads/2021/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg

2 KB
1 KB

22ms
22ms

Image
image/svg+xml

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 600db4b0c037c60bc7cf0f6508cd29ff8d97e1d02267a626b444a28d7c75d298

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 312874
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 07 Jun 2021 04:42:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VayGFP91Pq1daAecjakGWTNBYl76kclKfPCR0V8slajXEPVthNaaiWJk5sSVoHz7IdW%2BSBlF9Oj%2B8sjH%2BbCCpAHY0HtDdyHfaNIvGzdKGXiJViqxsbTVeClJUwk4RN62LrWKcfk88b%2Fsr73zDg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82eeda0699f566b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040942.0376.svg
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1623040116.3431.svg
img.heho.com.tw/wp-content/uploads/2021/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg

1 KB
1 KB

22ms
22ms

Image
image/svg+xml

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fea32efefa901ef8406bee583dcea828fc0871ca38f7227475fc8d6a520da9dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 230559
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 07 Jun 2021 04:28:36 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wlzw6Ixvmz3%2FoQMSQa9GUfK8WmJKTD7iApjVv2IBWCUlWpdpcgtUxZjO5g9OLNB%2BMcfe2fx%2BmXz%2FUpMn%2FJtD3ZEUAv2madLFaS26Ck11p8m%2BxwZzVLNPJzysuFnKbT%2FCCTNb5oGKcEFB0QDryYw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82eeda06aa1366b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040116.3431.svg
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1623040117.0803.svg
img.heho.com.tw/wp-content/uploads/2021/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg
https://img.heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg

1006 B
1017 B

20ms
20ms

Image
image/svg+xml

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87b18f50b21e8e3e68778d553e17395f44f3d18bcf9d664f852e9a7d515a6c10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1631232
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 07 Jun 2021 04:28:37 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eDDiuvvj4%2FPv%2FA5fZywKTM6%2FncIYTq072jLYtUt%2FVBySA70CZ8QwLG3mUxiL1rNjg0PeQQuF5IymH3Bkq7OYFkhnZlWMml15d5H61Mnvwid0tRA9QTSatBWoIpILLVarKozHoFPzfz3ax9kYOKc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 82eeda069a0066b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2021/06/1623040117.0803.svg
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 1649640641.534.png
img.heho.com.tw/wp-content/uploads/2022/04/ 9 KB
9 KB 26ms
24ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/04/1649640641.534.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 889aad1463a00bc7c4fda2a94819d09f932bde81010eaa9f7b9f74402f3fc579

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 282902
alt-svc: h3=":443"; ma=86400
content-length: 9006
last-modified: Mon, 11 Apr 2022 01:30:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsWHGLCGCgjd2td4YqNAPz1XXb8pppc4XWrBEbd3mmywKO5z2mGNXngxqBdO%2FUooJtWvfDrHcvVi9GR1Ut4kpXIfjGu%2FnCzBN1IHKzf3j2vJY%2BEl4yNhil7LGU%2BA3CAZBDbWTow6UX2nR6al%2BJ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda035e9e66b5-AMS
expires: max-age=2592000, public

GET
H3 200 1649640644.1429.png
img.heho.com.tw/wp-content/uploads/2022/04/ 10 KB
10 KB 25ms
22ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/04/1649640644.1429.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6ba6d140a0b4673d579dd5cd2428521d9141c946dcb02884c0c5a3b3913cd7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2035354
alt-svc: h3=":443"; ma=86400
content-length: 10191
last-modified: Mon, 11 Apr 2022 01:30:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXb%2Fpt9L2wU3u2njgZ19hEziBft6WiQrvHHtrZ%2BVYxZ8rJJZ4Wcn42I9U4i1fQMG8zrFszzWTkzHp25pWeS33ZKmk322sAZSCM0FQxvW%2BdsxzwdJEJDPwnE9uafO0JUYWUwVWQ23eqD9dqdisBg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda035ea166b5-AMS
expires: max-age=2592000, public

GET
H3 200 tsconvert.js Show response
heho.com.tw/wp-content/themes/flatsome-child/js/ 12 KB
8 KB 293ms
293ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome-child/js/tsconvert.js?0811
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: f8cc03e63c2624c1e817c00f6dfb085759dcff6aa84c37fcd65050023fd582e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 11 Aug 2021 03:16:22 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7690
expires: max-age=2592000, public

GET
H3 200 index.js Show response
heho.com.tw/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
3 KB 308ms
307ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.4
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 30 Nov 2023 06:21:51 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3212
expires: max-age=2592000, public

GET
H3 200 index.js Show response
heho.com.tw/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 377ms
371ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.4
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 30 Nov 2023 06:21:51 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4191
expires: max-age=2592000, public

GET
H3 200 jquery.auto-complete.js Show response
heho.com.tw/wp-content/themes/flatsome/js/ 8 KB
2 KB 296ms
290ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/js/jquery.auto-complete.js?a=3&ver=1.0.7
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: c063fc54a4bcec5e67e63ec0c5fb62be66be35509203e143a97de4e7eae0e4f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Tue, 15 Dec 2020 06:38:28 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2177
expires: max-age=2592000, public

GET
H3 200 global.js Show response
heho.com.tw/wp-content/themes/flatsome/js/ 1 KB
577 B 304ms
298ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/js/global.js?a=3&ver=1.0.0
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: d6160ac2857a97b2e8b68b394977418e28dc43947425deb37fdea506582787aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Fri, 11 Dec 2020 05:53:00 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 556
expires: max-age=2592000, public

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 68ms
27ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&ver=3.0

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8341e035f8572a07e1afa2e95d48bf9a97d33844e27e4300bb8c0de6e172211b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H3 200 wp-polyfill-inert.min.js Show response
heho.com.tw/wp-includes/js/dist/vendor/ 8 KB
2 KB 325ms
320ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 19 Jun 2023 07:09:18 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2484
expires: max-age=2592000, public

GET
H3 200 regenerator-runtime.min.js Show response
heho.com.tw/wp-includes/js/dist/vendor/ 6 KB
2 KB 307ms
302ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 19 Jun 2023 07:09:18 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2499
expires: max-age=2592000, public

GET
H3 200 wp-polyfill.min.js Show response
heho.com.tw/wp-includes/js/dist/vendor/ 16 KB
6 KB 346ms
341ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 16 Oct 2023 00:47:08 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5889
expires: max-age=2592000, public

GET
H3 200 index.js Show response
heho.com.tw/wp-content/plugins/contact-form-7/modules/recaptcha/ 934 B
503 B 339ms
334ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.8.4
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 30 Nov 2023 06:21:52 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 483
expires: max-age=2592000, public

GET
H3 200 hoverIntent.min.js Show response
heho.com.tw/wp-includes/js/ 1 KB
726 B 394ms
390ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 19 Jun 2023 07:09:18 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 706
expires: max-age=2592000, public

GET
H3 200 flatsome.js Show response
heho.com.tw/wp-content/themes/flatsome/assets/js/ 52 KB
16 KB 385ms
381ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/flatsome.js?ver=be4456ec53c49e21f6f3
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 7046618f6555847e4c8d7fb47584672aab889faf9ceebd6d871074da350615c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16738
expires: max-age=2592000, public

GET
H3 200 flatsome-lazy-load.js Show response
heho.com.tw/wp-content/themes/flatsome/inc/extensions/flatsome-lazy-load/ 2 KB
622 B 588ms
584ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/inc/extensions/flatsome-lazy-load/flatsome-lazy-load.js?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ef8fea302c93f5619c53b4b7f8435c3d7dbaf5a4296593fb9f353e574c9b34d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 601
expires: max-age=2592000, public

GET
H3 200 maxmegamenu.js Show response
heho.com.tw/wp-content/plugins/megamenu/js/ 33 KB
5 KB 360ms
357ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=3.2.4
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 0b35f88d468214d1e8ea6b50a1161cddd4984b46d3c9b13d05f00438bf894083

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 23 Oct 2023 01:06:51 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5198
expires: max-age=2592000, public

GET
H2 200 sdk.js Show response
connect.facebook.net/zh_TW/ 3 KB
3 KB 27ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0935cfb626e0384656dd2cc4ee16b9ee5430fb1b511a40ce7c6d8ec08e547df4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 22:43:53 GMT
content-md5: hAU5O0Zln9hgqwQtMP4ghQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1684
reporting-endpoints
x-fb-debug: 9yuHs011bUk1UkyYNpx6TGPTpcm4uSzjWLzGwtg8NsFwZGT0l7fzSTL0+yq8HZm5ThhcB0hjuQGNLr7Ko8yqXQ==
x-fb-content-md5: 62efbc97199a468f64dd093569f7990b
cross-origin-opener-policy: same-origin-allow-popups
etag: "41f9e049bd01b5d0872d406c05eb5277"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:57:09 GMT

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/36287102/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
2 KB

22ms
22ms

Script
application/javascript

65.9.95.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Server: 65.9.95.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-81.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 10:14:16 GMT
content-encoding: gzip
via: 1.1 9ed2eeec8748ea461af0d1cbf998da0e.cloudfront.net (CloudFront)
last-modified: Wed, 19 Jul 2023 09:10:12 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 44977
x-amz-server-side-encryption: AES256
etag: W/"77ff4ede4693897337a38594321529a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: IqMFaQndZ6jQNPBSJizpiv1OFKGq-wzTyRrgE8KSceSU0v89rZnokw==

Redirect headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 9ed2eeec8748ea461af0d1cbf998da0e.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
location: /internal-cs/default/beacon.js
content-length: 0
x-amz-cf-id: t2iz6H1WxuCre4Ez64j-PcdPrqrmTpwEhHesjt8XuSJ1J3xVSbYRAA==

GET
H2 200 48oiwicjv7 Show response
www.clarity.ms/tag/ 650 B
1014 B 148ms
97ms Script
application/x-javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/48oiwicjv7
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cedd3e0be10d4410fcf6e939511c7639a3d15429c98b6f9cab31d1f1ba3bdd99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: -1
date: Fri, 01 Dec 2023 22:43:53 GMT
x-azure-ref: 20231201T224353Z-k17rp4gtnp5bv7zr53xftqwvxg0000000r9g00000001mn72
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 viewform Show response
docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/ Frame FD08 53 KB
16 KB 460ms
423ms Document
text/html 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

98888f9be7dd1fe36b668aaebf74559dec6a6f3d081d6fe2cdeff39fad705081

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-6X9PwjrYYfib33lyvZvnCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-6X9PwjrYYfib33lyvZvnCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: GSE
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, nosnippet
x-xss-protection: 1; mode=block

GET
H3 200 fl-icons.woff2
heho.com.tw/wp-content/themes/flatsome/assets/css/icons/ 7 KB
7 KB 381ms
381ms Font
font/woff2 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2?v=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bc425300c8a8a921a3d481e8b2395ef3c6cac4333b7326ceb1f5963fa6102b77

Request headers

Referer: https://heho.com.tw/
Origin: https://heho.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
content-type: font/woff2
cache-control: max-age=0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7244
expires: max-age=2592000, public

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://heho.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 heho.com.tw Show response
ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/ Frame FFEC 9 KB
4 KB 1087ms
493ms Document
text/html 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: d6ea0acd1a44d3f90345977393605cc2fbed1795b4a84713ea6fcb6364319c24

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:54 GMT
etag: W/"23bf-SBMfozBZRyOfjO0xbTz7xpmv+vs"
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 heho-mkt-sdk.js Show response
ml.oxra.com.tw/ox/mkt/js/ 5 KB
2 KB 1087ms
492ms Script
application/javascript 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-sdk.js
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9afefc6356f7a01fa5d0a8b69c8a39cb3709795753e96ad09bad19b21b0b658c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
last-modified: Wed, 07 Dec 2022 04:48:19 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"63901b13-12db"
vary: Accept-Encoding
content-type: application/javascript

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e2f7fbd847620a46b260daa079ddcacce2e96d507bc686510677cb243f088245

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cf5d64d0afede22b7695693440ec3a84e8d038bf5db692c9e70d8b429acfb5e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff65c6a3b716ae696170f17006e5b017751677908e6b56b53a27379f7dc578df

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 20a3bf52be657d048a21d70727caaa41611e9d8ef79c89d88c78949ee41a162a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfe4b3384bdf0bd276d03faa954b58977064c3aa7199c946292f3d22f416fc76

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a076d79ed14cff54c3ece7a41c43bf5b96154cc8c194ba252aea6f5c3830cfdb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5448b3df7fca1bd7f1ee6c34cab7287342978c1634a216dcb055faa92ffef9de

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

1654582763.9763.png
img.heho.com.tw/wp-content/uploads/2022/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png
https://img.heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png

62 KB
62 KB

22ms
22ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58414c45ff47ff8f78077f75d47fb1c08143c46e500536ccb407fb9a031d3da7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72344
alt-svc: h3=":443"; ma=86400
content-length: 63017
last-modified: Tue, 07 Jun 2022 06:19:27 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWwHqRDS1RvYr81aDBqgF0JJR3CrPMGL4pED7u59VMiji7qzP80XkoJsRVY0r9gG8QOfnmVSguM%2BCv2UNpmbnvlqRGvWfava4t4GcVjVDq5UAcQ3ejiO975b6%2FqdMOuPHHJHA5sw%2FAwr5JAZaI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05a8f666b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/06/1654582763.9763.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685341005.7905.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png

24 KB
25 KB

42ms
42ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c962d6b55e524fbd4d056d9417afc3f15d56c09df24de4217a3faecd27afba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1961795
alt-svc: h3=":443"; ma=86400
content-length: 24795
last-modified: Mon, 29 May 2023 06:16:48 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o67GXIdaTFHxF%2FHpmGws5A2VRGed9YfptOdwaFwTUgUSSIraLvxsRTRg0kspQyYiSoJiTErZCmc5uYFv80Dhu9VbFyQIrPTS5Bo5Mg%2Bw8FcbNnkfF9yLjQ6CCK3hf1Yd0jhKVXTzDGXdzv2zGkk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05b91166b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685341005.7905.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685341002.6315.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png

15 KB
15 KB

32ms
30ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 985b3bcffaca82008af6fbae8e61658cb5154c104561967e0b1fb91305375555

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51853
alt-svc: h3=":443"; ma=86400
content-length: 15063
last-modified: Mon, 29 May 2023 06:16:45 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=diG0ykpzZ1AQO6CCA%2BK7js3J%2FLY1lWFDHVxENbiAg1Y2px2vGQUPaO%2B%2FujR25MjBSG6PDCoEgksWbMsPMEF0e5q0igVt0uK0wDiJeIIfwfBhvZr0GJM2YBEBTR4L8Ey5mgpgxP5n02OX99JMvYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05c92966b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685341002.6315.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685340999.4319.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png

17 KB
18 KB

21ms
21ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74d4d21ea731e982d339e2341bebcde40e7abd3c43e6955a51d13c68d105f9ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1457176
alt-svc: h3=":443"; ma=86400
content-length: 17450
last-modified: Mon, 29 May 2023 06:16:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LsS52AFi6%2FgzMHDeQFNFXP4sKtdu7FraFEecPGVSPf7nYMoth0%2BIPqpWF8GWjf5s4p6X834MJaCD6AHxNw0zq8jH%2BGyL2XHyc97PH14%2F%2FvqmvKPHCU3J1XTYQhOfBt3qX%2FXoegFq2XLhVMGIp8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05e94866b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685340999.4319.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084067.1705.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png

6 KB
7 KB

21ms
21ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f6995a0395179c9dd731c85aa08ef73fb09ab0b6ea2e889eda95f9747e069c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1872783
alt-svc: h3=":443"; ma=86400
content-length: 6559
last-modified: Fri, 26 May 2023 06:54:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itwEnKAokFHgpMhOIUKqr%2F4NR15w2ZCFLHrapvASuTaB1jxbjpOejjdxijMIGpmhX6Hgom7YK3CI0ciOjMNd6ymXOfFx%2BcNe5Mw3ulPfYd8uqmRMV0utA70fOIQZACbU%2Bc%2BABoys1T0iFGIFJp8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda06aa0766b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084067.1705.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084061.4838.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png

16 KB
17 KB

48ms
48ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029021f9df9d250bfc5442e10e72bb7fcc37aef687080952a051aa4428214f15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 328692
alt-svc: h3=":443"; ma=86400
content-length: 16859
last-modified: Fri, 26 May 2023 06:54:24 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5vR090jfmYitzqg%2B9UuL2oXzebKAnneSSZjfgLyZzFWxD6uSvBe6mdVn2ESu%2BB%2BQTNHmF5ao0cExcP9pbC2ranqUSFm3TxtmXGYaHuaAZSbeyncsN34CqjGymvTX%2F7yYwABkYFxgFS2q4sWZyzM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05a8fb66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084061.4838.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084260.4331.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png

4 KB
4 KB

20ms
20ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d6f268fafb58c6446703ee4d09aedba5b6a7d3a59261da328d75d5115fb11b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 310666
alt-svc: h3=":443"; ma=86400
content-length: 4029
last-modified: Fri, 26 May 2023 06:57:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJLEp8%2FFPqCSNyKyXpid%2F%2ByfyPpATzGqGlV9TsHgh1Jvu%2BSKVis3j4ySqtzllK%2FmNNXnIew9eoGhs%2Fg8EF%2F%2FhPin962FTM4dGSYduRYB3WKTdboSlYX1KucECHA9l8BqNX5T7fgNY2rMOC%2BZqk0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0699ff66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084260.4331.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084258.0287.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png

5 KB
6 KB

46ms
45ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6567639db59dc67528a542b533eb95189e86f1d3cd82d865b72b09cbb2290e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 143896
alt-svc: h3=":443"; ma=86400
content-length: 5599
last-modified: Fri, 26 May 2023 06:57:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2B6esM2pzDB%2FAMGB58HQZ50rJsrzE1lKcTk08zUX01z6NSAJXrEMOZvk%2BLWmIQms90nxz5O4M4f7WRKbnzAuRUbJJKAci9eYQP1GP%2FFxWV8uMt7%2BwwZbqjK6Dfu8V3k6SLPrdNK7kt%2FfdVUuTek%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05b90a66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084258.0287.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084064.6124.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png

6 KB
6 KB

24ms
23ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 926820f185b15731023eb5573e470b2fc52fa7c7719ba68de547ec3a99ea4db6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 332749
alt-svc: h3=":443"; ma=86400
content-length: 6163
last-modified: Fri, 26 May 2023 06:54:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxMFzbu%2BccOaIEaP4Ne4DwenoKCDhqAFNGlGCAHTcuNqKy5sfBiSQfU3zbhTpkMKVKjY6k6v6IrJKh7%2FdkMbrnpGwiq4h0lq3IjRlqwYxeR9qsAPYw6oJdJm8w4aUKm7Y0eKmKlFmZbjnmQ%2FFkY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda073aa866b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084064.6124.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685084058.5936.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png

12 KB
13 KB

25ms
25ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f338abba8fb7cf686b9a4f785fedd4299709cff3e365eae3c61eb0e507c417d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1620378
alt-svc: h3=":443"; ma=86400
content-length: 12376
last-modified: Fri, 26 May 2023 06:54:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IX4Ztdd6ccQbcuNZHQGpE2p2dgYGl7dH%2FMh6rFsUt04SmoPI%2F49WJOPYzlw5YJxI%2FtKtavUogyTxPvD6p0FiLeItedaxId0IaGe3nwGhnbDDgvbKBOkNRlyruGBRPpNCxlTwqVW06vRBqzzKgoQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda073aac66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685084058.5936.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1689755246.8803.png
img.heho.com.tw/wp-content/uploads/2023/04/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png
https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png

5 KB
6 KB

36ms
36ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f54070450baf09b19fdbe1d661a5b05eaec9b8a60353a4cf91ce60df518469a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 224749
alt-svc: h3=":443"; ma=86400
content-length: 5344
last-modified: Wed, 19 Jul 2023 08:27:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BxQ19yTdargj4Nl18Ud36ODdpDbsvzMHpd7aESVxgwJ5y0w7Y7kumIkhjgMt1EAa90aXZiaG%2BQ4e0CqkoxtdTaeh0r6b26fo%2BlVCoZlniZkOQbyu5ANXGPTSwJu6umS3C6PuJE1uMYH9L4JXJOk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05a8f866b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1685083759.3921.png
img.heho.com.tw/wp-content/uploads/2023/05/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png
https://img.heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png

13 KB
13 KB

21ms
21ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4e6a680e9036aaf31486a675e7ae117f53d2f3c3924240f26e0d57520e4204a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 61917
alt-svc: h3=":443"; ma=86400
content-length: 13108
last-modified: Fri, 26 May 2023 06:49:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FAxt7vAc1u2g4IiQ9yXvvTYAPRPBaVGxH4nvsRuvu%2BmKrKeWbAAZd5cQyAb%2FAc2J4ZlWPUb7qOrWd6K0mdpoaC3ViqpdF5pptu1Ymf2hbvVMoTeuyk25yjzJgWDsvYdso%2Bs%2F1rCL8K7Mq5GZjg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda073aaa66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/05/1685083759.3921.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 273864a943d0ff0ab1b4861c83635fe7c7fcaa496d81862552923c614639b12f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

1611030364.7282.png
img.heho.com.tw/wp-content/uploads/2021/01/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png
https://img.heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png

1 KB
2 KB

48ms
48ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9320b3cdf4756eab8412ee5120bc5af5524c9030de78136fbc42b7e40814289a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1499780
alt-svc: h3=":443"; ma=86400
content-length: 1058
last-modified: Tue, 19 Jan 2021 04:26:07 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qm46FnVOdnsPNVHoZrsqEpahthYfaoO63jq49u7DlVyBqp34XcnGQSjIwpgeAv%2FEo7OAY5OMRv69IDKXiq3zSNYobvA7K9iEhhnaWjs%2FKBr5%2FbVpF1EBXXr5BPcV8UjUSeEVkUm5F9iGqBPUhMw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda05a8fc66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2021/01/1611030364.7282.png
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 sdk.js Show response
connect.facebook.net/zh_TW/ 303 KB
87 KB 18ms
9ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js?hash=3bb38c8ce8ee214c8a1ecc7dc0e145f0

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

87add725b7d427e6c929ec9a99934ab901660e0c6daece71b32ed1cb7a8815a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://heho.com.tw/
Origin: https://heho.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 22:43:53 GMT
content-md5: R4N5wss9y0MmDAqtbVV6Qw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88492
reporting-endpoints
x-fb-debug: 2i630TcwewF5uyBI/pVphifvq5ac2b+xj60LdhELEreoms1K6yxNesTO3hdmJNzBeV1YPTahfiX3FwI8kS5YfA==
x-fb-content-md5: b447ef983d7d3179212c6a96fd05eaa9
cross-origin-opener-policy: same-origin-allow-popups
etag: "c511234a2b77d5f09e88e28a0fd462ad"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 30 Nov 2024 21:05:01 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/ 432 KB
135 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311290101/pubads_impl.js?cb=31079857

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa40858bc00aa25239b434a313f9b30b4b604715b21395c0f278a3055cd31deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 20:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8004
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138184
x-xss-protection: 0
server: cafe
etag: 495798054771589180
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 30 Nov 2024 20:30:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 295 KB
96 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LDJQEPLLSR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-105027460-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d608b811b5906ac6c2727a96ee0f5c29461f10774c418f35b0afd808cbad319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 60ms
24ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-105027460-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 21:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3255
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Dec 2023 23:49:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 205 KB
74 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-338904101&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-105027460-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82dc82c81ee9423e67c04225828f10124fba2743d213ce299bfbc52d3f4c973a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76042
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ 398 KB
135 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5693807149055825&plah=heho.com.tw&bust=31079890

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74af76502c3179fe03e2092f31c6cdd4aa209655037f44b51b9326ba96778d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137567
x-xss-protection: 0
server: cafe
etag: 6299215763757014760
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:53 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/ Frame 3189 9 KB
4 KB 58ms
24ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29ac11b866b20f17242bdff6076537a14e60f213ef8deb1c56794ff61da4b30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4104
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 16:34:22 GMT
etag: 18311852268564407380
expires: Fri, 15 Dec 2023 16:34:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 b
sb.scorecardresearch.com/ 0
223 B 36ms
36ms Image
text/plain 65.9.95.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=36287102&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1701470633659&ns_c=UTF-8&c7=https%3A%2F%2Fheho.com.tw%2F&c8=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&c9=
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-81.prg50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 9ed2eeec8748ea461af0d1cbf998da0e.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 0hZrAvVzehutQ2Vr4xMq-_t8bgUqUWvv2CA__TzBv5ns186GVDv01w==
x-cache: Miss from cloudfront

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.18/ 59 KB
25 KB 18ms
17ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.18/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/48oiwicjv7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
last-modified: Fri, 17 Nov 2023 13:41:44 GMT
etag: W/"0x8DBE772F014B026"
vary: Accept-Encoding
x-azure-ref: 20231201T224353Z-k17rp4gtnp5bv7zr53xftqwvxg0000000r9g00000001mn8e
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 7767f6a6-101e-004a-47fe-198d54000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/338904101/ 3 KB
2 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/338904101/?random=1701470633696&cv=11&fst=1701470633696&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-338904101&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50c15aa43139d62075bc472217b6757b9f73c7aa7506a4c465b79169dad06a9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/338904101/ 3 KB
2 KB 75ms
27ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/338904101/?random=1701470633703&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-338904101&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ccfa2ee29f7b0f5edb10870c47f56e006f562cb331bc2abc04f30e0b4582eca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1641
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 47ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-LDJQEPLLSR&gtm=45je3bt0v877969751&_p=1701470633475&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=592758939.1701470634&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1701470633&sct=1&seg=0&dl=https%3A%2F%2Fheho.com.tw%2F&dt=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1126
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LDJQEPLLSR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heho.com.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
251 B 56ms
19ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-LDJQEPLLSR&cid=592758939.1701470634&gtm=45je3bt0v877969751&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LDJQEPLLSR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heho.com.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 59ms
25ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LDJQEPLLSR&cid=592758939.1701470634&gtm=45je3bt0v877969751&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1404155735

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
204 B 31ms
30ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=518088041&t=pageview&_s=1&dl=https%3A%2F%2Fheho.com.tw%2F&ul=en-us&de=UTF-8&dt=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=896915932&gjid=55299666&cid=592758939.1701470634&tid=UA-105027460-1&_gid=1091219218.1701470634&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=1999704455

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heho.com.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
291 B 305ms
100ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://heho.com.tw
Date: Fri, 01 Dec 2023 22:43:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 91EA 29 KB
12 KB 1139ms
1139ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5693807149055825&plah=heho.com.tw&bust=31079890

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7741b58597d99b6563396a5c35f7f0e38dbefd705ddb3e4a6d1228ee27082ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 12476
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
expires: Fri, 01 Dec 2023 22:43:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/338904101/ 42 B
327 B 28ms
27ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/338904101/?random=1701470633696&cv=11&fst=1701468000000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaN-r6ayN5sagaydVYBrsVF1mqqKUBceQ&random=956798660&rmt_tld=0&ipr=y

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/338904101/ 42 B
154 B 25ms
24ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/338904101/?random=1701470633696&cv=11&fst=1701468000000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaN-r6ayN5sagaydVYBrsVF1mqqKUBceQ&random=956798660&rmt_tld=1&ipr=y

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6AB0 106 KB
45 KB 571ms
570ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71b953e5d6ba60f57d49222bd948672c906abb25f695ea21d8477425c6bbbc10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45716
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
expires: Fri, 01 Dec 2023 22:43:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.google.de/pagead/1p-conversion/338904101/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&...
https://www.google.com/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=12...
https://www.google.de/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=120...

42 B
64 B

31ms
31ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0tXbXF3WVFnUDdtaTktQWk2WWxFaVVBNTRNVWNGS0FWaXhOTVdMblNEU01ZUVFSMkZKS0tFbnZDbkJZSlAzR013Q2ZaZDl0GlhDaEVJZ0tXbXF3WVE4dkxodmQzQXJlcjZBUkl0QU55dWtTX0ZEU2JrMUtaVjlSUmJLZWJiMkt2Wmc5aFhDZlJvMFJ5UUQ2QkcxOVpQcmZSbkl0OUxpWVAxIhMI8uPihajvggMVv_0RCB3Iagvx&is_vtc=1&ocp_id=qWFqZbLrLr_7x_APyNWtiA8&cid=CAQSKQDICaaNR7JXmQstMASmTJ0Ph7BlL6m-S5WW_-rhcbsXrEk4qRyvZwNX&random=1758401660&ipr=y

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/338904101/?random=2049846783&cv=11&fst=1701470633703&bg=ffffff&guid=ON&async=1&gtm=45be3bt0v885459833&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheho.com.tw%2F&label=pdjACIy7g7cDEKWIzaEB&hn=www.googleadservices.com&frm=0&tiba=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&did=dZTNiMT&gdid=dZTNiMT&auid=698998776.1701470634&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0tXbXF3WVFnUDdtaTktQWk2WWxFaVVBNTRNVWNGS0FWaXhOTVdMblNEU01ZUVFSMkZKS0tFbnZDbkJZSlAzR013Q2ZaZDl0GlhDaEVJZ0tXbXF3WVE4dkxodmQzQXJlcjZBUkl0QU55dWtTX0ZEU2JrMUtaVjlSUmJLZWJiMkt2Wmc5aFhDZlJvMFJ5UUQ2QkcxOVpQcmZSbkl0OUxpWVAxIhMI8uPihajvggMVv_0RCB3Iagvx&is_vtc=1&ocp_id=qWFqZbLrLr_7x_APyNWtiA8&cid=CAQSKQDICaaNR7JXmQstMASmTJ0Ph7BlL6m-S5WW_-rhcbsXrEk4qRyvZwNX&random=1758401660&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 536C 106 KB
45 KB 734ms
734ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7a44eaa1f6f197bcbf15d5aaec9e156216ac0bc6b9cd4d095839857a9142392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
expires: Fri, 01 Dec 2023 22:43:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 19ms
19ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-105027460-1&cid=592758939.1701470634&jid=896915932&gjid=55299666&_gid=1091219218.1701470634&_u=YCDACUAABAAAACAAI~&z=1601409490

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Dec 2023 22:43:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heho.com.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ 468 KB
188 KB 62ms
24ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Origin: https://heho.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 14:04:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31193
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192016
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 14:04:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 25ms
24ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-105027460-1&cid=592758939.1701470634&jid=896915932&_u=YCDACUAABAAAACAAI~&z=753204193

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 24ms
24ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-105027460-1&cid=592758939.1701470634&jid=896915932&_u=YCDACUAABAAAACAAI~&z=753204193

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 docs-tt
csp.withgoogle.com/csp/ Frame FD08 0
0 58ms
24ms Other
text/html 2a00:1450:4001:830::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/docs-tt
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://docs.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 icon
fonts.googleapis.com/ Frame FD08 616 B
799 B 58ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons+Extended

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c116c74efa19439bd2e6ad056ee930d82c0c8ac55330bbc5a9f63885601dec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 22:43:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 22:43:54 GMT

GET
H3 200 rs=AMjVe6jD5hGkCF0BphdUeomEF_I0J2GWlw
www.gstatic.com/_/freebird/_/ss/k=freebird.v.XMSFTLX2xDo.L.W.O/am=EAY/d=1/ Frame FD08 944 KB
944 KB 45ms
16ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/freebird/_/ss/k=freebird.v.XMSFTLX2xDo.L.W.O/am=EAY/d=1/rs=AMjVe6jD5hGkCF0BphdUeomEF_I0J2GWlw

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9996ece096f1a0a0a480e2a9ada6ad692c59b562370dd189bd75968dbd7a0f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:15:01 GMT
x-content-type-options: nosniff
age: 469733
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 966884
x-xss-protection: 0
last-modified: Wed, 22 Nov 2023 15:29:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-forms"
vary: Accept-Encoding, Origin
report-to: {"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 12:15:01 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FD08 24 KB
2 KB 60ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e98273998af7ba59db229a5997cd60b10fff987e60d89dc79654a50fa5daee02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 22:29:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 22:43:54 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FD08 1 KB
550 B 58ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Product+Sans&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c9837dd0a50218aac53dee373e4167e0a2edf128136d31ff2d89add6c5fed8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 21:18:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 22:43:54 GMT

GET
H3 200 googlelogo_dark_clr_74x24px.svg
www.gstatic.com/images/branding/googlelogo/svg/ Frame FD08 1 KB
714 B 14ms
13ms Image
image/svg+xml 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_dark_clr_74x24px.svg

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4af84efe90891185d9b29a841181ca9d26d7560864ea47b6cd709d3b964aee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 15:04:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545954
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 689
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 24 Nov 2024 15:04:40 GMT

GET
H3 200 m=viewer_base Show response
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/ Frame FD08 423 KB
136 KB 40ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2d715cfe84dc6dffc61288e0a1ac6901e9ce71b50e08a0b71c1d6c20c135940

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39325
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139125
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 17:28:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-forms"
vary: Accept-Encoding, Origin
report-to: {"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 11:48:29 GMT

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
291 B 474ms
322ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://heho.com.tw
Date: Fri, 01 Dec 2023 22:43:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 m=sy1h,vGOnYd,sy8,syh,IZT63,syu,vfuNJf,MpJwZc,n73qwf,sy13,ws9Tlc,syb,syj,syi,sy15,sy1c,sy1a,sy1b,siKnQd,T8YtQb,sym,syp,syq,syr,sy1k,syw,sy18,sy1r,sy1u,V3dDOb,sy2i,sy2j,sy4l,sy4h,sy4j,sy4g,sy4k,OShp... Show response
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=0/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/ Frame FD08 586 KB
587 KB 29ms
29ms XHR
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=0/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=sy1h,vGOnYd,sy8,syh,IZT63,syu,vfuNJf,MpJwZc,n73qwf,sy13,ws9Tlc,syb,syj,syi,sy15,sy1c,sy1a,sy1b,siKnQd,T8YtQb,sym,syp,syq,syr,sy1k,syw,sy18,sy1r,sy1u,V3dDOb,sy2i,sy2j,sy4l,sy4h,sy4j,sy4g,sy4k,OShpD,sy4i,sy4o,sy4p,sy4n,sy4m,sy4q,J8mJTc,gkf10d,j2YlP,syz,sy17,sy9,syc,syg,syo,sys,cEt90b,KUM7Z,yxTchf,sy14,sy16,xQtZb,qddgKe,wR5FRb,pXdRYb,iFQyKf,syk,sy7,syl,YNjGDd,syn,syt,PrPYRd,syv,syx,hc6Ubd,sy1e,SpsfSb,dIoSBb,sy1f,sy1g,zbML3c,zr1jrb,EmZ2Bf,sy19,Uas9Hd,sy69,WO9ee,sy1j,sy1n,sy1o,sy1d,sy1p,sy1s,sy1t,A4UTCb,sy6u,owcnme,UUJqVe,CP1oW,sy22,sy21,sy1w,sy20,sy1y,sy1z,sy23,pxq3x,sy1m,O6y8ed,sy4y,sy50,sy5o,Sk9apb,sy4u,sy7n,sy7p,sy5w,sy7o,sy7q,sy7r,sy7s,Xhpexc,Q91hve,sy4s,sy5t,sy5u,sy5v,sy5x,sy5s,mRfQQ,sy7u,sy7t,CFa0o,szrus,sy1l,sy1x,VXdfxd,syd,sy11,sy2m,sy5,sy12,sy2l,s39S4,sy25,ENNBBf,L1AAkb,QvB8bb,bCfhJc,sy4x,sy4v,u9ZRK,pItcJd,yZuGp,aW3pY,mvo1oc,sy4,sy3g,sy3h,sy1v,sy3i,sy4e,I6YDgd,sy29,sy28,sy2a,sy2b,sy2g,sy1i,sy24,sy26,sy2c,sy2d,sy2e,sy2f,fgj8Rb,sy27,N5Lqpc,IvDHfc,sy53,p2tbsc,sy54,sy68,LxALBf,sy2o,sy6v,sy2w,sy2y,sy6y,sy34,sy31,sy3o,sy6w,qNG0Fc,sy6z,sy71,sy2p,i5dxUd,sy39,sy3b,ywOR5c,sy73,sy77,sy3s,EcW08c,wg1P6b,sy70,sy72,sy74,sy75,sy76,t8tqF,SM1lmd,sy7b,sy6a,sy6d,sy79,sy7a,sy7c,vofJp,Vnjw0c,QwQO1b,sy52,sy67,sy66,sy4z,sy65,QMSdQb,X16vkb,WdhPgc,JCrucd,sy7l,sy7k,sy7m,Ibqgte,ok0nye,DhgO0d,oZECf,sy2k,akEJMc,zG2TEe,fvFQfe,CNqcN,sbHRWb,sy7v,TOfxwf,sy2n,sy3a,sy80,sy5z,sy62,sy7x,sy81,sy82,sy85,sy89,sy8f,sy8g,A2m8uc,jjSbr,sy7j,sy8b,sy8d,sy8a,sy5n,riEgMd,sy8e,lSvzH,sy7w,yUS4Lc,v4y9Mc,KOZzeb,sy5a,sy5c,sy5d,sy5b,xKXrob,sy57,sy5l,sy61,sy63,sy64,DPwS9e,lWjoT,sW52Ae,sy7y,sy84,sy86,sy83,RGrRJf,OkF2xb,syf,sy58,sy5y,xmYr4,ID6c7,sy8h,rmdjlf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23e4a995297af6d7e3abf5dc3212a2390efd61c55e15aced428ed4508654fe47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:42:12 GMT
x-content-type-options: nosniff
age: 126102
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600491
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 17:28:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-forms"
vary: Accept-Encoding, Origin
report-to: {"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://docs.google.com
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Nov 2024 11:42:12 GMT

GET
H3 200 m=sy7z,sWGJ4b,sy5f,sy5g,sy6f,sy6g,sy6h,EGNJFf,iSvg6e,sy6i,uY3Nvd Show response
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=0/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/ Frame FD08 22 KB
8 KB 14ms
13ms XHR
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=0/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=sy7z,sWGJ4b,sy5f,sy5g,sy6f,sy6g,sy6h,EGNJFf,iSvg6e,sy6i,uY3Nvd

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a535ba09ab809d987eb451502fe1d911ed8959328eaa381ee0bcbeaded320c78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 07:44:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7980
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 17:28:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-forms"
vary: Accept-Encoding, Origin
report-to: {"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://docs.google.com
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Nov 2024 07:44:33 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 80ms
46ms Preflight
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://docs.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://docs.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 01 Dec 2023 22:43:54 GMT
expires: Fri, 01 Dec 2023 22:43:54 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame FD08 131 B
155 B 117ms
66ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://docs.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 22:43:54 GMT

POST
H2 204 naLogImpressions Show response
docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/ Frame FD08 0
210 B 328ms
328ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/naLogImpressions

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt, base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-c6tfW_QlCSqx64N4YMKbtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'

Request headers

X-Same-Domain: 1
Referer: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt, base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-c6tfW_QlCSqx64N4YMKbtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5GxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FD08 2 KB
2 KB 79ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5GxK.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00994f426cdca41eb2fbd87b0f3610e37acb3d641b4297a5cfa3e969cd95ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 01:14:58 GMT
x-content-type-options: nosniff
age: 595736
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1756
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 01:14:58 GMT

POST
H2 200 getmetadata Show response
docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/font/ Frame FD08 514 KB
13 KB 423ms
423ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/font/getmetadata

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.4RUTbODMmqc.O/am=EAY/d=1/rs=AMjVe6hdid7l9_95D8TjNxNAFXgoMpgtAQ/m=viewer_base

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a4caf0e36dd19c395a07167bc67d8f38c73263c10ff786db363c5f0b5c8c7abe

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-Same-Domain: 1
Referer: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ox-ra.html Show response
ml.oxra.com.tw/ox/mkt/ Frame 9593 4 KB
1 KB 246ms
246ms Document
text/html 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/ox-ra.html
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8c089632f2472d720775d3f5d81306f073905aded8a9a2ce493a4c516984c5f5

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Fri, 01 Dec 2023 22:43:54 GMT
etag: W/"638da8a3-fe6"
last-modified: Mon, 05 Dec 2022 08:15:31 GMT
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 403 / Show response
json.geoiplookup.io/ 109 B
612 B 78ms
42ms Fetch
application/json 2606:4700:3037::ac43:8652
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://json.geoiplookup.io/

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:8652 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Octolus

Resource Hash

334e702012cf0d8dfdbcfe2a9ff9e70032ca59cad3573f01454a3e1706131f5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Octolus
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytz6N%2FEkQ78bmnL8H82V8E8zvLd8LTnGLOAHETyNFL%2FYk8b3hry6mEwUYgld7%2Fxgavw1XMfme9z5Po7H4JZN98gA7IygA6b3pCaXC%2F0LG5o8wD3%2BZlGmAdaJNrDJZt6YQunoYsaHvmznlIDdPZHEfZCp"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cf-ray: 82eeda0909b62bdd-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

POST
H2 200 do_add
oxra.com.tw/sys/pv/ 0
0 231ms
231ms Fetch 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sys/pv/do_add
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://heho.com.tw
date: Fri, 01 Dec 2023 22:43:55 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-headers: Content-Type, Authorization
vary: X-HTTP-Method-Override
access-control-allow-methods: GET, OPTIONS

OPTIONS
H2 200 do_add
oxra.com.tw/sys/pv/ Frame 0
0 725ms
230ms Preflight
text/html 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sys/pv/do_add
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heho.com.tw
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://heho.com.tw
allow: POST
content-length: 4
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:55 GMT
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server: nginx
vary: Accept-Encoding

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A327 624 B
242 B 31ms
30ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGMi2s_wBMAE&v=APEucNUDCD6Emfz_PlaIY_vCO_xRi8eCqQ9rl82z-2G0t7IMSfovZ7L5e2y2OgY36XihPaBPerPQFHLEGis970jb27C42xHhytOY9R6ul7mTh6S-FnvPNedoQtx5J2v7192BEwovihiePj32FRvpuT9NwJJ2B5NxvZZO4VG2wEP71OIT01OERFc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame BDF4 24 KB
9 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:40:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 22:40:56 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame BDF4 7 KB
3 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 09:45:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 09:45:30 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame BDF4 0
0 110ms
59ms Fetch
image/gif 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssOTdCRgIgt68L6HTiThKf2oP4loIFuYVtIt-2On6Dz3wa8w5ctEGBIRCwYRoyq7v5SJqPB7mLp5h3uJymFB1eNOgUKrNVcBfR3WQ-AcMqepLj1R-EktkTXXz7iaz5eNR-jkfe2B6gJfeQsxb13u5HvBEKL5iC-MrfUmK0O1aWgobPO6vn61RQHD45IMIPhkyrIZqv8tpTFXiNISpbTvbSVMW0xFiREaq6zFRErcW9om0ywFkBoHGTgfzQukZvteMSnO28VGJC7QUPXieudVj1Q5BdX3JHtZ9BPbFhbG1_UtZA6IhRSOiCYr9xDs9IEW9w3VPbkknPBufB9MH8Q5W2kIZiOlAZUuJH5DaU-_RZq2VIziblNK2TuFmYpbcamvK8gY_2QauFitSsawxlhfGRN25Fo_r4nTpENd_cFYTpy-QJLtJo6iWWwiDBVGJe6thwqC1hTiNGlj3hCx5piQXOWzEmeCJW6D9eaaXG4WoWvt2LXkQxUKNeXofWOXtimwXJpkfssQxWRmZife4701_gIiB2TchTJBB_YDlj6eRLzm4Tsfm_z8NebSXgATf2Ip_Y-A7Qs-nd9dEUr1Rz3ARRUj_miy6fh2iP4UkxbCZbIfMNK6pYhd_NIyaqjqpj1xv-a0zsgG_xNDwC2l8n9etZPrGvzoIjVyVYRtszFj-dzEkKGHEbM6sv4BHyodCOsRqUcvbvTw3LDW96mwag-radP4u0Pe9DiqvgU8OcNXwEG30hzvamXnhFw1ZhN_oLaJnlZ7SxFsoyTNpoIRr8MwW3HsZ26Gg68IwY0RQNUoRkMivC73Ab1QC-7lMEfI0CdS4bAz1q3cHusEjp5ro7r1eLHXz8R5hqH4frFhi3a2E5GW-HBz3xx5kfCZ94KbeIH5AxHlsAlhR_Pr06S8YrJw3UwP6kmqVH5fzFlqgSDhu_t7zJL6ryjafpztQ0dDvlmx0o5R_VEqRr8JaAkn1vhvyOFAdRDVYHdApk3vi3UBoFvUmgKb1jHMQQdtVMCoeoDwZdEWtjQ3P9Sm74KT-BqYpx3aET1_3gwwjPFmadABNJaiG34CQnrBx9hmKHaj6bdKUiFnRUbD0tkKs8CBgcgDmtEk9ZlI90rWmV779v2FnVHQ-CR6R2hApBqHV_T4dSqHvp9VZXwE8ES3cwFsn30gKHroLLnv91nvv4-rQbVjrVsLfi4vX1_no9OeuflkO6rt5bj4EWL2GDJOjmTf3YrGW9icc9oBDBZcPxfb39fDcXLAkLAJTPnEKOFYJra7UTVqKCtv8Vl1n51Fx75U2Gxn8Q9cupcViIu07JPhmMopZhOa_k5vcKlQFiAwhrRrB84UhU-yXAbGj3S3u3mZ_k0ZnkxSwoYwkCnU8F5Vp78yUbQ76fZDCBqqAge1Jeab_szEGkltts0YZ4wn0Eoga0ecPvqLqP_hn1GpuMyymJKN-cCL1oZlbHDoB8p4vQcosdhHpY&sai=AMfl-YQ4AZ14mfiNyZ2_0meRwifAnp9zSJv1hcBz3GN2HtMAtLB8s4m-kjTgFdHoyUnhn0z-PKfsI_ambtY8egUswvFuRXWqoGvNLk3tY9jVeiwzHUy0SO9rDN_U7AaerDOVJc3wXO6vjiVKxBD9tcWISrVv3IYOZpt-b7T9CH4ctUwNHNUd0NX238_iHygBcTH7UffUc6_DpeypSbIKJWg_1wKhmZR7-mrx9nB2GF06_GGwVwhhNZgW7bgH4aBu6bBJSiayXwPB8rGYz_4U7tPFMkJRvghh2iz57kdl1gbowxQoPNFwYDJxx4Gpyl8RjpGKE3blUhQa7ArrLJCFxxDek5XEoNQdngabwqau6YSdBdqnwbnQkk2H9rFL2k05Z81a1KVKMkhiY_sFZIyyLRoZ32Z3P82EBwnMZSK6TNOe&sig=Cg0ArKJSzJodoUWarpd7EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ib290LmRl&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231129.12396&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame BDF4 41 KB
14 KB 68ms
16ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541592
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame BDF4 3 KB
1 KB 66ms
15ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9876
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A5AC 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 16:18:10 GMT
etag: 48472445140208031
expires: Sat, 02 Dec 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame BDF4 20 KB
9 KB 64ms
13ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9876
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame BDF4 202 KB
64 KB 78ms
28ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BDF4 42 B
63 B 48ms
48ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C6UAb-5bDScRHrrfUd4mV-54KVUfAuvHccLbJOoJzLVI0We1AyKF6A6gWOZL4JpVAbrhUmQNG4_xg3iUbhW_0kp2MIDkaqV3j0RcBRvDxH2iotp8Q

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 15383902003269459159
s0.2mdn.net/simgad/ Frame BDF4 91 KB
91 KB 50ms
15ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15383902003269459159

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457500eab2b1d9efabc49ded3803a9d10abad6d5988455dec55fc55ae1385925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:17:37 GMT
x-content-type-options: nosniff
age: 12377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92712
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 14:12:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Nov 2024 19:17:37 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame A5AC
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1&google_push=AXcoOmQQbIlKQZdMgSIzFwY6dNCvD_nStVhk0fsu6VNtyWakmSV3e9ebzWebQEEiGutyP7l6x-zVq2_Xodpvr-W7xQvDMvyAfPDEJ...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwMDQ3ODQ1NzE0MTU0MzE4Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1

43 B
398 B

61ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESELUlnv6w1IPBEV6FY__x8Xc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame A5AC 0
104 B 181ms
73ms Image
text/plain 2a02:fa8:8806:21::1690
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGDqLTEToAw1vJcOZd1f25I&google_cver=1&google_push=AXcoOmSQA5Aj-nET9QzQW2d1HYdp5E3LGznxSyhNSnFinF7_uAAKKuXsOCHFSh-QcYE3MLFnqlzjM_R_a1CqM7CiCP1gh_5ib0h4c74A104Vw0wpbkXCsa0AuwYmxqvciiRENrgX703EBgvDyGh6OGGJkSSr_w0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:21::1690 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame A5AC
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTB...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkm...

43 B
423 B

196ms
178ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82eeda0b1dce18cd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 67
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGf01e9WESz6kW2GaKDVqC4&google_cver=1&google_push=AXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQPhnlVg7ebArU1id10Q3DAtlCp7L8zyuaEBW4qpoX9NMBIU8qgAnhuf2WaChrRAsqaSdiUk4sO1JWMskoxmTHTLojDIkmTBve2UhpZrk45_7fBywqRu2lb1Y4URsUePs72aNbvvfkTFRmcqwbvF3j3y8c%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82eeda09ccb118cd-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame A5AC 70 B
149 B 98ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGywYKUgRd2QDeMqLtH05lk&google_cver=1&google_push=AXcoOmQBWW_EZuWRBMwH9EfaMwUQVF_KhHRamsr0LH6VDAVyvYyQnAePh5_ZwbfWl_Zk-Ns4WQMEIKUG96bA7Yw2oozwjc2LmsNLMgaI89T00sXp5M3Sn9BTyPTDeeSRlbE6Rs0apYMw66v1rrFdOgpCgLYS-eQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6565022970&adk=859352106&adf=2333197819&pi=t.ma~as.6565022970&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633638&bpp=1&bdt=634&idt=216&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=2296&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5AC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDNB9YIfgYDXvN11hrGDip0&google_cver=1&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7-3JjVWF1mjSPlptbPQS53-cHzHWeZIEx0L6rcG...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7-3JjVWF1mjSPlptbPQS53-cHzHWeZIEx0L6rcGdlw7osGQw1mKpNbhK794e12xss&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Dec 2023 22:43:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ870eGBMjlARWWR-mFAY5nb42VOTP-oxjpar62kblV2OrRvCPBwch0I3_ZO2IzJCnWxPoGLRMzR565SMVXlSoJJi7-3JjVWF1mjSPlptbPQS53-cHzHWeZIEx0L6rcGdlw7osGQw1mKpNbhK794e12xss&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A5AC
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHJ_jOpXPu2hrPHuI7DnKbU&google_cver=1&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnDdRjzTSPBcTzD9uFCz7ES-VkJUMx2aFxcko4e...

170 B
232 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnDdRjzTSPBcTzD9uFCz7ES-VkJUMx2aFxcko4e-WNsycGtPYhg_8IOzDU2mTtMZa6tfDHV78AtC3M

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT5Q806ol6_8jwt-NOsbakSH8y3Iijl6UPp7PtFkTDXcK8ZXlZpwnx6RUuZ0HEE0AzEk9nIiX5ZxAnDdRjzTSPBcTzD9uFCz7ES-VkJUMx2aFxcko4e-WNsycGtPYhg_8IOzDU2mTtMZa6tfDHV78AtC3M
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A5AC
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESENHzR639UNXaWkegin2nPf0&google_cver=1&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxE...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxESMPI8Qrc7yXUJU9XQAFw-75r7Kl_BjntMwVio5LVujhoFXfX...

170 B
232 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxESMPI8Qrc7yXUJU9XQAFw-75r7Kl_BjntMwVio5LVujhoFXfXPD3IwMicmt6dpk17hqBktgdd1sncsnRoYoKcRqItK-Jg0s&google_hm=-QgfQGsyStWGav7rmvh_KY4

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:53 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTz2lykFyjuvOlP6RV7atwFSXiK9NF03zyrRIc_IPxzPa0KHg2jfj8YTvHuxESMPI8Qrc7yXUJU9XQAFw-75r7Kl_BjntMwVio5LVujhoFXfXPD3IwMicmt6dpk17hqBktgdd1sncsnRoYoKcRqItK-Jg0s&google_hm=-QgfQGsyStWGav7rmvh_KY4
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A5AC 0
59 B 76ms
26ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K-OBmdKRBjTuhLKkOuKARIa6eU87tH8HzJ60dy1DmeoU98pD81z8FydPHHUvtmbPLU3hmuEw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A327
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1

43 B
777 B

20ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGMi2s_wBMAE&v=APEucNUDCD6Emfz_PlaIY_vCO_xRi8eCqQ9rl82z-2G0t7IMSfovZ7L5e2y2OgY36XihPaBPerPQFHLEGis970jb27C42xHhytOY9R6ul7mTh6S-FnvPNedoQtx5J2v7192BEwovihiePj32FRvpuT9NwJJ2B5NxvZZO4VG2wEP71OIT01OERFc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpRbGBz01xy9cg%2BQw%2Fa1byZ5VU8l0z3%2FQqLlCJs%2B5YTwm9o%2BgcD6k%2B0jT6nppDgdSfoGU15Js7qMPVffBCrAonXiX%2BBKa8U5izSlQICp9QKZEIeT7ZDWlSyDxr2GRyNJeZHu%2FkZC%2BSzlig%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0a0e642c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A327
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1

43 B
735 B

32ms
32ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGMi2s_wBMAE&v=APEucNUDCD6Emfz_PlaIY_vCO_xRi8eCqQ9rl82z-2G0t7IMSfovZ7L5e2y2OgY36XihPaBPerPQFHLEGis970jb27C42xHhytOY9R6ul7mTh6S-FnvPNedoQtx5J2v7192BEwovihiePj32FRvpuT9NwJJ2B5NxvZZO4VG2wEP71OIT01OERFc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2j9kOG%2BMToWCALVJhBqKCKmW3VOiyTPogIlHxsID0nby5%2B8dv87AJbEgRi0BEjDHr%2BX96B7G7NjY8nZH1Of8cnkNa2acPtePqI%2FwtRZUSSSy%2Fy9LB7Ec0F8GpdbfF0CqQxK8hMtMme2Zjg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0a3e8f2c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEE4hTb4fBC8uF5NUg2231Cs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A327
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGrswNFr2yhaBVQwqy7iXu4&google_cver=1

43 B
849 B

7ms
7ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGrswNFr2yhaBVQwqy7iXu4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGMi2s_wBMAE&v=APEucNUDCD6Emfz_PlaIY_vCO_xRi8eCqQ9rl82z-2G0t7IMSfovZ7L5e2y2OgY36XihPaBPerPQFHLEGis970jb27C42xHhytOY9R6ul7mTh6S-FnvPNedoQtx5J2v7192BEwovihiePj32FRvpuT9NwJJ2B5NxvZZO4VG2wEP71OIT01OERFc

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
an-x-request-uuid: 39902914-4025-42e0-8236-1c60f9ce39f4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGrswNFr2yhaBVQwqy7iXu4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A327
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

170 B
409 B

23ms
22ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
an-x-request-uuid: 84428fa7-1ccb-4042-9b5d-5adcf5a02f8e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 35BE 38 KB
13 KB 13ms
12ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BDF4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eabb919d260173b3137cd2fe94a9e819d1522b3e9e2c3335a3de6d34de44ba16

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame BDF4 0
0 51ms
51ms Fetch
image/gif 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssOTdCRgIgt68L6HTiThKf2oP4loIFuYVtIt-2On6Dz3wa8w5ctEGBIRCwYRoyq7v5SJqPB7mLp5h3uJymFB1eNOgUKrNVcBfR3WQ-AcMqepLj1R-EktkTXXz7iaz5eNR-jkfe2B6gJfeQsxb13u5HvBEKL5iC-MrfUmK0O1aWgobPO6vn61RQHD45IMIPhkyrIZqv8tpTFXiNISpbTvbSVMW0xFiREaq6zFRErcW9om0ywFkBoHGTgfzQukZvteMSnO28VGJC7QUPXieudVj1Q5BdX3JHtZ9BPbFhbG1_UtZA6IhRSOiCYr9xDs9IEW9w3VPbkknPBufB9MH8Q5W2kIZiOlAZUuJH5DaU-_RZq2VIziblNK2TuFmYpbcamvK8gY_2QauFitSsawxlhfGRN25Fo_r4nTpENd_cFYTpy-QJLtJo6iWWwiDBVGJe6thwqC1hTiNGlj3hCx5piQXOWzEmeCJW6D9eaaXG4WoWvt2LXkQxUKNeXofWOXtimwXJpkfssQxWRmZife4701_gIiB2TchTJBB_YDlj6eRLzm4Tsfm_z8NebSXgATf2Ip_Y-A7Qs-nd9dEUr1Rz3ARRUj_miy6fh2iP4UkxbCZbIfMNK6pYhd_NIyaqjqpj1xv-a0zsgG_xNDwC2l8n9etZPrGvzoIjVyVYRtszFj-dzEkKGHEbM6sv4BHyodCOsRqUcvbvTw3LDW96mwag-radP4u0Pe9DiqvgU8OcNXwEG30hzvamXnhFw1ZhN_oLaJnlZ7SxFsoyTNpoIRr8MwW3HsZ26Gg68IwY0RQNUoRkMivC73Ab1QC-7lMEfI0CdS4bAz1q3cHusEjp5ro7r1eLHXz8R5hqH4frFhi3a2E5GW-HBz3xx5kfCZ94KbeIH5AxHlsAlhR_Pr06S8YrJw3UwP6kmqVH5fzFlqgSDhu_t7zJL6ryjafpztQ0dDvlmx0o5R_VEqRr8JaAkn1vhvyOFAdRDVYHdApk3vi3UBoFvUmgKb1jHMQQdtVMCoeoDwZdEWtjQ3P9Sm74KT-BqYpx3aET1_3gwwjPFmadABNJaiG34CQnrBx9hmKHaj6bdKUiFnRUbD0tkKs8CBgcgDmtEk9ZlI90rWmV779v2FnVHQ-CR6R2hApBqHV_T4dSqHvp9VZXwE8ES3cwFsn30gKHroLLnv91nvv4-rQbVjrVsLfi4vX1_no9OeuflkO6rt5bj4EWL2GDJOjmTf3YrGW9icc9oBDBZcPxfb39fDcXLAkLAJTPnEKOFYJra7UTVqKCtv8Vl1n51Fx75U2Gxn8Q9cupcViIu07JPhmMopZhOa_k5vcKlQFiAwhrRrB84UhU-yXAbGj3S3u3mZ_k0ZnkxSwoYwkCnU8F5Vp78yUbQ76fZDCBqqAge1Jeab_szEGkltts0YZ4wn0Eoga0ecPvqLqP_hn1GpuMyymJKN-cCL1oZlbHDoB8p4vQcosdhHpY&sai=AMfl-YQ4AZ14mfiNyZ2_0meRwifAnp9zSJv1hcBz3GN2HtMAtLB8s4m-kjTgFdHoyUnhn0z-PKfsI_ambtY8egUswvFuRXWqoGvNLk3tY9jVeiwzHUy0SO9rDN_U7AaerDOVJc3wXO6vjiVKxBD9tcWISrVv3IYOZpt-b7T9CH4ctUwNHNUd0NX238_iHygBcTH7UffUc6_DpeypSbIKJWg_1wKhmZR7-mrx9nB2GF06_GGwVwhhNZgW7bgH4aBu6bBJSiayXwPB8rGYz_4U7tPFMkJRvghh2iz57kdl1gbowxQoPNFwYDJxx4Gpyl8RjpGKE3blUhQa7ArrLJCFxxDek5XEoNQdngabwqau6YSdBdqnwbnQkk2H9rFL2k05Z81a1KVKMkhiY_sFZIyyLRoZ32Z3P82EBwnMZSK6TNOe&sig=Cg0ArKJSzJodoUWarpd7EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ib290LmRl&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=88&vt=11&dtpt=87&dett=2&cstd=0&cisv=r20231129.12396&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 35BE 39 KB
15 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:12:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 22:12:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9D40 624 B
242 B 29ms
27ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARj2rJL2ATAB&v=APEucNUp_N6zdPF3rSDMhim7VxXPf4zDnCAbN_fjP41SJ0J5or9pNB-FOahfK8VleHycVeIKGOQzHpijZBZbWszlXDRUtmmbHWqLtW41b1lJ3VZm9j3ZDTeHvVzJjGKOzrcF-D6HEnphnfKRqIZO6ynBme-QvgyAhjD1PjS6t9w5d4BnYhKJzwM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame E7D9 24 KB
9 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:40:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9305
x-xss-protection: 0
server: cafe
etag: 13635642240219548939
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 22:40:56 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame E7D9 7 KB
3 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 09:45:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 09:45:30 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame E7D9 0
0 60ms
57ms Fetch
image/gif 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsseyDjhTVkDSIKaPUR54_F1i_nUy2vuy-8TPDuq58rKsRAvrhtpN4272aFxIPL0hjeoaJplFQMcdWl0vRk3qNjAFvdOSS4NFQpwImAp9qqinxtOYW8HvKKL1MsMG2D1xBS5eOKez2HUvBpnNG6ZIN3KCb1zZXYRvEAcKx5Coi539fSDUWuKuuZv__dKT9y24xfqE52EDVdhcHZac2yZHByPvAxSYxEdZgI24WjD7kD-1RudT1yygkLlDsOOzKN0kZHqyQQGDaddZMNSd6426dsPBJ_RUC0hknhP_-kOvHVpPAWOleWvI_lstE6qvTanpm0OfuUrTzS331mdT4kkdo9ibwGKlJotxwfn1N37Vy5manQoS0IcaPGTln_92Ags7flVrctRwgaoK6_4QyMnzEdJ3nJffJCgpjgX5490xU5B7thjqENEdUE959mbFCywAoQWXMasMRaDUIs5XInxpQgwWcyhF2rm0GtuJofoS6I8Qq_bzJVs0Yg8mtCVDDJcB0JA-0AWW0HZfUI0jBDP7RFkOaeimo3bixVUDOPHrYaOYT8ot6aue6wEX7BHoOEZ0lg9UW0etk9CjuAFUNmE59eZbQwNXDyRcUfLUPCXerB2wQ94ED6V6wxKQmkaTsI1mJwCrTbGnNgIrEi2M_G19h68QuH4K3h89boJvX1rl_HotjpKHiLmhuTntemZq93hvMmPrAePUzOmrEZb_N155yI6WAwEuWDLhkWKtrInUZQGlHvJd9myjCi8SOCE08fKivvC5lI9TytOTc01RLojDRbnseAMv2HsTaQCgpl6OIBusSRzZ6Dtve0bNcBzBXV13qmPViOqIaOI4sY-x2MSUT0cATG6atZYZ9DlpCoXX9EArEBukvo8uZHggtGfwE02gdDcNtyljKppI74qdB6Z0v2d0xcfP3ox3lGXIBs84ZFir-2yxmrvu4kKLarvHkZVbE2aE1xreX61ZEVK_rmTaiLnSjkDbIIItjh02Adejjtb2_a4ECwqSLRuAxVPJ8PEWG8FKSKPryKGE3usHKnYtLPSomeiten7vamkf7MQB7FnmuvkRkRJ-sedTlLp2HnnW23gPi0CQwIEb-POHTCzbq7hm7U0KY7Jq3yhTfhF7Vxk2DYXpc6Br3s931OeTmQpsuYFpmNpmXIeMNsRjNaqJilZ45BA0Gvt6TNBrYYJYofnOCCNPQzaM6hwlE5ofBUQ7OT_Tn6o3FVkuzRVza5oeN5pkDign-uyjyu3gpsORvy5QbvJcjd2tVotkcalht60MJZIdJbdnDQnz3cuRLyHMZzPzOGJMq1ka5IkjTLvLsq69JJrW1B7uAAiE8ur7qszwOFvAu1KnJj2YP5Hdx58FYgptPpz4HPVpkIhwR_zTZ1PskMDheu6P7v4ZGKW89TSAlojjMF2EfwEzGDeWYjPiAblhvUW02k&sai=AMfl-YR4gF6Ah5RZZS6tnXifarDm5JS3nlfm0fBqIepP20WILmREyUy72zbamLimguaqsjJ_a_VPTTMSkW3ENhfBO_TMSNgqxf9YdEo8iKnMEaTqDljhXvAPuFbhoV9E0-PULHUURcmnq9dE6GvRIGGBYmL9j9vr0nxPpBRjms64lsK7lqZyCwMJY1YHvsVi2XKwX4izUKoqIeut1VoDt0N112ViR8oAS524--HDRamonca7BxJ-lendCUHCfjXSrU2ZWPF1b6Zd5HUORF_oMfhBzNT37C7dD6m4S9K10brnNI9HUJtAVW9aJ_TzbjYe5UeCn2Yq9wsooESpdcaD70TKWVwRUMs9aJRM3Py5_buKKZ1WEeiMT9aYE60_0bxIIlCuHd2uBh1BOVPXtRmPi_EwDLNlRNEwyWXB4Pq5wOiOGtyUp1zlxA&sig=Cg0ArKJSzAj_oG_TqjfIEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231129.96903&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E7D9 41 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541592
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame E7D9 3 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9876
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9846 1 KB
643 B 19ms
18ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 16:18:10 GMT
etag: 48472445140208031
expires: Sat, 02 Dec 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame E7D9 20 KB
8 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9876
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E7D9 0
0 25ms
24ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQhry7QusKcS-gHGQvOcnhKymlMdBhVkbaUycXLnK1Lhyeekm7NDVWRMSlbE6loOd87WzGyytr9YzT-bYYN33P4jhaE1A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E7D9 202 KB
64 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7D9 42 B
63 B 48ms
47ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B5qMFmu3-Od4ziDw84iH1F3DuvWpCOHjU10nAq3lxtoTLVhFIUU6np3Al9D8gUF8FjCcHKBEkoxH2cYwegxaobXu9-_Na9yNleuyaqZMnbBnr2i5c

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 11155436041699253153
s0.2mdn.net/simgad/ Frame E7D9 39 KB
40 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11155436041699253153

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83f8b09fdaf09e210625b93cb1d029ed30664675b3511fc2606ce170b24967fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 09:49:21 GMT
x-content-type-options: nosniff
age: 219273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40390
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 06:33:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Nov 2024 09:49:21 GMT

GET
H2 200 bootstrap.min.css
unpkg.com/bootstrap@4.5.3/dist/css/ Frame FFEC 157 KB
25 KB 49ms
18ms Stylesheet
text/css 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ml.oxra.com.tw/
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1629250
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HF3727X3NWAJR2VB3FZQW44S-fra
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 82eeda0a9e2e691f-FRA

GET
H3 200 slick-theme.min.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ Frame FFEC 2 KB
1 KB 41ms
23ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick-theme.min.css

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e21aa5b0d3fd28cebed9e03c5544f4924e11b0c453792ed018720cf8c679b0b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 147276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 657
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-956"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lN%2F7PkHZg7fyz8rLgZBpnKFFPvKrGLv7QzfTV2PyXhRKhc94TwNn6hMGHin56b5s0%2BiDsckI85uw5VrDdEZxBQM9LeKiHxlzNR24WUMSoCArDN4R8YCtDTov384DxuqyaWXriBZzBFr2WOzmZQvQaO8k"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0a8f2a1968-FRA
expires: Wed, 20 Nov 2024 22:43:54 GMT

GET
H3 200 slick.min.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ Frame FFEC 1 KB
1 KB 31ms
14ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.css

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50ad448a8a5720bf8a5617db15af31ae60163de06331576f60c6244c012ffc72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 326317
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 394
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-559"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ve6l93xWHyCpR7RsXoIyhVhMhqmPQqp803xdgBPR4%2BSFdtSZkkmNcD7ujuQThf9HcSZr2jHGifst2qEy3udb78ariJFTy3eEGBGeI9dZTfAaHMhcS0xF26yKO7kyzCazvBgEo7RCwneeovjdzPTFBx3E"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0a8f2b1968-FRA
expires: Wed, 20 Nov 2024 22:43:54 GMT

GET
H3

200

1669685415.0137.gif
img.heho.com.tw/wp-content/uploads/2022/11/ Frame FFEC
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif
https://img.heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif

30 KB
31 KB

24ms
23ms

Image
image/gif

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c784e0a746c79495f6389971b2f60ef425d4d98a1ab85b9945e31a41e2fe9ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 143896
alt-svc: h3=":443"; ma=86400
content-length: 30760
last-modified: Tue, 29 Nov 2022 01:30:15 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G3c1sXbZvUTXb76wCxl1y1p35sYxLPEVBS5WdMX%2FR5tnRG7iADFunPZl5GtwLyShXg9epTZJvBIdg9jP9Pugqy1JfOTEEAil9vgrVvVdrG%2BWMvfZIO1Pvf9iNumjXgFzOrpgFETvWPTfA4cvr8w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0c789166b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669685415.0137.gif
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/ Frame FFEC 88 KB
28 KB 33ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1611749
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27990
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63091225-6d56"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJIydtyX0fGVAZU1VwEnXpP7AWTPb3MgeMmQJVXz%2FJnWH4ljTjCKhWQr24AVo1d9LE9XpavrCML9A5wensd97diXaUKChVd6WnQyrjEbnQNzfMMpsBpM3L8dP6%2FpDETPuQGZiCmwjgrKD%2BSRKQKmxUiA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0a8f281968-FRA
expires: Wed, 20 Nov 2024 22:43:54 GMT

GET
H3 200 slick.min.js Show response
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ Frame FFEC 42 KB
10 KB 14ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 876305
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 9283
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-a76f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kld0lhBg%2Br%2B41nzpDtqfwv2c20TFCac%2F8PdPrsIc0d95VdmZm%2BUpygpMFm%2BrNEQWwtFF%2BD73vJbsXfp4xKqAt0zQj%2Biwg5v0v5ZMRBK%2B8NI75DcOGN%2BmVDIYhs7UwZYajl6sG7Ia7o6jFpRb5j9pzZY7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0aff851968-FRA
expires: Wed, 20 Nov 2024 22:43:54 GMT

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ Frame FFEC 71 KB
24 KB 41ms
8ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Referer: https://ml.oxra.com.tw/
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 3942223
x-cache: HIT, HIT
content-length: 24606
x-served-by: cache-lga21954-LGA, cache-fra-eddf8230133-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701470635.750831,VS0,VE0
etag: W/"28feccc0-11abc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 55, 173933

GET
H2 200 bootstrap.bundle.min.js Show response
unpkg.com/bootstrap@4.5.3/dist/js/ Frame FFEC 82 KB
22 KB 19ms
18ms Script
application/javascript 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ml.oxra.com.tw/
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 53691
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HGJ5MDDAKB7M6W0P4MXBZ8MF-fra
server: cloudflare
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 82eeda0afe6f691f-FRA

GET
H2 200 vue.global.prod.js Show response
unpkg.com/vue@3.2.26/dist/ Frame FFEC 124 KB
48 KB 39ms
23ms Script
application/javascript 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/vue@3.2.26/dist/vue.global.prod.js

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mkt/heho-post_marquee/0-heho.com.tw/ccde6a5c-eafd-43c1-bb79-4f04bd66acfe/heho.com.tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea457f0a12915cc9612ecc2a0c085b16c5cf8af109f1be1c7fcc358a9d52fbc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1799137
last-modified: Sun, 12 Dec 2021 07:02:30 GMT
fly-request-id: 01HEY51PDC0QHCYX9Z4NA3BN0G-fra
server: cloudflare
etag: W/"1f036-LNt2RAJtpQz3fWavx+ri3EDtwx0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 82eeda0b1ed65d4e-FRA

GET
H/1.1 200
OK heho_tw.js Show response
api.popin.cc/searchbox/ 296 KB
53 KB 1072ms
526ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/searchbox/heho_tw.js
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-infinite-sdk-heho.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 6ad6b8b2dd661ae7182bde4de0a90cdfb0d06d3451102d5d5137c340c2b70a3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 22:43:55 GMT
x-amz-version-id: 5Mh7ixb3Dd5l1mG.ChAdgvhTx58c73G3
Content-Encoding: gzip
x-amz-server-side-encryption: AES256
X-Cache-Status: HIT from 10.252.55.44
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Thu, 23 Nov 2023 06:41:17 GMT
Server: nginx
ETag: W/"ac4ecf4b2ad220e41579a6ee2a1ad580"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=3600
Timing-Allow-Origin: *
Expires: Fri, 01 Dec 2023 23:43:55 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 09C2 0
16 B 24ms
24ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&adk=1812271804&adf=3025194257&lmt=1701469803&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x810_l%7C236x810_r&format=0x0&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470634633&bpp=1&bdt=1629&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6863b3003f5c394f%3AT%3D1701470633%3ART%3D1701470633%3AS%3DALNI_Macqn5W7dKQM4-fAarYzzlrvfADeA&gpic=UID%3D00000d016883c875%3AT%3D1701470633%3ART%3D1701470633%3AS%3DALNI_MaVmLMVzGI2L2Dokc_Rh9CMb50s-g&prev_fmts=1050x120%2C1050x120%2C1050x120&nras=1&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=52

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame B528 60 KB
34 KB 37ms
37ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&co=aHR0cHM6Ly9oZWhvLmNvbS50dzo0NDM.&hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=nlc8aqw0rtiw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5e5fca474d253ddedb263ff35fa1433844854caf0f4fb827f7a7f47442ab7e09

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CWrEL1qthFl7L1MHLzLboQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-CWrEL1qthFl7L1MHLzLboQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:54 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 heho-ml-recommend-mkt-api-10 Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 430 B
715 B 766ms
262ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-recommend-mkt-api-10
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a746b8c06890f7106828eeef3d31d879a189cf98e392f5d3023a0c9dcd97d6b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"1ae-SpwG5AYLODeBsBHjkFMFClAiA64"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
content-length: 430

GET
H2 200 heho-ml-recommend-mkt-api-11 Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 430 B
715 B 767ms
264ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-recommend-mkt-api-11
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3638ac3470e716b3413efda5533007fbf15bec949ff22205e09bf6fe9f098584

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"1ae-Co6vrI466ap8p0Xr9nIMcq+9iZ0"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
content-length: 430

GET
H2 200 heho-ml-recommend-mkt-api-10 Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 430 B
715 B 766ms
263ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-recommend-mkt-api-10
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a746b8c06890f7106828eeef3d31d879a189cf98e392f5d3023a0c9dcd97d6b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"1ae-SpwG5AYLODeBsBHjkFMFClAiA64"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
content-length: 430

GET
H2 200 heho-ml-recommend-mkt-api-11 Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 430 B
716 B 760ms
257ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-recommend-mkt-api-11
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3638ac3470e716b3413efda5533007fbf15bec949ff22205e09bf6fe9f098584

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"1ae-Co6vrI466ap8p0Xr9nIMcq+9iZ0"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
content-length: 430

GET
H2 200 heho-ml-popup Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-43/page-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 3 KB
1 KB 753ms
267ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-43/page-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-popup
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 22bd7cf3246f1ba3c6875d4099495f7915382811d89d27f1925a9fba8078b730

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
etag: W/"b19-+muyr6afGDU6FZsD8sRd8NRQW2s"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization

GET
H2 200 heho-ml-floating Show response
ml.oxra.com.tw/ra/mktadv2/mkt-api-37/page-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/ 2 KB
1 KB 751ms
265ms Fetch
application/json 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktadv2/mkt-api-37/page-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw/heho-ml-floating
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b91a5d0c93ab9e0c055f1e0d6ff22688984670591f4853b000454b703fb2fcb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
etag: W/"702-Gr6mXTh/fPlvyRdLGdfipEDo0rA"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heho.com.tw
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9D40
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1

43 B
735 B

27ms
26ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARj2rJL2ATAB&v=APEucNUp_N6zdPF3rSDMhim7VxXPf4zDnCAbN_fjP41SJ0J5or9pNB-FOahfK8VleHycVeIKGOQzHpijZBZbWszlXDRUtmmbHWqLtW41b1lJ3VZm9j3ZDTeHvVzJjGKOzrcF-D6HEnphnfKRqIZO6ynBme-QvgyAhjD1PjS6t9w5d4BnYhKJzwM
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzqu1yQ1WjYvLxTjeyqHGhPR9NFROHvugZve9KfL9qjOg4y8e7ooGYw224CiREbp0rKcUqGS12E%2Fpyl94J36JSiEJkl9%2F8sQ0oTCGW%2FpJy7s0IegwpI9ZU4DHU%2BlfFABDOCBSahBpAwIHw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0b6f722c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9D40
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1

43 B
735 B

24ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARj2rJL2ATAB&v=APEucNUp_N6zdPF3rSDMhim7VxXPf4zDnCAbN_fjP41SJ0J5or9pNB-FOahfK8VleHycVeIKGOQzHpijZBZbWszlXDRUtmmbHWqLtW41b1lJ3VZm9j3ZDTeHvVzJjGKOzrcF-D6HEnphnfKRqIZO6ynBme-QvgyAhjD1PjS6t9w5d4BnYhKJzwM
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhU66uqKO2U%2BEbKsZBd4UAZfx82vQS%2Fnycw66Jnkqrl892OicPwqtIW7p5dNI%2FviaiE4Zk9iJbi3C9qRtN1cOD3O7E7nUtqPw41MpbPFIytsDT%2BztdeBvAvn8vYsMqT51h4jS%2BnWZw78yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0b9f9e2c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIZdfsJ4f0W1u9HR3X2zx54&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 9D40
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE5ObOqmkFKLYk09JTh1B-Y&google_cver=1

43 B
844 B

7ms
7ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE5ObOqmkFKLYk09JTh1B-Y&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARj2rJL2ATAB&v=APEucNUp_N6zdPF3rSDMhim7VxXPf4zDnCAbN_fjP41SJ0J5or9pNB-FOahfK8VleHycVeIKGOQzHpijZBZbWszlXDRUtmmbHWqLtW41b1lJ3VZm9j3ZDTeHvVzJjGKOzrcF-D6HEnphnfKRqIZO6ynBme-QvgyAhjD1PjS6t9w5d4BnYhKJzwM

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
an-x-request-uuid: 66f9a6d5-a49f-452a-8b62-5388700cfb84
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE5ObOqmkFKLYk09JTh1B-Y&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9D40
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
an-x-request-uuid: 7602c9de-85ac-4ebb-8622-d092580b595f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame E7D9 0
0 62ms
62ms Fetch
image/gif 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsseyDjhTVkDSIKaPUR54_F1i_nUy2vuy-8TPDuq58rKsRAvrhtpN4272aFxIPL0hjeoaJplFQMcdWl0vRk3qNjAFvdOSS4NFQpwImAp9qqinxtOYW8HvKKL1MsMG2D1xBS5eOKez2HUvBpnNG6ZIN3KCb1zZXYRvEAcKx5Coi539fSDUWuKuuZv__dKT9y24xfqE52EDVdhcHZac2yZHByPvAxSYxEdZgI24WjD7kD-1RudT1yygkLlDsOOzKN0kZHqyQQGDaddZMNSd6426dsPBJ_RUC0hknhP_-kOvHVpPAWOleWvI_lstE6qvTanpm0OfuUrTzS331mdT4kkdo9ibwGKlJotxwfn1N37Vy5manQoS0IcaPGTln_92Ags7flVrctRwgaoK6_4QyMnzEdJ3nJffJCgpjgX5490xU5B7thjqENEdUE959mbFCywAoQWXMasMRaDUIs5XInxpQgwWcyhF2rm0GtuJofoS6I8Qq_bzJVs0Yg8mtCVDDJcB0JA-0AWW0HZfUI0jBDP7RFkOaeimo3bixVUDOPHrYaOYT8ot6aue6wEX7BHoOEZ0lg9UW0etk9CjuAFUNmE59eZbQwNXDyRcUfLUPCXerB2wQ94ED6V6wxKQmkaTsI1mJwCrTbGnNgIrEi2M_G19h68QuH4K3h89boJvX1rl_HotjpKHiLmhuTntemZq93hvMmPrAePUzOmrEZb_N155yI6WAwEuWDLhkWKtrInUZQGlHvJd9myjCi8SOCE08fKivvC5lI9TytOTc01RLojDRbnseAMv2HsTaQCgpl6OIBusSRzZ6Dtve0bNcBzBXV13qmPViOqIaOI4sY-x2MSUT0cATG6atZYZ9DlpCoXX9EArEBukvo8uZHggtGfwE02gdDcNtyljKppI74qdB6Z0v2d0xcfP3ox3lGXIBs84ZFir-2yxmrvu4kKLarvHkZVbE2aE1xreX61ZEVK_rmTaiLnSjkDbIIItjh02Adejjtb2_a4ECwqSLRuAxVPJ8PEWG8FKSKPryKGE3usHKnYtLPSomeiten7vamkf7MQB7FnmuvkRkRJ-sedTlLp2HnnW23gPi0CQwIEb-POHTCzbq7hm7U0KY7Jq3yhTfhF7Vxk2DYXpc6Br3s931OeTmQpsuYFpmNpmXIeMNsRjNaqJilZ45BA0Gvt6TNBrYYJYofnOCCNPQzaM6hwlE5ofBUQ7OT_Tn6o3FVkuzRVza5oeN5pkDign-uyjyu3gpsORvy5QbvJcjd2tVotkcalht60MJZIdJbdnDQnz3cuRLyHMZzPzOGJMq1ka5IkjTLvLsq69JJrW1B7uAAiE8ur7qszwOFvAu1KnJj2YP5Hdx58FYgptPpz4HPVpkIhwR_zTZ1PskMDheu6P7v4ZGKW89TSAlojjMF2EfwEzGDeWYjPiAblhvUW02k&sai=AMfl-YR4gF6Ah5RZZS6tnXifarDm5JS3nlfm0fBqIepP20WILmREyUy72zbamLimguaqsjJ_a_VPTTMSkW3ENhfBO_TMSNgqxf9YdEo8iKnMEaTqDljhXvAPuFbhoV9E0-PULHUURcmnq9dE6GvRIGGBYmL9j9vr0nxPpBRjms64lsK7lqZyCwMJY1YHvsVi2XKwX4izUKoqIeut1VoDt0N112ViR8oAS524--HDRamonca7BxJ-lendCUHCfjXSrU2ZWPF1b6Zd5HUORF_oMfhBzNT37C7dD6m4S9K10brnNI9HUJtAVW9aJ_TzbjYe5UeCn2Yq9wsooESpdcaD70TKWVwRUMs9aJRM3Py5_buKKZ1WEeiMT9aYE60_0bxIIlCuHd2uBh1BOVPXtRmPi_EwDLNlRNEwyWXB4Pq5wOiOGtyUp1zlxA&sig=Cg0ArKJSzAj_oG_TqjfIEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=125&vt=11&dtpt=124&dett=2&cstd=0&cisv=r20231129.96903&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 TUZyzwprpvBS1izr_vOEDOSf.woff2
fonts.gstatic.com/s/amaticsc/v26/ Frame FD08 4 KB
4 KB 23ms
11ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/amaticsc/v26/TUZyzwprpvBS1izr_vOEDOSf.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afd7b4ce1230fc5d6cb58daebeed6bcd09ebee1e4414367596bc3bb33f62444c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:11:28 GMT
x-content-type-options: nosniff
age: 192746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 17:53:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:11:28 GMT

GET
H2 200 WnznHAc5bAfYB2QRah7pcpNvOx-pjfJ9eIOpYQ.woff2
fonts.gstatic.com/s/caveat/v18/ Frame FD08 4 KB
4 KB 25ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/caveat/v18/WnznHAc5bAfYB2QRah7pcpNvOx-pjfJ9eIOpYQ.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c1d1b09af9ea0e4a497cf8f1baaf915bb032eca2ae369869566282d156cb25d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:16:58 GMT
x-content-type-options: nosniff
age: 84416
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4280
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:31:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:16:58 GMT

GET
H2 200 1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrUfIA.woff2
fonts.gstatic.com/s/comfortaa/v45/ Frame FD08 2 KB
2 KB 30ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrUfIA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a631f36b97689ffb94afdaef8032e78479d469894a2b18f007dea806dc1172b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:27:01 GMT
x-content-type-options: nosniff
age: 83813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1664
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 21:23:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:27:01 GMT

GET
H2 200 SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkAo9_.woff2
fonts.gstatic.com/s/ebgaramond/v27/ Frame FD08 3 KB
3 KB 28ms
17ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v27/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkAo9_.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a817a663ee912ccf67f30d9cddfb563e15efdabb3de65fe491abdfbea5c6578f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 17:25:40 GMT
x-content-type-options: nosniff
age: 19094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2568
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:34:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 17:25:40 GMT

GET
H2 200 wlptgwvFAVdoq2_F94zlCfv0bz1WCzsWzLFneg.woff2
fonts.gstatic.com/s/lexend/v19/ Frame FD08 1 KB
1 KB 27ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lexend/v19/wlptgwvFAVdoq2_F94zlCfv0bz1WCzsWzLFneg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80083bb74056d4ea185160dd596de5a63d5ed834778a5d7f7e4e843ba4421345

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 07:29:12 GMT
x-content-type-options: nosniff
age: 573282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1260
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:22:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 07:29:12 GMT

GET
H2 200 neILzCirqoswsqX9zoSmMw.woff2
fonts.gstatic.com/s/lobster/v30/ Frame FD08 4 KB
4 KB 35ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lobster/v30/neILzCirqoswsqX9zoSmMw.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5acbe17fd4e63cca2ce1b72e482fc2411d27d9d534476ad7f0108b9df087fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 14:24:12 GMT
x-content-type-options: nosniff
age: 116382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4344
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:01:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 14:24:12 GMT

GET
H2 200 0QI6MX1D_JOuGQbT0gvTJPa787weuxJHkq0.woff2
fonts.gstatic.com/s/lora/v32/ Frame FD08 1 KB
1 KB 30ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJHkq0.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bba06493e9d01e72d0c0acfbf64abbf9f9198dbb7788285bf8d7b9005d0588f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:32:59 GMT
x-content-type-options: nosniff
age: 292255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1396
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:45:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Nov 2024 13:32:59 GMT

GET
H2 200 u-440qyriQwlOrhSvowK_l5-eiZM.woff2
fonts.gstatic.com/s/merriweather/v30/ Frame FD08 4 KB
4 KB 32ms
22ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-eiZM.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5dcebb5ec80a2ddab469a77f1a37412c34205ef76d054131083b0bf663b786fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:32 GMT
x-content-type-options: nosniff
age: 125302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3640
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:41:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:32 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw_aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FD08 1 KB
2 KB 33ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw_aXo.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdaae795074ced24ad382f9f21c4f2e3443d3dc27bf6f75ab5cb43d54f23f009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:32 GMT
x-content-type-options: nosniff
age: 125302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1516
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:58:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:32 GMT

GET
H2 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTI3jw.woff2
fonts.gstatic.com/s/nunito/v26/ Frame FD08 1 KB
2 KB 31ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTI3jw.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10505df86b3638be7b5707a542c0c7c80ed856f14e037bb1c64bfaf712b0ab75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 18:17:47 GMT
x-content-type-options: nosniff
age: 102367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1528
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 18:17:47 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUBiZQ.woff2
fonts.gstatic.com/s/oswald/v53/ Frame FD08 1 KB
1 KB 106ms
95ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUBiZQ.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4524691b7547d0d9f1a34ff172d940bedafd7725a14a5bd1121807b7d993bffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 17:40:41 GMT
x-content-type-options: nosniff
age: 18193
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1360
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:44:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 17:40:41 GMT

GET
H2 200 FwZY7-Qmy14u9lezJ-6B6Mk.woff2
fonts.gstatic.com/s/pacifico/v22/ Frame FD08 5 KB
5 KB 96ms
86ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/pacifico/v22/FwZY7-Qmy14u9lezJ-6B6Mk.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

867352b1c82c47d71a11744e3886441a848780dca87928bac596e5f3473bfaa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 03:12:07 GMT
x-content-type-options: nosniff
age: 588707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5044
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:30:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 03:12:07 GMT

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDRbtM.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ Frame FD08 3 KB
3 KB 104ms
94ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDRbtM.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee21fa3a8dd34931830b255fb301dec184add039958f2378ec534733b4002011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:19:41 GMT
x-content-type-options: nosniff
age: 570253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2688
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:29:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:19:41 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_QuW4.woff2
fonts.gstatic.com/s/robotomono/v23/ Frame FD08 1 KB
2 KB 102ms
92ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_QuW4.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc93b0c6ccf01063b9788530ca2389636059624b18599de8edef8d4054255474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 02:19:29 GMT
x-content-type-options: nosniff
age: 246265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1416
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:07:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 02:19:29 GMT

GET
H2 200 R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEliotl6Z8AA.woff2
fonts.gstatic.com/s/robotoserif/v13/ Frame FD08 2 KB
3 KB 103ms
94ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoserif/v13/R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEliotl6Z8AA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

171d4c2505ae91856b2fe01ef5154d89feec1591421b5ee67f6ef8c0f50649c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:32:59 GMT
x-content-type-options: nosniff
age: 292255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2484
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 17:06:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Nov 2024 13:32:59 GMT

GET
H2 200 rnCr-xNNww_2s0amA9M_kng.woff2
fonts.gstatic.com/s/spectral/v13/ Frame FD08 3 KB
4 KB 102ms
93ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spectral/v13/rnCr-xNNww_2s0amA9M_kng.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ba92453033372b440e5e762eedec60dec8b3c32008f599b1c7f46376d64216

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 09:35:12 GMT
x-content-type-options: nosniff
age: 565722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3576
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 23:15:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 09:35:12 GMT

GET
H2 200 TUZyzwprpvBS1izr_vO0CA.woff2
fonts.gstatic.com/s/amaticsc/v26/ Frame FD08 63 KB
63 KB 101ms
91ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/amaticsc/v26/TUZyzwprpvBS1izr_vO0CA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a6c1001c36d7f2f8ad4df369baf38217af3adaae94a5625651c05f4c3a38bd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:50 GMT
x-content-type-options: nosniff
age: 125284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64068
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 17:47:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:50 GMT

GET
H2 200 TUZ3zwprpvBS1izr_vOMscG6fA.woff2
fonts.gstatic.com/s/amaticsc/v26/ Frame FD08 63 KB
63 KB 97ms
87ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/amaticsc/v26/TUZ3zwprpvBS1izr_vOMscG6fA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1de6eac3059ca778e6d2367182c7f11edc81e09971e56f788db308a674ea7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 04:37:46 GMT
x-content-type-options: nosniff
age: 583568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64656
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 17:42:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 04:37:46 GMT

GET
H2 200 WnznHAc5bAfYB2QRah7pcpNvOx-pjfJ9SIc.woff2
fonts.gstatic.com/s/caveat/v18/ Frame FD08 98 KB
99 KB 95ms
86ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/caveat/v18/WnznHAc5bAfYB2QRah7pcpNvOx-pjfJ9SIc.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54efcb5570863b2329c2c677749c85c7ed337f5c16bf38caea17807196150293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:24:02 GMT
x-content-type-options: nosniff
age: 191992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100756
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:32:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:24:02 GMT

GET
H2 200 WnznHAc5bAfYB2QRah7pcpNvOx-pjRV6SIc.woff2
fonts.gstatic.com/s/caveat/v18/ Frame FD08 103 KB
103 KB 96ms
87ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/caveat/v18/WnznHAc5bAfYB2QRah7pcpNvOx-pjRV6SIc.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7b73dc2a43d6620b4ae7b1e05eea2342cf309352b4dcaadeb4491c5b72468e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 17:54:08 GMT
x-content-type-options: nosniff
age: 535786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 105776
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:42:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 17:54:08 GMT

GET
H2 200 1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMPrE.woff2
fonts.gstatic.com/s/comfortaa/v45/ Frame FD08 37 KB
37 KB 99ms
90ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMPrE.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3525fca875bf7203e92f116e0c5532dd5b5fe0f0ca5e12c6c4c8b9bd77566e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:42:01 GMT
x-content-type-options: nosniff
age: 126113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37488
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:50:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:42:01 GMT

GET
H2 200 1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4Y_LPrE.woff2
fonts.gstatic.com/s/comfortaa/v45/ Frame FD08 36 KB
36 KB 75ms
66ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4Y_LPrE.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcbaf64460b4db78ba16ee6230d2c90215dda58ce8c285348d624fe32dbc470e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 07:24:04 GMT
x-content-type-options: nosniff
age: 573590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36840
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:50:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 07:24:04 GMT

GET
H2 200 SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RUBg.woff2
fonts.gstatic.com/s/ebgaramond/v27/ Frame FD08 124 KB
124 KB 91ms
82ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v27/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RUBg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ca1eee7725d016477dddd403b78c514438b1d2cd58545b4bc9fd6db9647d83d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:10:38 GMT
x-content-type-options: nosniff
age: 192796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126552
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:23:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:10:38 GMT

GET
H2 200 SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-DPNUBg.woff2
fonts.gstatic.com/s/ebgaramond/v27/ Frame FD08 140 KB
140 KB 90ms
81ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v27/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-DPNUBg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e92624ff29d44c47f313d24e815f4f9b1ee01ceb5700f6fc9eb3baa215159f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:09:14 GMT
x-content-type-options: nosniff
age: 297280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 143084
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:34:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Nov 2024 12:09:14 GMT

GET
H2 200 SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7e8QI9_.woff2
fonts.gstatic.com/s/ebgaramond/v27/ Frame FD08 114 KB
114 KB 85ms
76ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v27/SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7e8QI9_.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8bed74936b7b0f1745b3b117cab8be5ec9405fb4771226270462e670b8d9fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 18:17:46 GMT
x-content-type-options: nosniff
age: 102368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116720
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:27:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 18:17:46 GMT

GET
H2 200 SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7dbR49_.woff2
fonts.gstatic.com/s/ebgaramond/v27/ Frame FD08 127 KB
127 KB 87ms
79ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v27/SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7dbR49_.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10b6fc407ad68085b7ea80a7f03939ed11b4ad702c3067ff89bcd8ee26320ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 21:02:01 GMT
x-content-type-options: nosniff
age: 178913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129672
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 21:02:01 GMT

GET
H2 200 wlptgwvFAVdoq2_F94zlCfv0bz1WCzsW_LU.woff2
fonts.gstatic.com/s/lexend/v19/ Frame FD08 25 KB
25 KB 92ms
84ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lexend/v19/wlptgwvFAVdoq2_F94zlCfv0bz1WCzsW_LU.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

081a9357e5da041fc09dbef6c0abaa986251670aacbc6029228d37f34fd1fe25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:42:01 GMT
x-content-type-options: nosniff
age: 126113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25980
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:10:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:42:01 GMT

GET
H2 200 wlptgwvFAVdoq2_F94zlCfv0bz1WC9wR_LU.woff2
fonts.gstatic.com/s/lexend/v19/ Frame FD08 26 KB
26 KB 82ms
74ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lexend/v19/wlptgwvFAVdoq2_F94zlCfv0bz1WC9wR_LU.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee1925de22baa2ef5bcb426a76da601c7a094d4d87cc8703b80db62ac2452c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:42:01 GMT
x-content-type-options: nosniff
age: 126113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26936
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:48:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:42:01 GMT

GET
H2 200 neILzCirqoswsqX9_oA.woff2
fonts.gstatic.com/s/lobster/v30/ Frame FD08 98 KB
98 KB 76ms
68ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lobster/v30/neILzCirqoswsqX9_oA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93f4669cc09016e4d1ad1836a4cd1ebcf832c22979e5fa11db4f7c3620223ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:41 GMT
x-content-type-options: nosniff
age: 125293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99952
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 19:54:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:41 GMT

GET
H2 200 0QI6MX1D_JOuGQbT0gvTJPa787weuyJD.woff2
fonts.gstatic.com/s/lora/v32/ Frame FD08 46 KB
46 KB 85ms
77ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuyJD.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae4ca9b9303fc55a1053c3a796249078fc00d2389cf2f4b1f006bb19917e3bef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 15:43:59 GMT
x-content-type-options: nosniff
age: 111595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46996
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:46:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 15:43:59 GMT

GET
H2 200 0QI6MX1D_JOuGQbT0gvTJPa787z5vCJD.woff2
fonts.gstatic.com/s/lora/v32/ Frame FD08 46 KB
47 KB 122ms
114ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787z5vCJD.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbd98aaaf11a21804cbf7f5b10e7ef9a80c30a47840b7b1dfa51a84fb298ffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:42:01 GMT
x-content-type-options: nosniff
age: 126113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47568
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:46:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:42:01 GMT

GET
H2 200 0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFkq0.woff2
fonts.gstatic.com/s/lora/v32/ Frame FD08 49 KB
50 KB 67ms
60ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFkq0.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07598e9c2aae44f349f488e73a31691f1f0f8c5eaedeaa69f2bcb56efa59a934

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 16:55:08 GMT
x-content-type-options: nosniff
age: 107326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50560
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:46:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 16:55:08 GMT

GET
H2 200 0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Ckq0.woff2
fonts.gstatic.com/s/lora/v32/ Frame FD08 49 KB
49 KB 78ms
71ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Ckq0.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf721c6995366adb25d098fe2b901999ed3a750a2cd7d0f57f0e9d85af2aee29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:34 GMT
x-content-type-options: nosniff
age: 125300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50448
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:46:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:34 GMT

GET
H2 200 u-440qyriQwlOrhSvowK_l5Ofg.woff2
fonts.gstatic.com/s/merriweather/v30/ Frame FD08 58 KB
58 KB 79ms
72ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5Ofg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66a070c331573aa324fa2deac1a1b42b2d58e9660268555ee382d857e651e33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 21:11:15 GMT
x-content-type-options: nosniff
age: 91959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58892
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:46:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 21:11:15 GMT

GET
H2 200 u-4m0qyriQwlOrhSvowK_l5-eSZM.woff2
fonts.gstatic.com/s/merriweather/v30/ Frame FD08 56 KB
56 KB 72ms
64ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eSZM.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8977152b314fcd5d04bec050367c0aafa91899501593e9ecb0d6090cdac29a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:24:01 GMT
x-content-type-options: nosniff
age: 191993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57612
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:49:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:24:01 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52xwNpWg.woff2
fonts.gstatic.com/s/merriweather/v30/ Frame FD08 56 KB
56 KB 121ms
114ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNpWg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b183e10d8c5db234637e82bef4014117bd41c956c69af55fa0165a7be31666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:09:16 GMT
x-content-type-options: nosniff
age: 297278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57236
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:46:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Nov 2024 12:09:16 GMT

GET
H2 200 u-4l0qyriQwlOrhSvowK_l5-eR71Wsf6.woff2
fonts.gstatic.com/s/merriweather/v30/ Frame FD08 57 KB
57 KB 62ms
55ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v30/u-4l0qyriQwlOrhSvowK_l5-eR71Wsf6.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

133bb5c5af6b43d96660ff65f46464f2a03f7d0deeb8e2a1f8e0aa7ce6770120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:24:36 GMT
x-content-type-options: nosniff
age: 191958
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58012
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:59:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:24:36 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Ew7.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FD08 39 KB
39 KB 49ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Ew7.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff8c9a38c906236a4025b752da6a83403df53f22f0fb8b88155b7b04a5229904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:26:58 GMT
x-content-type-options: nosniff
age: 83816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39708
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:53:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:26:58 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM70w7.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FD08 39 KB
39 KB 56ms
50ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM70w7.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184819cfd66eee3bbf756a609a0ea8034f09dcf8c68cd817b08358d8e5579ca3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 18:17:48 GMT
x-content-type-options: nosniff
age: 102366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40184
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:40:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 18:17:48 GMT

GET
H2 200 JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq6R9aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FD08 39 KB
40 KB 127ms
120ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq6R9aXo.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17406c4e4926c81dcd8f3832b79428ccf82f5a3af17c03afd0e37f13413851b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:27:30 GMT
x-content-type-options: nosniff
age: 83784
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40412
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:58:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:27:30 GMT

GET
H2 200 JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq0N6aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame FD08 40 KB
40 KB 127ms
121ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq0N6aXo.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

347b8e3e68694a70f4b024cdbee7fb7ed5f98c19d0dafef6b8f237191c796f03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 07:18:55 GMT
x-content-type-options: nosniff
age: 573899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41288
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:53:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 07:18:55 GMT

GET
H2 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTY.woff2
fonts.gstatic.com/s/nunito/v26/ Frame FD08 41 KB
41 KB 43ms
37ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTY.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

add6ddd7fee32d58eba385983ab7dcc9657ad97cdbd4bf4594db38675847edb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 18:17:46 GMT
x-content-type-options: nosniff
age: 102368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42132
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:10:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 18:17:46 GMT

GET
H2 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDFwmRTY.woff2
fonts.gstatic.com/s/nunito/v26/ Frame FD08 41 KB
41 KB 123ms
117ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDFwmRTY.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c129c2c42b2f1d5af9bd5b9858f0eba8215ee3ebf61fbc99866e107b2c0af4b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:24:05 GMT
x-content-type-options: nosniff
age: 191989
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41676
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:10:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:24:05 GMT

GET
H2 200 XRXK3I6Li01BKofIMPyPbj8d7IEAGXNirXA3jw.woff2
fonts.gstatic.com/s/nunito/v26/ Frame FD08 44 KB
44 KB 122ms
116ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXK3I6Li01BKofIMPyPbj8d7IEAGXNirXA3jw.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33ea7445e374a6aab69f4e13ddbc9fc0e356c731e2d1f093619b93d4281bbe2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 03:15:48 GMT
x-content-type-options: nosniff
age: 588486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44980
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:56:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 03:15:48 GMT

GET
H2 200 XRXK3I6Li01BKofIMPyPbj8d7IEAGXNiSnc3jw.woff2
fonts.gstatic.com/s/nunito/v26/ Frame FD08 43 KB
43 KB 130ms
124ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXK3I6Li01BKofIMPyPbj8d7IEAGXNiSnc3jw.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8fb82df9421fa2de18e11b89200eeccb188dab713331f06c6c8782ad5ce5437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 07:18:53 GMT
x-content-type-options: nosniff
age: 573901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:56:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 07:18:53 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvgUQ.woff2
fonts.gstatic.com/s/oswald/v53/ Frame FD08 31 KB
31 KB 125ms
119ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvgUQ.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c4965a6e9c89dee7d1389167c821976bfbf55d80e7dcddfbcb5400b1ae01c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 01:58:28 GMT
x-content-type-options: nosniff
age: 593126
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31456
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:20:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 01:58:28 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1xZogUQ.woff2
fonts.gstatic.com/s/oswald/v53/ Frame FD08 32 KB
32 KB 120ms
115ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZogUQ.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68425336934a956337b4593a3d47d51d2970d03ac4a9c9fc795596f13eb21775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:10:38 GMT
x-content-type-options: nosniff
age: 192796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32644
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:20:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:10:38 GMT

GET
H2 200 FwZY7-Qmy14u9lezJ96F.woff2
fonts.gstatic.com/s/pacifico/v22/ Frame FD08 83 KB
83 KB 121ms
116ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/pacifico/v22/FwZY7-Qmy14u9lezJ96F.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e05fd4c39d2671d0febcf551364287a41d4889ca4692817722459ff34940ac81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:26:57 GMT
x-content-type-options: nosniff
age: 83817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84892
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:30:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:26:57 GMT

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvUDV.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ Frame FD08 41 KB
42 KB 123ms
118ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvUDV.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c0243aeabbf9c2f5353f0f043cdfe582305ce9232dafae04789f72ad8b8a2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:10:38 GMT
x-content-type-options: nosniff
age: 192796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42416
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:29:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:10:38 GMT

GET
H2 200 nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiukDV.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ Frame FD08 45 KB
45 KB 101ms
96ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiukDV.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31594918e6093b22f7d61e9ef00fe99af5de221a8e7b039517c38bb140fa6d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:20:49 GMT
x-content-type-options: nosniff
age: 4985
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45636
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:29:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 21:20:49 GMT

GET
H2 200 nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTbtM.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ Frame FD08 40 KB
40 KB 102ms
97ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTbtM.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f880482da8a65732322f1cc972412501c1d33d35edece8f4aba96fab40c3b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 16:28:25 GMT
x-content-type-options: nosniff
age: 22529
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41308
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:29:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 16:28:25 GMT

GET
H2 200 nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_k-UbtM.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ Frame FD08 43 KB
43 KB 105ms
100ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_k-UbtM.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16a97a25c22e0a3666a93f2cc4dfb340df15a55dc32190f797ee748f2d7b3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:18:44 GMT
x-content-type-options: nosniff
age: 570310
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43740
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:29:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:18:44 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPRg.woff2
fonts.gstatic.com/s/robotomono/v23/ Frame FD08 37 KB
37 KB 105ms
100ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPRg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2706dfabcbaaf2dee90c3a10c168d5f5691ce787dcae9e77cd038f66b08fc4ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:32 GMT
x-content-type-options: nosniff
age: 125302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37632
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:57:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:32 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2PRg.woff2
fonts.gstatic.com/s/robotomono/v23/ Frame FD08 37 KB
37 KB 106ms
102ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2PRg.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7615aed2ed8f1361d3aba2b6ce6612468463e660e8bd4a4302b24c113ec57308

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 16:23:13 GMT
x-content-type-options: nosniff
age: 22841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37800
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:30:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 16:23:13 GMT

GET
H2 200 L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnAOW4.woff2
fonts.gstatic.com/s/robotomono/v23/ Frame FD08 40 KB
40 KB 107ms
103ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v23/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnAOW4.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9ed2dc63202e8e1e06cc22eb23d39212a36034d90dbc76274ec7f85deb1d3c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:10:38 GMT
x-content-type-options: nosniff
age: 192796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41220
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:19:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:10:38 GMT

GET
H2 200 L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB-W4.woff2
fonts.gstatic.com/s/robotomono/v23/ Frame FD08 41 KB
41 KB 108ms
104ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v23/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB-W4.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68c3f849762d80f759a7702f52b6f9c432173951d7d5e830c98cedfdeba5e53e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 17:24:07 GMT
x-content-type-options: nosniff
age: 191987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41584
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:09:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 17:24:07 GMT

GET
H2 200 R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEliotp6I.woff2
fonts.gstatic.com/s/robotoserif/v13/ Frame FD08 63 KB
64 KB 109ms
104ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoserif/v13/R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEliotp6I.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb1d125975da6683e4db07394e5035b0cde2782b389341bb577d2a274262e839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 00:19:50 GMT
x-content-type-options: nosniff
age: 599044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64888
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 17:29:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 00:19:50 GMT

GET
H2 200 R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEls0qp6I.woff2
fonts.gstatic.com/s/robotoserif/v13/ Frame FD08 71 KB
71 KB 109ms
105ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoserif/v13/R71RjywflP6FLr3gZx7K8UyuXDs9zVwDmXCb8lxYgmuii32UGoVldX6UgfjL4-3sMM_kB_qXSEXTJQCFLH5-_bcEls0qp6I.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d81818ee4513a1dbc74d17b8dcec5aa730a70ceca96b75a68ad007554e01cc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:33 GMT
x-content-type-options: nosniff
age: 125301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72264
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 17:35:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 11:55:33 GMT

GET
H2 200 R71XjywflP6FLr3gZx7K8UyEVQnyR1E7VN-f51xYuGCQepOvB0KLc2v0wKKB0Q4MSZxyqf2CgAchbDJ69BcVZxkDg-JuT-R8AA.woff2
fonts.gstatic.com/s/robotoserif/v13/ Frame FD08 64 KB
64 KB 110ms
106ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoserif/v13/R71XjywflP6FLr3gZx7K8UyEVQnyR1E7VN-f51xYuGCQepOvB0KLc2v0wKKB0Q4MSZxyqf2CgAchbDJ69BcVZxkDg-JuT-R8AA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7c81ec43ffc35a71567094e98836d7545681a399618661c8f1eb202b580206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:27:00 GMT
x-content-type-options: nosniff
age: 83814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65812
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:14:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:27:00 GMT

GET
H2 200 R71XjywflP6FLr3gZx7K8UyEVQnyR1E7VN-f51xYuGCQepOvB0KLc2v0wKKB0Q4MSZxyqf2CgAchbDJ69BcVZxkDg-JuqON8AA.woff2
fonts.gstatic.com/s/robotoserif/v13/ Frame FD08 71 KB
71 KB 111ms
107ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoserif/v13/R71XjywflP6FLr3gZx7K8UyEVQnyR1E7VN-f51xYuGCQepOvB0KLc2v0wKKB0Q4MSZxyqf2CgAchbDJ69BcVZxkDg-JuqON8AA.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cc3cce7b52175a0e42f8b92d45322ebaa709d227f9ec52643e75410fda94b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 01:58:43 GMT
x-content-type-options: nosniff
age: 593111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72784
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:14:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 01:58:43 GMT

GET
H2 200 rnCr-xNNww_2s0amA-M7.woff2
fonts.gstatic.com/s/spectral/v13/ Frame FD08 54 KB
54 KB 112ms
108ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spectral/v13/rnCr-xNNww_2s0amA-M7.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db8faffb5e867554c1ab9b0edd0e11e8b5a3d4b9842d860a11646371c2b84d79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 10:27:48 GMT
x-content-type-options: nosniff
age: 562566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55204
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 22:22:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 10:27:48 GMT

GET
H2 200 rnCt-xNNww_2s0amA9M8kng.woff2
fonts.gstatic.com/s/spectral/v13/ Frame FD08 57 KB
57 KB 113ms
109ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spectral/v13/rnCt-xNNww_2s0amA9M8kng.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aada1ac84edc0a0f678a12e87b835b9c5a71fc4cec407ca0420c6561cb53a439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 00:16:47 GMT
x-content-type-options: nosniff
age: 599227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58200
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 22:19:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 00:16:47 GMT

GET
H2 200 rnCs-xNNww_2s0amA9uCt13D.woff2
fonts.gstatic.com/s/spectral/v13/ Frame FD08 59 KB
60 KB 113ms
110ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spectral/v13/rnCs-xNNww_2s0amA9uCt13D.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fc62f0847bbeb2b050932bc04e8d60087955e2bbe3659fbe89408f4c62f2f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 21:01:29 GMT
x-content-type-options: nosniff
age: 178945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60648
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 23:19:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 21:01:29 GMT

GET
H2 200 rnCu-xNNww_2s0amA9M8qsHDafY.woff2
fonts.gstatic.com/s/spectral/v13/ Frame FD08 63 KB
63 KB 113ms
110ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/spectral/v13/rnCu-xNNww_2s0amA9M8qsHDafY.woff2

Requested by

Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA/viewform?embedded=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1382decc32857b4dc59faafdf57088d9f6917b18ece82cc47f84010224008c05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
Origin: https://docs.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 01:47:32 GMT
x-content-type-options: nosniff
age: 593782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64164
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 22:49:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 01:47:32 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame B528 55 KB
24 KB 18ms
17ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&co=aHR0cHM6Ly9oZWhvLmNvbS50dzo0NDM.&hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=nlc8aqw0rtiw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1045
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 22:26:29 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame B528 468 KB
188 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 14:04:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31194
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192016
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 14:04:00 GMT

GET
DATA 200
OK truncated
/ Frame E7D9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 968da2c692c1738bbe4b563205c24022593dbdb9107dd2aa9c6d43177c3e138a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 chunk.slider.js Show response
heho.com.tw/wp-content/themes/flatsome/assets/js/ 49 KB
13 KB 294ms
294ms Script
application/javascript 34.149.230.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.18.2
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/wp-content/themes/flatsome/assets/js/flatsome.js?ver=be4456ec53c49e21f6f3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.230.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 38.230.149.34.bc.googleusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bec887feaec684bbc55998c457617df16605234f032386cd8068ad2dc8964a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 27 Nov 2023 08:14:20 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13382
expires: max-age=2592000, public

GET
H3

200

1700191881.7762.png
img.heho.com.tw/wp-content/uploads/2023/11/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png
https://img.heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png

245 KB
246 KB

21ms
20ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec6db1a21767af979fb329c02278c64506429fa719347d4aa8b78d4379cb735d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 899929
alt-svc: h3=":443"; ma=86400
content-length: 251044
last-modified: Fri, 17 Nov 2023 03:31:27 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FY%2FWT%2B2tdQM%2FBUeAxjQlZa5MweS%2F0p5J4hAWN4dF5mmemrF21WvPdrDOzq8O%2F73QaQBk2lrwt5DqJmnptnWIbD98HgPnDTxbn9ZSnzGFCP0o4f69EPqyTLyDphZft85JNtbJKs%2F33GTIgIXpyOg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d695966b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/11/1700191881.7762.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

%e6%94%be%e5%b0%84%e6%b2%bb%e7%99%82-01.png
img.heho.com.tw/wp-content/uploads/2018/07/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2018/07/%E6%94%BE%E5%B0%84%E6%B2%BB%E7%99%82-01.png
https://img.heho.com.tw/wp-content/uploads/2018/07/%e6%94%be%e5%b0%84%e6%b2%bb%e7%99%82-01.png

143 KB
143 KB

60ms
60ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2018/07/%e6%94%be%e5%b0%84%e6%b2%bb%e7%99%82-01.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 725433fd99ff2c6146ab607f69d833fb207db0167a1886481e39b79da8728d98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 42444
alt-svc: h3=":443"; ma=86400
content-length: 146297
last-modified: Thu, 27 Aug 2020 06:40:37 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGKcPB7pWDDxdEugUgKC6vSCwEgth8gOjqeVuK5hMvcvVx4G05SzZ7tnLDF2LpuVgHK06%2F6emSY2p29phpgcKw3WjBIIEVH1DLhM9vVkSdo2rhqsEyvmrrqezbkduejDbbKRs3wd1USbs3TNjnI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d696566b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2018/07/%e6%94%be%e5%b0%84%e6%b2%bb%e7%99%82-01.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 380
content-type: text/html; charset=iso-8859-1

GET
H3

200

1701420298.0887.png
img.heho.com.tw/wp-content/uploads/2023/12/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png
https://img.heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png

294 KB
295 KB

48ms
48ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 977ef480f6a9cf6f0c7e46320ce96641f149e60795587abde69892581fc21e09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45760
alt-svc: h3=":443"; ma=86400
content-length: 301563
last-modified: Fri, 01 Dec 2023 08:45:04 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PoTmJvUZ1V2Olay6BbJEAnKAB16xZLoFn2U5%2FUZMGWC3gBTCfrdCv2PB8D7d1O2MklNzSa9uGoUlXa79oPFNobBM9p4wAbg5J%2B7doHBM4nD7h6aqyBaPkHItt8knea5YSdUKBKGMTKVc91xfw7w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d696266b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/12/1701420298.0887.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1701418826.6988.jpg
img.heho.com.tw/wp-content/uploads/2023/12/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg
https://img.heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg

101 KB
102 KB

61ms
61ms

Image
image/jpeg

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab147b4ea8d3c3a480958ca68cbe0fa1cc8efe0907c6a11a79f7f70b28ba61df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47980
alt-svc: h3=":443"; ma=86400
content-length: 103680
last-modified: Fri, 01 Dec 2023 08:20:30 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TmNk96Di84NOEABnjHjaOlFMz1VylPwSlqIObBecemd5%2B35ezo0JyHUi1H5JblhwVOW7TTAKqj8MV9xpuS69hppySytXdw3Jyz1MFt61iQ%2FSjNZu3xOjupWbehAvOgHrNSGf7pxVTlDfjYlM4Sw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d696666b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/12/1701418826.6988.jpg
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1701414877.8346.png
img.heho.com.tw/wp-content/uploads/2023/12/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png
https://img.heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png

263 KB
263 KB

35ms
35ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21972f5d6ba8866515f4b10c25e20c893f0f517b1e9ededb7097349d363053e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44788
alt-svc: h3=":443"; ma=86400
content-length: 268804
last-modified: Fri, 01 Dec 2023 07:14:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fpz11XmN%2BuzIU3dlIxCxOo5z1P%2FiKJ67QPBfsRdMrNVhSWZZD6k96k3aG36YTdywKbjdUYoxq1YcUhyQsRyWoptM3cAdfVnmGl1MtGTw%2Bt3f6l%2F9GCD9iYhOADWHyih31jo5wP5Jgm2XXDctiGI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d695d66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/12/1701414877.8346.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1697531486.0167.png
img.heho.com.tw/wp-content/uploads/2023/10/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png
https://img.heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png

142 KB
143 KB

50ms
50ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aaa699bffde59485dd19fa60a333645a0e56425bf560e2c42b54938bbb286687

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13188
alt-svc: h3=":443"; ma=86400
content-length: 145916
last-modified: Tue, 17 Oct 2023 08:31:30 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Pc9EbCrZw25vZqUfQlHqlxUjzqnhAjBkWSjEY0YBaUXJ%2Bph6WaOWRLtVN%2Bxy4udYQ%2BiJAdqhUAOtLw054nqa3OgZ3lXYPbtldFTtLBa2s73N9jp%2BQnP2bXf2u0OAVjU5S%2FB8CK%2BOm%2Fxrc0nTE8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d696366b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/10/1697531486.0167.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1688032217.0993.png
img.heho.com.tw/wp-content/uploads/2023/06/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png
https://img.heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png

162 KB
162 KB

45ms
45ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 589ee426ccb7b86d8643b16efc0acbd99cb9590e1237cbbb694eba36efac28e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13188
alt-svc: h3=":443"; ma=86400
content-length: 165376
last-modified: Thu, 29 Jun 2023 09:50:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AEAinA1knvB4tB%2BliPxvsaYpZyUjnUR9yjsGbcm33ajKqNzakNHAzSwhUQSQiw5lNn%2BMV8WoFH7FvfUZeRt%2FdD2U4BtDhfnyb5bpoKXQD0tZURvQsRtgz%2BteapF7eeRsCrfgHjjJw5S16RA%2F3A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0d898f66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/06/1688032217.0993.png
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 1685591982.4705.png
img.heho.com.tw/wp-content/uploads/2023/06/ 143 KB
144 KB 29ms
28ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/06/1685591982.4705.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd37899aca2011cdf18276fe93b568460f41a8a9aa4af0dedae29e28e0f7cc8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1229768
alt-svc: h3=":443"; ma=86400
content-length: 146514
last-modified: Thu, 01 Jun 2023 03:59:47 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8eZ%2FURPajsvP28FOmNY1mZU446Q%2Fbx%2BnHTllLUblVx22OCZ9hG5BVP%2FZzmPR3Sp%2B5GxCnSjT%2FmZxYj1UAPsT%2BlUeaDIN2R9AMrM0jWf8YFphIws%2FN3oqwTqT9thmprHAnuasNTcJrjYZyWMzE%2F0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda0bafd066b5-AMS
expires: max-age=2592000, public

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 9846
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1&google_push=AXcoOmRwV7ifXMgEDmrxUmBBnmVzOvnqjZTT2Hpgemr_WYqxjc6j0xf4T9x0X30mG6NPUW8HAhoNobfgQsadNir3R98M9CopFyyrF...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwMDQ3ODQ1NzE0MTU0MzE4Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1

43 B
398 B

18ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA9thCGs8PZ70xl0Mt8B1tA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9846
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGP1fnEOxeMw0rpmrPw9gnc&google_push=AXcoOmRP90LbEy50wZumIzqthTFJC91eXR7tb4bwupDvplmv4sKVueJR0z...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGP1fnEOxeMw0rpmrPw9gnc&google_push=AXcoOmRP90LbEy50wZumIzqthTFJC91eXR7tb4bwupDvplmv4sKVueJR0zMJ7neqtbPxkoKFcRlndu8zzBjE9Hexqo7zTJ5SbML_gDCuOgsvvmJlz9FjWp8hr1vPqc7qnuSBYB2nKsSky92fpeeBbHaCd4T5Vv4

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230064-FRA
pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1701470635.865973,VS0,VE187
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGP1fnEOxeMw0rpmrPw9gnc&google_push=AXcoOmRP90LbEy50wZumIzqthTFJC91eXR7tb4bwupDvplmv4sKVueJR0zMJ7neqtbPxkoKFcRlndu8zzBjE9Hexqo7zTJ5SbML_gDCuOgsvvmJlz9FjWp8hr1vPqc7qnuSBYB2nKsSky92fpeeBbHaCd4T5Vv4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9846
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECkJearHa8KA6GsEkJCVSOA&google_cver=1&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c31JvUjJvd_3a9tfl...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A98A7BD7251347A38CEB55ABBB6A71C7&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c3...

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A98A7BD7251347A38CEB55ABBB6A71C7&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c31JvUjJvd_3a9tflVo99-nzx-QcRgrXFLyfzzLDyxSwMfUBpjA69M9MmELh5U3XNbSI3Lxig

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Dec 2023 22:43:54 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A98A7BD7251347A38CEB55ABBB6A71C7&google_push=AXcoOmSdAgN1h5YMHXT560keNLgoAQ30nfk6T2OS78oFzR_2TzEUXNg5Q_vaRxHiJwScgUtkNvQTm019R8Cf0c31JvUjJvd_3a9tflVo99-nzx-QcRgrXFLyfzzLDyxSwMfUBpjA69M9MmELh5U3XNbSI3Lxig
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 30 Nov 2023 22:43:54 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9846 70 B
148 B 31ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEHbIC6RwofPpQF_D3dR5m0&google_cver=1&google_push=AXcoOmQXR71I4FXFPg7Dy-gW_o2HvltuBMwUViRzxJFzO2Yn_ETtli-ISBbAt-ECDo1iJr851SS5blaRRCjzvHDLXRr18l0eRZZvsqCkK88rJbBLFaM23jtk7vgHKENl7-RdUKlQOU8iJTueWaGENiJiOWQRohw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9846
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJMZeLSwlupidJe2YQBySHY&google_cver=1&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3M...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3MRkontEl2WTjFNHR...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3MRkontEl2WTjFNHRJ1ldcLGOxDMUTeg8A9K-XZ63Z1MvALu2QRWUnDGT-F1dnQtX4XyjuSA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmRsHNJDRj9GwX_1mKok2O3Gy2qHwVLC3KuI6o-rKYJ9QdrKXqczOnRgMmaJYsaLBGBuHtSdjWxgEtHfpD3MRkontEl2WTjFNHRJ1ldcLGOxDMUTeg8A9K-XZ63Z1MvALu2QRWUnDGT-F1dnQtX4XyjuSA
x-host: tde-deliveryengine-production-6987bbc57b-zhg56
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9846
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMQqBQ2uy3F8jFVhrHwXF4s&google_cver=1&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEMQqBQ2uy3F8jFVhrHwXF4s&google_cver=1&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak73-B5aqIw8kDse6iHBwq7_NGAwqaO9dsm8V4Rp5KTDZEU89_oNtb0cVd2FZHHT-kmFb2JF-8DS9rNQk

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmTlWnZWygzJ3vVixJOGY9ZCuGLR5ezSVOK4PO0rZagY1wtuTWJkX6gkjoflhU9xji_sdW9zE0ak73-B5aqIw8kDse6iHBwq7_NGAwqaO9dsm8V4Rp5KTDZEU89_oNtb0cVd2FZHHT-kmFb2JF-8DS9rNQk
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9846
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEMM0AKpHQmLCOhQg_jwMMxs&google_cver=1&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptS...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptSo1K2Itl4rAi39PXBFf3UJVaEoStxtbMxWmgAN5k4i2CPO1as...

170 B
188 B

26ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptSo1K2Itl4rAi39PXBFf3UJVaEoStxtbMxWmgAN5k4i2CPO1assJORBPOIABmGymEoKIAquHk_XF0PI3eXMNo2weNNg9Gdbp&google_hm=-QgfQGsyStWGav7rmvh_KY4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:54 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQlbsEkRN4TqfI81ujj-SBp4Gq-ygxPMkB0dVHsAiocsGONaRQhlDWszKuptSo1K2Itl4rAi39PXBFf3UJVaEoStxtbMxWmgAN5k4i2CPO1assJORBPOIABmGymEoKIAquHk_XF0PI3eXMNo2weNNg9Gdbp&google_hm=-QgfQGsyStWGav7rmvh_KY4
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9846 0
12 B 23ms
23ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jd2ifIBIeoQ3Zm5tM2SHiY97_bWBW0WqCNhorcP8lh5jQkF0vrIXU8o_xfj36bnKsP02sJIQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=6373451281&adk=98387285&adf=2070010460&pi=t.ma~as.6373451281&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633639&bpp=1&bdt=635&idt=221&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1050x120%2C1050x120&correlator=5208131103481&frm=20&pv=1&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=3655&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=222

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A364 38 KB
13 KB 13ms
13ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ajax-loader.gif
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ Frame FFEC 4 KB
4 KB 12ms
12ms Image
image/gif 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ajax-loader.gif

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick-theme.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick-theme.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 333423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3208
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-1052"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oInW%2Fmoug8deGCaLhlYR59Y2gdBT4qoqVprkDcB7uIR%2F3GhbYSKB9r9J1b6ABBlEE5%2BSyrfDgurN8ocuSEZVM9709ee7jkPa7ruCajarqmPnU89fYp%2F20KKw%2FKvyvIUYhVbRqo6zo5v0hJe7lePjIg6d"}],"group":"cf-nel","max_age":604800}
content-type: image/gif; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0bccdd1907-FRA
expires: Wed, 20 Nov 2024 22:43:54 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B528 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 12:21:55 GMT
x-content-type-options: nosniff
age: 37319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 08 Dec 2023 12:21:55 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B528 15 KB
15 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 83818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:26:56 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B528 15 KB
15 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 21:01:27 GMT
x-content-type-options: nosniff
age: 178947
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 21:01:27 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame B528 102 B
135 B 22ms
22ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f3706dd9e175fdadc2a564238f1ddc64afea19e67aefd5b922f33040d5f94540

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&co=aHR0cHM6Ly9oZWhvLmNvbS50dzo0NDM.&hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=nlc8aqw0rtiw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 01 Dec 2023 22:43:55 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A364 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:12:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 22:12:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EE2B 624 B
242 B 27ms
27ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNUMNnUnmG--TrC4xFwWJgie0RIAaHANl9Pqlwc1aIJF6QGw85mRhRWx-nIKNYtmifSWJHZyqH7AHlNzu6nDXyTzkDznXv4H43r8lWX84sv91pI0vRryzFuEB2xVXoUrBmkAjZ5e5RhbLhk0VGteJnJWhFeyR8FWW6q0S7UZ92H1ewVLd-g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:43:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F0E2 89 KB
31 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame F0E2 3 KB
1 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9877
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame F0E2 20 KB
8 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:59:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9877
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:59:18 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F0E2 0
0 22ms
22ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRIXipBXTaes5J7TgK_wuMvOMpHH_wNvpx8HvH9V0DqoM9V_5U8NovNRgAGU6EK7ruF_dWYcjxy4ardVVeuxLhBdyMDZw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F0E2 202 KB
64 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 22:43:55 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E2 42 B
63 B 47ms
46ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bk5BxNvb74GXAh35ZrF3_V3S12UpuZK5gdOM2NnhEnxP949AHoBiPICX-_5TvuDOvg6DJRczblBP_Xbhnxkl8-XpJ96eSqkT_5-DTM_zvbuUvJgHg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E2 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4606272820425703866&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EE2B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1

43 B
731 B

19ms
18ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNUMNnUnmG--TrC4xFwWJgie0RIAaHANl9Pqlwc1aIJF6QGw85mRhRWx-nIKNYtmifSWJHZyqH7AHlNzu6nDXyTzkDznXv4H43r8lWX84sv91pI0vRryzFuEB2xVXoUrBmkAjZ5e5RhbLhk0VGteJnJWhFeyR8FWW6q0S7UZ92H1ewVLd-g
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Od4SkzY2ROe7VYF4HkU02iwkntseOq6kEjaJbPN2wxNkRhyHLTw3%2FHqYOwL0dQvFNdigQid6qXfVvhlvaXT6VVyAGa8QT7cYQ1ziUjx6v96OFxRg0gXGz4e5lZsGdKBTumr9j%2BgtvQ6H7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0e09942c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EE2B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWphqvS2CEsZA0uKm9AlwQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1

43 B
730 B

19ms
19ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNUMNnUnmG--TrC4xFwWJgie0RIAaHANl9Pqlwc1aIJF6QGw85mRhRWx-nIKNYtmifSWJHZyqH7AHlNzu6nDXyTzkDznXv4H43r8lWX84sv91pI0vRryzFuEB2xVXoUrBmkAjZ5e5RhbLhk0VGteJnJWhFeyR8FWW6q0S7UZ92H1ewVLd-g
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PaWjYtk86dyjPBLsTkwIDihV7LtJReKGC1M7BtS2lVplFd8tmx8dckKjPJrRRIxvatqW72pkaOEtLXcpbuKpdyMUDWaqv5AvuP%2BrqWyx5zSeTm7%2F5GcOZdGEAiak06SF93AMRn7elj9ILw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82eeda0e29bc2c3a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeQvs3oYux0I-MI_Us06pA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EE2B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDP2gw60-pwCmireenCV10s&google_cver=1

43 B
844 B

12ms
12ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDP2gw60-pwCmireenCV10s&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNUMNnUnmG--TrC4xFwWJgie0RIAaHANl9Pqlwc1aIJF6QGw85mRhRWx-nIKNYtmifSWJHZyqH7AHlNzu6nDXyTzkDznXv4H43r8lWX84sv91pI0vRryzFuEB2xVXoUrBmkAjZ5e5RhbLhk0VGteJnJWhFeyR8FWW6q0S7UZ92H1ewVLd-g

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
an-x-request-uuid: e54abf9b-9e37-4708-bcd7-48dddc8c127e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDP2gw60-pwCmireenCV10s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EE2B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
an-x-request-uuid: 94bbc0c8-e2af-4860-b3ae-8f3b4c3daf81
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTEzMjIwNjcwNzgxMjUxMzg5MA%3D%3D
x-proxy-origin: 178.162.209.142; 178.162.209.142; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35BE 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=ByWOfqWFqZdL1OcDi5LcP2vCKoAoAAAAAOAHgBAI&bg=!dHeldzjNAAY3kmNgF5I7ADQBe5WfOO9ZGUCBe-xZb2oPqWRH4bQXCs6jSSyo3TrsQAXk-jw1AxDPdPBYjQBHORtqYnNDAgAAAWxSAAAAAmgBB5kDDWrCraOb53jvPh2sBNvJQnkqbL3Iw11_Ul9ZYJt6AUt6vU8bq8QGBmKVgViFqWx2PG0qwn0ghFz3nZgT5xEMdyf3o2KUbQtG8QemAfPROXrJI9OiFgfmYRu0Ss7hbbvo_8RBtPx7M_chubmEIcuBgq80cWqT6xczXoNnihvOY_a-USM21pKi3rbvh40GJ3aY1uEduvuADwuR0X3g3r-15aSSAE3BiLZHQFYIaP_5O5RpE8mmfkRIC_mZ9p6OviyvqU_8btGG9OW18YVvgVhuHebSOITo8XzjAGWP5Z1WPOXYTKOw5Wg1AZ1ZP6Um_9FSL0D1hFAGQFeUvv3LcctfHLahIATtioWgkoBCpnISI1P4Ffsfdue-j0aFCAAv2O_8kIOYbVx-ItElzlDOzawdT36KAy3ETPWAU7un8fyHHeJt8bvdITLDCDvdIcgRi-z-ruFDvJgLQQmKihFLUcVq_qgBbMuYZszbUwtrOM9e3Jxfsu27DLSgV9P6AU0teUwtkPpm4g3AVAx6H_B61YVbGPuGFGYroI5_KHjonegUZKBiiBqlCcduIlaSirRwX3FUUp2YAY4fjlQHmXQcRctrWUht-aIRgrx9DMoQ9_CGsRGw8kXes-x858f19JoNIBPCmroS85ii3-7t_1j780UipuqrVIU8DJUpHIusP5jinazTO-jovgeMYG6_TN9F4Y6d3BP-HaU1aYM5TzarnyKtZ_f5vBiWSHnGs6qNAIG1cucA9i0Nnb5MzjtHJd4vbPVyw9wMZNPoB3NeA8QfLVgkygKByBI328UnHfJE3XFVWsGj6NhcHnSZaclvIIxTFpqiheyuUiJYk34wxTzE-Y5eZPL38nm1M9U7UwzxYHJRuocHiOW8Jm18VI405h93X6SwyNsGfqGgYmbfPRptUQmHQcuDlWkLmYEfmM6YY6CkiLdQIdyxYicq-5f9iyVn5usuKcrB7aG9AQyxtq8R8Zd_PATxLekBT5tkJDo6ccjaZ1AL-m3YMmB04tRo_h0jqFMDR0h5KVbqeYJyVnabvBM

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E2 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6248207546824&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E2 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6248207546824&version=m202309260101&ct=76&x=1&cor=4606272820425704000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F0E2 109 KB
41 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPT16VxVwwhhL8cVQQvQlxry6ie9BqPfyVFaflxXsvVMp2Ryv_FTVSaAa99-8MtMBEydG8F0PVcIcUmU7pCD3gYTRYzdc2Lfjho2G7Tqc6cWr4S2Qca6t0IJI-ZQjbXJhzDJXFEBPRMsUL6Io8VZS82wc4XGbrEDaDmT7lyhcTDBZUKys&dbm_d=AKAmf-AmSmfib1UEd9ABt4J3c8zVdWHN6Y8uX5hpsRX3kc6NmEeeVXhTexCxMCU4PEAXINlvmxZqe_I6ZY_Vqn-ASPjBq2nv88xJDwsHkVN6IJJQwHusRcowiMxkhjSobrBnPxfGpeC-zWb2qBLc_bJ_g3QbBtPS0J_UjyDtK2GnNzoftuhpZlwwu8zB9sX4P8fkBWisbpqohVmlp4jlosg73UggF5gWvVyfUs6-P2zfnD1CZqX3m4l_ewxHMcLziJQ-QNuuqIhdC4965OhEFzIK8ky4QAx19KH8XbDztUEXL9kTP8LEDxtzyGY6HImGUlgOGOJaSbj9ZJB-s0Hr5JviHbVP8cwDydc8MzvnICo9MK9tHZCtVtEp4jb5a93owuXcxiUZcAhaDCvYPVBADOuiHEkGKAhMIepYBHcc0KZnd7UAR3Yg-QTwHm9UNtMxehyoH2UaQ_GtgDPRdbVRtWfEQj6byCx8S-5XWncMQxn5V7YIMAC5Hrh_Z0nVv9ufLSPWnqFTm8iJ_jhY6CxWyUez_8f85Mv_HOUopArTV4bQDiGNtZ5Btbe6YQgmz1JRTY7DYZKPwB0Gtby6EdJVvbSODlIRReB7pUeaL4yvRFo2LQD7uLHtY285Muc43udl637xeepl6fE2CyPzwZj5PQBNxaYSfHXeOkLhe4mbSmi0ApQCzHfnCIoRA1kTho5ztTqrV981yEN3fnyMmSIomRcPsn75pzrWiWMcBYCPylJ-pFBWjOFJwPYlJVGJsDNZtGMeuxnHaChYHJqCPVDYTp8EYWqwTvlg4pUMDdLEnjSHG08W8AzEr18exshn_Gb5Qu0be3JspJEWLnqkh0bVMZbObyt9nC6Lf7zSUe-dQgHh8gLq3Xk5x8W7OMb3KHJHFgrRvLV-WAm_RDu0U71XEtulacjaZoNpZIKaTM_2SiHowk-LyNB59suSciwzHMfghfVbGV_ZRglm6SvSWd0LwaXiHGT6Csu_6L9YdK5bx7ozEBv46zTEJ26r-e5ls24Ir5NGz1Xao1BaOgI5m3BcDyHyXlIOv_VFYBM3ds7D9qa__dWDEwJXNyxjcF-7sFF61F_-7KqbmdgWLdlTjyYdNkxmgUxQch01a2pxXtM19AScIMh0G_gOpSSTq-GPqcGRF1oz8UUSiModni5tedo63WeulAmu84GCJ3-5A4gBa-3_nfR3_nYU40SwEnuElEgdSv67CDyW-J-nwl7ius3ora_TKH2B2w7EekdSuLb-G8uO1DeVt5wqfJMsr9KF0yyOqpQbyWJGRak7uq64PrkfJwDZ4pnHh6P7LBQBEOpzI-3aZ7kq9xH5YH-Br5RzYEwgexEQNans8CVIuESJ1mLoxOuVyPQAJwWj5B-2-oNtrUHAdqjVWXMJ5t9r2R_e3_Y00a2lr47__j5BBiGQGgxcRnFrsaBlQ447HWQos7hiiPvk_xhF-omrIA_AgihSM5mOmWGVZGt4ICOoDCfqEZ0VgLe1a9QQqnROPII4hKqNlLNTRKvj6sTCHpgfXIL-CVRsBFHgPaXkBJ2I5yED61lJE_Sy3EYNiUxCDyLWks6ynZrzRzl75bA5uKNKWS3ycwMddEybf6HwWtk5Jo4uzizXLqjrSLuw9esOtJDyT8ZPp12L-qnlgh__eTVjw9F6r0hHPsdu18DbZP65aA9K3rQrljqyYh8bioSCipsjl33E8S5AGvz4BzSkiL_pFDOiIv1d8c9DPLV2b4GNqj4xKUWyvkCeWn_s_H3qPFtTBzB-jt1rHwaHtZByRbN76oqNfFuCpcX_Qc2rIjai8VKcGOQ_a7ii6epbl9UaaqtOptVE_UA505JftH6x6tH34hmuJiulRSXHmwFm4y08d2CCVbnOXmAv5bYVm9yjgTUhOWlg8-TVVeqFFS6iBuTi9yTUefl9JCSDlydLa8DPbKq4kPpI-kzLdg_h4Swmz-c9Me6ypdYXqgS0DL9x0gHh6p0dx6U7T9tQt8uQowef21EyEx1jmsKp-qBSYw_UN3aYbRb-ZCNHa93TS_yqrxjnDHs_v3lbE2V0GqIAeZRh20jlpeCghWAoPy3EUBPSvHtdCrtGTma-K_I5XpQRCyz66V1DawbS6cya_aoJZUz6tedUd5iStRajzOfll3Ay0TQjJNA3tYzzWQ9PJKJEMmye02IE9xSuNAGU_kznQ1tkBq5u4itv5BTVCrxwPA2VkBvwxmw23ZiNqXrK6Pb4YtZrNzwKEOw2grN5vvegEMU6sJbNFLeox5XvtDUC8O7Or7_KIpVl2XtuobmCsutcyNhGkb7R0f4OR3O9vfWS-C0RBVXpewqxF1uc_AYvpK-P5bEFEGLzsYIUNN1ngc8lpTS3s3dG8e_TQQmZsIdSvEAlEApLRzIaa7jesg4dQRxm86y9DwVxXHszkUweYfnYKG9yvnXcaryNxr9w0yixb4Cgbavxb1Kx58ubfc7-erKFVqf19cMXTNmaPJpe65KGI3iUFeGyIX7FympVaCaInMArtWigrxXx4KafGSiIxvXsMiXXn__rEEg_SgQdfFb73zBk2wECBvK6h6HLBywHmVf7vc5SVJLCXwnkaP4DJUVVdc-nPuGPi7QRbnp2lktahOCsBC-MDZcyV4rgJGJa9CtrqjLfME5KKJjaXXdYIdU_yZmGKxeV3LWqvz47nVRUh7MvyWHF2dTzxX4loYiFjhsjBll4lPdCvuHqE9phKlKfpNlCqGzjKo4LVqyFb7WXMpCBup3wplApVpL4HqwPrm-7TJshmh3ui2Cryn4-faoAVU-EGzk4AvQ5cKj9aFyOR3riXgu1W4J1OSHXIPyOZS_gW3e5Xa5JqmBP_tJ1qOnK0eF_gb6rzRjW2BqAoaSlzxOmGzgcdgvjal7dJAvtF_uE8F_yTybB_5KY8jy5XmftXZliEKtzx7FmFbnvBPnyUMHXMEfMPpBhlnzSGvfpo-jNX4bH5qvzNlq8M_4BmJOWNO0Su00xBEVozrzbveKgXOsjD_tuypWvIR8w-Hk25jfDPDEgKV4LwW-wEK5GfIWyugqKlDfApanKhQ2hfnuSfpQBvW6uRc6vfVa5ELjCJBruqHMEPkZytUm2v6CCFD-lh54uCZb9h_pCI1_Zk7SOydsjg5--khBkv2HliQ46RTZXbKUYCPjvnTZ-iSZedv2hf8pnFojMtpCvWK0IW-yD93IGiFzdtNPlgucwrsW5zBWsL_krvbYmnK2CDdbIXpCGswKuoxOf_f2N7cFJiO4Iir_TyyoY8repgC3YtWxUGUBnV3WApJAD0PcHfKNjuCvN9cWUYZ8DyuDGvrqTbQDgCDjdgDPvrfmD_Nb3Kfb9cNdUPsXRTl60svtbR5VBVY87bAnnq8-77hkuzGa59qZsYy9NRKxsecqXch4mnNGFFi5GdsqyXFSFBGXqqtrOBNum_2mgBTJXwB984N5hmcJNK1RJXPHTlimnczH1yBhuqhOglCb5Rmb-Iz6-dL4OrSxQtmMtlZulvl3ALoG5n0g4ddvM4aNFnLRY-0DwiPEcnZc0fBcdEO2PQNPjnL3h8tVcMYj6Nh3fzmz2q6DRUwiIatYGmLZwKSSfBqzPrcCgJr_LpPbU821EBQsfpkDnPb3nH8QUSaPLXp_LYlTvsz3Lo5PPHNjr7xe-_Cw9YJg_j6SJ2F1WH_St7B_fNvKVRz-fhnnJBpfc3rs3WARc0nGOj8RuHjtCj8mikV8lb6IzHfZWWQULnnPh4Y93ahfASrXOiKnOVDZ-m2J1rG7T2Ed-fuo&cid=CAQSPADICaaNcqI2X0qEeDpzg6Xe3CICy4LFD_1EmWidtrjdBCSoJA7WLjngxS4OLT010RxxnG0tKNhGvftDpxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fheho.com.tw%2F&ds=l&xdt=1&iif=1&cor=4606272820425704000&adk=497053795&idt=47&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d85ef610b1ac3b3bb5369d0fa4760db5250a0c05c40437b5759331faf78c4891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42182
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523880/ Frame F0E2 255 KB
77 KB 107ms
34ms Script
application/javascript 52.210.223.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523880/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5693807149055825&ias_chanId=1&ias_placementId=20492285957&bidurl=https://heho.com.tw/&ias_dealId=&xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i_7ti-DzQQtV2-JMhm6uXZ
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.223.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-223-89.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 11ac541c671d7f00abc9c41b3869779b92540a3b73b0e81b99b12e600efeee70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F0E2 111 KB
39 KB 63ms
14ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54207
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Dec 2023 07:40:28 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame F0E2 11 KB
4 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPT16VxVwwhhL8cVQQvQlxry6ie9BqPfyVFaflxXsvVMp2Ryv_FTVSaAa99-8MtMBEydG8F0PVcIcUmU7pCD3gYTRYzdc2Lfjho2G7Tqc6cWr4S2Qca6t0IJI-ZQjbXJhzDJXFEBPRMsUL6Io8VZS82wc4XGbrEDaDmT7lyhcTDBZUKys&dbm_d=AKAmf-AmSmfib1UEd9ABt4J3c8zVdWHN6Y8uX5hpsRX3kc6NmEeeVXhTexCxMCU4PEAXINlvmxZqe_I6ZY_Vqn-ASPjBq2nv88xJDwsHkVN6IJJQwHusRcowiMxkhjSobrBnPxfGpeC-zWb2qBLc_bJ_g3QbBtPS0J_UjyDtK2GnNzoftuhpZlwwu8zB9sX4P8fkBWisbpqohVmlp4jlosg73UggF5gWvVyfUs6-P2zfnD1CZqX3m4l_ewxHMcLziJQ-QNuuqIhdC4965OhEFzIK8ky4QAx19KH8XbDztUEXL9kTP8LEDxtzyGY6HImGUlgOGOJaSbj9ZJB-s0Hr5JviHbVP8cwDydc8MzvnICo9MK9tHZCtVtEp4jb5a93owuXcxiUZcAhaDCvYPVBADOuiHEkGKAhMIepYBHcc0KZnd7UAR3Yg-QTwHm9UNtMxehyoH2UaQ_GtgDPRdbVRtWfEQj6byCx8S-5XWncMQxn5V7YIMAC5Hrh_Z0nVv9ufLSPWnqFTm8iJ_jhY6CxWyUez_8f85Mv_HOUopArTV4bQDiGNtZ5Btbe6YQgmz1JRTY7DYZKPwB0Gtby6EdJVvbSODlIRReB7pUeaL4yvRFo2LQD7uLHtY285Muc43udl637xeepl6fE2CyPzwZj5PQBNxaYSfHXeOkLhe4mbSmi0ApQCzHfnCIoRA1kTho5ztTqrV981yEN3fnyMmSIomRcPsn75pzrWiWMcBYCPylJ-pFBWjOFJwPYlJVGJsDNZtGMeuxnHaChYHJqCPVDYTp8EYWqwTvlg4pUMDdLEnjSHG08W8AzEr18exshn_Gb5Qu0be3JspJEWLnqkh0bVMZbObyt9nC6Lf7zSUe-dQgHh8gLq3Xk5x8W7OMb3KHJHFgrRvLV-WAm_RDu0U71XEtulacjaZoNpZIKaTM_2SiHowk-LyNB59suSciwzHMfghfVbGV_ZRglm6SvSWd0LwaXiHGT6Csu_6L9YdK5bx7ozEBv46zTEJ26r-e5ls24Ir5NGz1Xao1BaOgI5m3BcDyHyXlIOv_VFYBM3ds7D9qa__dWDEwJXNyxjcF-7sFF61F_-7KqbmdgWLdlTjyYdNkxmgUxQch01a2pxXtM19AScIMh0G_gOpSSTq-GPqcGRF1oz8UUSiModni5tedo63WeulAmu84GCJ3-5A4gBa-3_nfR3_nYU40SwEnuElEgdSv67CDyW-J-nwl7ius3ora_TKH2B2w7EekdSuLb-G8uO1DeVt5wqfJMsr9KF0yyOqpQbyWJGRak7uq64PrkfJwDZ4pnHh6P7LBQBEOpzI-3aZ7kq9xH5YH-Br5RzYEwgexEQNans8CVIuESJ1mLoxOuVyPQAJwWj5B-2-oNtrUHAdqjVWXMJ5t9r2R_e3_Y00a2lr47__j5BBiGQGgxcRnFrsaBlQ447HWQos7hiiPvk_xhF-omrIA_AgihSM5mOmWGVZGt4ICOoDCfqEZ0VgLe1a9QQqnROPII4hKqNlLNTRKvj6sTCHpgfXIL-CVRsBFHgPaXkBJ2I5yED61lJE_Sy3EYNiUxCDyLWks6ynZrzRzl75bA5uKNKWS3ycwMddEybf6HwWtk5Jo4uzizXLqjrSLuw9esOtJDyT8ZPp12L-qnlgh__eTVjw9F6r0hHPsdu18DbZP65aA9K3rQrljqyYh8bioSCipsjl33E8S5AGvz4BzSkiL_pFDOiIv1d8c9DPLV2b4GNqj4xKUWyvkCeWn_s_H3qPFtTBzB-jt1rHwaHtZByRbN76oqNfFuCpcX_Qc2rIjai8VKcGOQ_a7ii6epbl9UaaqtOptVE_UA505JftH6x6tH34hmuJiulRSXHmwFm4y08d2CCVbnOXmAv5bYVm9yjgTUhOWlg8-TVVeqFFS6iBuTi9yTUefl9JCSDlydLa8DPbKq4kPpI-kzLdg_h4Swmz-c9Me6ypdYXqgS0DL9x0gHh6p0dx6U7T9tQt8uQowef21EyEx1jmsKp-qBSYw_UN3aYbRb-ZCNHa93TS_yqrxjnDHs_v3lbE2V0GqIAeZRh20jlpeCghWAoPy3EUBPSvHtdCrtGTma-K_I5XpQRCyz66V1DawbS6cya_aoJZUz6tedUd5iStRajzOfll3Ay0TQjJNA3tYzzWQ9PJKJEMmye02IE9xSuNAGU_kznQ1tkBq5u4itv5BTVCrxwPA2VkBvwxmw23ZiNqXrK6Pb4YtZrNzwKEOw2grN5vvegEMU6sJbNFLeox5XvtDUC8O7Or7_KIpVl2XtuobmCsutcyNhGkb7R0f4OR3O9vfWS-C0RBVXpewqxF1uc_AYvpK-P5bEFEGLzsYIUNN1ngc8lpTS3s3dG8e_TQQmZsIdSvEAlEApLRzIaa7jesg4dQRxm86y9DwVxXHszkUweYfnYKG9yvnXcaryNxr9w0yixb4Cgbavxb1Kx58ubfc7-erKFVqf19cMXTNmaPJpe65KGI3iUFeGyIX7FympVaCaInMArtWigrxXx4KafGSiIxvXsMiXXn__rEEg_SgQdfFb73zBk2wECBvK6h6HLBywHmVf7vc5SVJLCXwnkaP4DJUVVdc-nPuGPi7QRbnp2lktahOCsBC-MDZcyV4rgJGJa9CtrqjLfME5KKJjaXXdYIdU_yZmGKxeV3LWqvz47nVRUh7MvyWHF2dTzxX4loYiFjhsjBll4lPdCvuHqE9phKlKfpNlCqGzjKo4LVqyFb7WXMpCBup3wplApVpL4HqwPrm-7TJshmh3ui2Cryn4-faoAVU-EGzk4AvQ5cKj9aFyOR3riXgu1W4J1OSHXIPyOZS_gW3e5Xa5JqmBP_tJ1qOnK0eF_gb6rzRjW2BqAoaSlzxOmGzgcdgvjal7dJAvtF_uE8F_yTybB_5KY8jy5XmftXZliEKtzx7FmFbnvBPnyUMHXMEfMPpBhlnzSGvfpo-jNX4bH5qvzNlq8M_4BmJOWNO0Su00xBEVozrzbveKgXOsjD_tuypWvIR8w-Hk25jfDPDEgKV4LwW-wEK5GfIWyugqKlDfApanKhQ2hfnuSfpQBvW6uRc6vfVa5ELjCJBruqHMEPkZytUm2v6CCFD-lh54uCZb9h_pCI1_Zk7SOydsjg5--khBkv2HliQ46RTZXbKUYCPjvnTZ-iSZedv2hf8pnFojMtpCvWK0IW-yD93IGiFzdtNPlgucwrsW5zBWsL_krvbYmnK2CDdbIXpCGswKuoxOf_f2N7cFJiO4Iir_TyyoY8repgC3YtWxUGUBnV3WApJAD0PcHfKNjuCvN9cWUYZ8DyuDGvrqTbQDgCDjdgDPvrfmD_Nb3Kfb9cNdUPsXRTl60svtbR5VBVY87bAnnq8-77hkuzGa59qZsYy9NRKxsecqXch4mnNGFFi5GdsqyXFSFBGXqqtrOBNum_2mgBTJXwB984N5hmcJNK1RJXPHTlimnczH1yBhuqhOglCb5Rmb-Iz6-dL4OrSxQtmMtlZulvl3ALoG5n0g4ddvM4aNFnLRY-0DwiPEcnZc0fBcdEO2PQNPjnL3h8tVcMYj6Nh3fzmz2q6DRUwiIatYGmLZwKSSfBqzPrcCgJr_LpPbU821EBQsfpkDnPb3nH8QUSaPLXp_LYlTvsz3Lo5PPHNjr7xe-_Cw9YJg_j6SJ2F1WH_St7B_fNvKVRz-fhnnJBpfc3rs3WARc0nGOj8RuHjtCj8mikV8lb6IzHfZWWQULnnPh4Y93ahfASrXOiKnOVDZ-m2J1rG7T2Ed-fuo&cid=CAQSPADICaaNcqI2X0qEeDpzg6Xe3CICy4LFD_1EmWidtrjdBCSoJA7WLjngxS4OLT010RxxnG0tKNhGvftDpxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fheho.com.tw%2F&ds=l&xdt=1&iif=1&cor=4606272820425704000&adk=497053795&idt=47&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 19:58:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9954
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:58:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame F0E2 31 KB
12 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84246
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11894
x-xss-protection: 0
server: cafe
etag: 8278194740845609983
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:19:49 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F0E2 41 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EB40 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23145
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 16:18:10 GMT
etag: 48472445140208031
expires: Sat, 02 Dec 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F0E2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fba64554e0ba15ba6e427c9f3d7bb9f3cca8e7c7a3cb9f2408dfb6ec6fb167d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB40
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECmeWGTascURSPkncz1VIhk&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFczaTJUV3YxUjljZUw1&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFczaTJUV3YxUjljZUw1&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9O3UI4kf5UtcpErvO4k5wDzAl3hy0mGsoluHz_4KZtWRCwVzd426LfDGY

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Dec 2023 22:43:54 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFczaTJUV3YxUjljZUw1&google_gid=CAESECmeWGTascURSPkncz1VIhk&google_cver=1&google_push=AXcoOmSLBI-8PWqZWLHbG5_dHVyqsCZXTJFaTDdNa-2Xrb9O3UI4kf5UtcpErvO4k5wDzAl3hy0mGsoluHz_4KZtWRCwVzd426LfDGY
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB40
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGyStl_JoluZ0Z0OsSuun4I&google_cver=1&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXd...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXdZnKK3e22QeowWAI

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXdZnKK3e22QeowWAI

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ELy1megWTB8fwtWjKfX7EQ&google_push=AXcoOmTN2fZ9IgoXY_vRvDVbOGfmXMQSkn1uQydkSM1W-NvSEzqE7A5tZYmeYuZ62qVq3OEc5Vu_IGHl0Ems7tXdZnKK3e22QeowWAI
x-host: tde-deliveryengine-production-6987bbc57b-j7nlf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame EB40 43 B
146 B 61ms
14ms Image
image/gif 35.157.241.1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDPBM2gn1HdGqO-t282kGKk&google_cver=1&google_push=AXcoOmQfOqPKsllgMI-PI8VoehYiVJhkFKdufFI1NPJu07MTy7YfOmcsQIGqiwUX540IC4Kt21j0yiPdZ9OFytOX1JwDugXTeBRErU0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.241.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-241-1.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB40
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTn-Jeo...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTn-Jeo...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDEyMjQzNTUwMDAxNjg4MTE4NTIyNQ%3D%3D&google_push=AXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0te...

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDEyMjQzNTUwMDAxNjg4MTE4NTIyNQ%3D%3D&google_push=AXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0tee-DWg9_WpLj5hax4dpSW93guraepVOptU

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDEyMjQzNTUwMDAxNjg4MTE4NTIyNQ%3D%3D&google_push=AXcoOmTn-JeokWISMjmfyyJL44CkiYw0niQoFXaiWiqRmiCF3AZR2lAi4ZoVwK3-_PG0tee-DWg9_WpLj5hax4dpSW93guraepVOptU
pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 01 Dec 2023 22:43:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB40
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENL_RYDCHNLd1iy6UETpA5Y&google_cver=1&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETu...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETuHqC-tsuA&google_hm=eS15V0NLY2hoRTJwSG0...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETuHqC-tsuA&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Dec 2023 22:43:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTf1yEnrECpWOd3dXpgw4kkDkNrhzCS03Y2asFub7cKDiPE4XM9kXyNfSI8gs5Pd7B82NxpXHjWpsgmLZ-FbuLuETuHqC-tsuA&google_hm=eS15V0NLY2hoRTJwSG0zNkFLUXQwMmJNVnJ4NEhxSXZHSH5B
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EB40 42 B
213 B 52ms
19ms Image
image/gif 34.160.236.64
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMw-_a6f9xzaZOJUXTVfxrk&google_push=AXcoOmTY4nUySfNqVcKsVwawDKAzv3QL-Zw788vNKj4YRSdYvv3GkK6dyiTEPFGJhG0teGAWfZuvvJZsAp-lCqyYyAtyCHmECt8ZCw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 64.236.160.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
last-modified: Thu, 19 Oct 2023 06:07:48 GMT
server: nginx
etag: "6530c7b4-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB40
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZ5dpu5G6P4g0ySKF_651o&google_cver=1&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7txH...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7t...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7txHGp1MCacqOi8SwLmSmzaouro

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODUwODk5NDg0NjY2MDM4OQ&google_push=AXcoOmRF052JJczW_TCsBkqCfFVU6wrZol-ENdWZYI7NLh7Ik-Q_8tu5a62UC-p3h_GvmAJ5WZOr7txHGp1MCacqOi8SwLmSmzaouro
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EB40 0
12 B 21ms
21ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IZPEJpbNQ9ymCMX1QrTE9KBK44Xsc_9-oumSUgenvXHqYWp1bmLsb7ZEqe4d0xfmu7Hpts

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 57A3 38 KB
13 KB 13ms
13ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 37228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 12:23:27 GMT
expires: Sat, 30 Nov 2024 12:23:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A364 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bm0QFqWFqZYqsOs2n7wLDlb-YBAAAAAA4AeAEAg&bg=!iomlicbNAAY3kmNgF5I7ADQBe5WfOA-2A1AQjszJsaZSnsmLztvqdyv15ZlHUy0rpIB3QHUZ8ld_g0rZOhEyWUVOCq55AgAAALpSAAAAAWgBB5kDAUuY1uCghulVBKNOlRiPVDHcAWjs_kVxlCyt-3pj6J98p39y8yvyOs57qDiLZMSxcwBnAbmJsqUXe0fKE96q4UH8VJhe-3KPgAb7xnF_D-CnaTochtR5jg2xM8M3mwiFDuHT7ONuiKmi_UwtAllDBn9i3UAh-wNALuknn2BS_UTnC0i14jr44bqkqx7PNfTVachH0M2fLtCpFpJdCeoNKC7_475ZhvXLBNeYnQmVrY3EGUPjJAMoeqNvDsU_A3e_op6kUDLYq_em449ZEAarpFw4oolMZRVB0U2oxP1uvR9mgFXgBn6sQP5efoz2l7Nuqh0eq48y3APtYriP0TU10zscpJmdB7oKtT5NSboTMpobQCl_aNRkQ1WAvWTgb2_IhiZISUJzMJMTPqPnj3JCEJ3kpt3m5hXxNXdUpvRs8hPvtLviuZfGPaoDTzz0yHTW-CVt9UmmGcnOHLTG1eOoeFnbjnuSO230fhfZn6Z-XmM7hPp4MKAD5KoLIMcTc4jAIARbzoS-0IM08ictuGfoWpwxb4A2Psw6vJjWBEiLuA3MTBHulovDYfOJ2Elco7Ah6odkJyKvj5IxG_neiCvgpYrdGG9-6QNwiL-kCpD64gd-8K_A6wcdn_u6XNqhe55FDZ8sTH3tW5-pzKYV3wsc-OK5jdn3NuKhZrcA-WiXO-MmN67vhmARHrYHVNkuCzhEV7GM-4hy9UdQzFEi8MIg5UacEwp_fAh8piKqzz7hPXgl-Ux747_yh_E03ZryK29INuPlEV22YFe5OQ0JmHZbRyNdS9ViJpa7OtfzOSY4bwOcq1n8kQrclGTNar0StnQnO3vexc3QYL0iPB_yRSn_CiGGwaaQIpVBZRPe_yw-zaqdKLBGsbug3tWTQJvtZG2wNS7e3Wtpn6m8uDpGQ0xjvsy678xlhV_d_aJakQ3oZzy2sq9XViRS0BHFG2wipSWwRwu00PXuJBHgT0xWruTGAQawbB-skQW2AX206wXcAzLWt73wn5kdnDIIpzZrrTjEbwg

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 57A3 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:12:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 22:12:38 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1064608057035189096/ Frame 4E35 6 KB
2 KB 14ms
14ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 340785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1879
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 00:04:10 GMT
expires: Wed, 27 Nov 2024 00:04:10 GMT
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F0E2 0
0 122ms
59ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssRqOXxffdjp5OjRGoiQttFS8P7sJY_xAxgOpbjUJbHt5kxEnYy56Uiue4RyPQeP06Qo8mQGR_v0tjP71J4aa4x9ijMgXqdYOxgIT75aoWorAf5uvN9p8VN0nJZOtsHgZ9SPNuYb1aws7oGKrjyHlbu5QrY2ymh58MpYZXVtCQgpAnBulJ2Xms3GQISgGH74nwcW8PwGw52Sm0VUkBf1lxEBFp_jtAzSjFqJg-7m6BmjAtXTODq53Bzw296yaDNwoN-tqn7d9nB4rPF3DZMAUMcCdWhQBA8HdQ5oOuYqk9OsOEnH7y-Y-BfKHEd9Dh7O0_tqK2b4USs_oaH1EDE6S1GmUWmiEcfonucbLqC8UWxLHI21Fxr41ycEF8qk4QNkhxsN86zskV46mK6nViFYGpuwvaqYKbQ31yK8f_X9UuJRjMfSlNQCVZBwf5DHhIINAiIG7e17eixcK7kNHWl00c5KhI7pcWxQHAob5QG5XTbE8FG0Ax87pbfJkMO8nhio_33HFHn9H1dU4ETbYwwmlvO9wx2s9wAd_0Bgr8dICb9TnKjMBoBXx2pzsjfAj-Dy1XsmwD9y5lRXGIZnEvbOPoDLsD_S0XKKIZWxCr9Y7Ny27Dkb1LYIam3hcq3lWKuRXuPI0PfiV6MAX6oNhvhkzs9RMmjvYxiJ9Zw-WHMpAFFZThqHBtoIzgQtFpWpCfd8SOjax9XjbPOo8Y5PKgfr19MY99P8f9m3o86Z7q2U-9aL8XiiQKoO4Htz_rcqikAAlLuYHlvf0l33AZgs3h1LMr5C6tozHEbQXaj5w5wzL8u36xdHPVHUmOkJk3SbbP-FVDUJ4jdGHkt-Qfoy08flv88bMVTPJg5Jw2LuYBwVDoCMKXxwoXLc3KJH51bw8BO0VlRgI2tKJtwAcSevrB0h_yPYDzW8YwzREn3vqPGKy4SIvHeLuuRnoSsAlHepUMvA3Ha-Pba85BTaacPx1c1w5jIy-uON8ufS3DNsmxiUqZnjoHNyo9C0JbaMo5npLYgYBy2LdVJegd5j6aeeKahQ0RDrkU6M6MvPhFUmJ2ivIjtYf0FdNlEv-NoOv6QCoJ7WvyiqbgsAFaHOjPVokoYWqT-8EfNjwycNX5UzVY6VoqrmZXzkkzWL8XeXCUMAUOyoej9weN9kU9B8Ll0mJePYKZaYB6FtsrahLvt-ENmifwL6WEmN32pfxEmjPJz6-567RTa1FkpkwU8Hpoe3QXaC7gYtJ15UIVfrLhQwyDFArt06fPIkRRQu-Uic6VVfQXr1HzRDd9sWOaFJmD9ZX_6HJqLWtuzViugg9_kZL2swZAeh4twexm4fUwl1A_cKQ87XSkMiDynQwePvd_qtIreFnhJLaywMLXLBThA&sai=AMfl-YQTUAPdnwRQawWCVcEq8DuVTqMXpOfOj0kd__BAJ_2ewoANTZugdOKWU_fUD5YHhUm8gtdqtiAH3VySnZgmxnjfJnw-kLob4DhDZWz5GAStvlYltgRuQzSQxIxNuPaiztHgw4xsQCkPbmRQAz8OxMg8Qzr7v9AGHn4OFm98IXXNzTDiSYiFjLgxBxZjmcKrL7KadfPsbLSKovhKZGY4MhGvxx1FDoFN3kzJPXmF10SSDa6tVvzuQAVGzsbXKakhabe9AMA&sig=Cg0ArKJSzONd2o4hhoI7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=90&cbvp=1&cstd=88&cisv=r20231129.33853&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/1064608057035189096/css/ Frame 4E35 6 KB
2 KB 14ms
14ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2000
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 4E35 70 KB
25 KB 16ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1969365
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SztIXS7XlS55882JDHIael%2Fk01k%2BPrjIoyQkFSHxgBuNjsr93lXig8FHP5I5tgjdo05AX6QyShFhbGRGBOTi2%2FWI2NMH883pSDCjg5h8KPc54KSo46mrUsKFwGkadUTvyuQAIpc%2FtGQCz5tCzYYWyPD1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0f6c761e6a-FRA
expires: Wed, 20 Nov 2024 22:43:55 GMT

GET
H3 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 4E35 7 KB
4 KB 22ms
22ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1938584
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=picKKxbX1IN40p4RXYXpntqLtuJ9f42rI9sDa1SfSgvZOFu%2BoUk5If7IV4p0e3UXQWA6%2FW3D0KOmICOfSw16uEIR9yvTz%2BdrPl481WEQFXpG0k784vNWMmi0iHh4mdcDkRjwk5DbGCERz43Mf3k%2FYlax"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82eeda0f6c781e6a-FRA
expires: Wed, 20 Nov 2024 22:43:55 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 2 KB
800 B 15ms
15ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 11:48:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39321
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Nov 2024 11:48:34 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 429 B
349 B 14ms
13ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:21:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Nov 2024 12:21:24 GMT

GET
H3 200 dyson-v15s-submarine.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 25 KB
8 KB 14ms
14ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson-v15s-submarine.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8356
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 33 KB
33 KB 15ms
14ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33567
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 33 KB
33 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 20:39:59 GMT
x-content-type-options: nosniff
age: 180236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33601
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Nov 2024 20:39:59 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 25 KB
25 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25911
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 9 KB
9 KB 36ms
36ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8971
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H3 200 5-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 12 KB
12 KB 37ms
36ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/5-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 00:04:12 GMT
x-content-type-options: nosniff
age: 340783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12054
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Nov 2024 00:04:12 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/1064608057035189096/script/ Frame 4E35 4 KB
959 B 25ms
24ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 00:04:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340784
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 930
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Nov 2024 00:04:11 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame B528 35 KB
20 KB 53ms
53ms XHR
application/json 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9c4d3de84453ab0b8e60200491aa95591c312accede985bc3c0387b77cbee8b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfH-N0mAAAAAFbl_1iN5mLWRSOGn_wdfGEDt4cE&co=aHR0cHM6Ly9oZWhvLmNvbS50dzo0NDM.&hl=de&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=nlc8aqw0rtiw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 01 Dec 2023 22:43:55 GMT

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame 4E35 8 KB
8 KB 15ms
15ms Font
font/woff 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 12:55:16 GMT
x-content-type-options: nosniff
age: 467319
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 25 Nov 2024 12:55:16 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame F0E2
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523880/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5693807149055825&ias_chanId=1&ias_placementId=20492285957&bidurl=https://heho.com.tw/&ias...
https://static.adsafeprotected.com/4.js?xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adContainerId=brand_safety_q2FqZYuLDp6b9u8P8Z-UgAM&cbFunctionName=goog_wrapCb_q2FqZYuLDp6b9u8P8Z-UgAM&true_pb=

1 KB
1 KB

33ms
26ms

Script
application/javascript

2600:9000:2127:b200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adContainerId=brand_safety_q2FqZYuLDp6b9u8P8Z-UgAM&cbFunctionName=goog_wrapCb_q2FqZYuLDp6b9u8P8Z-UgAM&true_pb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Server: 2600:9000:2127:b200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 20:22:14 GMT
x-amz-version-id: ptCY9mvdfO9FVxh7J7Hg_NqWxL3SNYBQ
content-encoding: gzip
via: 1.1 d5da174e34f35b7d1482b8432bf7e084.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 267702
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 28 Nov 2023 20:22:12 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: MQSlTy2EOx6QXHMWNlPaUNLknC4rr4NCdTLtR4P_D9H5rlQHiLC3kQ==

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
server: nginx
x-server-name: app01.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?xsId=ABAjH0i_7ti-DzQQtV2-JMhm6uXZ&ias_xappb=&adContainerId=brand_safety_q2FqZYuLDp6b9u8P8Z-UgAM&cbFunctionName=goog_wrapCb_q2FqZYuLDp6b9u8P8Z-UgAM&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 4B43 91 KB
23 KB 87ms
24ms Script
application/javascript 2600:9000:2127:b200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 d5da174e34f35b7d1482b8432bf7e084.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 6215685
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: A6s90H96gJqr44One5hpNQBQ5mtLmUPOvO9Zt72ZLhliH5XlWTEk2Q==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
216 B 3863ms
3482ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK1Hu,pingTime:-3,time:39,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:39,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B34~0%5D,as:%5B34~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:0,renddet:na,siq:14%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:56 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 3863ms
3486ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK1Hw,pingTime:-6,time:41,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:41,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:0,renddet:na,siq:14%7D&tpiLookup=ao:heho.com.tw*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:56 GMT
server: nginx
x-server-name: dt25.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 3845ms
3485ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK1HO,pingTime:-2,time:59,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:359,beZ:359,mfA:362,cmA:363,inA:363,inZ:365,prA:365,prZ:369,si:372,poA:373,poZ:388,cmZ:388,mfZ:388,loA:400,loZ:401,ltA:418,ltZ:418%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:59,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B54~0%5D,as:%5B54~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:14,sinceFw:45,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:56 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 57A3 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BkvkCq2FqZYuLDp6b9u8P8Z-UgAMAAAAAOAHgBAI&bg=!Pj2lPXLNAAY3kmNgF5I7ADQBe5WfOIuEbgnZ8IMRbuuifIIGvu-dxHxpuLrQmHb4ye9rBAJTXoqRqIfjFfq-S65rTmwEAgAAAEZSAAAAAmgBBwoAZXyk8ipQKH8w64hzDo-qlt6oBBrMNG2YNNBlDoDTzssVl3t5NtvtHXzco8sjo1j7WvJX4QtyNS0wpNhDNh4TtGma6UBP0ZDMrDDjsxS71QFhaoDKO04-DI37KTqadIHC6CZ07ZF3mQMJWFDkcWpKloIV1sfSh2NsM6EtSbKy3QvyNxizQRFGeHHHN9MeV834gubi8mxEaYgTHt2lpugrcf6my7z7yiPSYd6e95d8p_OA29wVX-ZvkhM6D62nFutjpSDpJKx1bW_E_-e1QHeBMKJ7ETek6Xhn2lBlWM9Tffq0UXNhpVfmN9RJ9emvlKbo7NIr_qFRSLQX1x7pyzNaWFINzqRyDe_80L_FKZopmNkts2k-_gNeZj2zHqrbvQRTMRXhSh_OmKeu1hOU8mNB2-fDmCspA9hC-n5b2sO9XGMhljO8_PWdpX1FQSLOxjbYhLqLpwrtsGMON1T7U1BdZel5ntSaBQiIVi8OF9NhF17GM7Jma4vSFIDv2WgoSreIY9LynDmtkNQVZZu1PhLDHMOjWUAMjiSpIHKRqK7t0jEMdEAlH7xTxT_w9sHfi9JkxYa9Gjrv9a2McwyWcP535Zr9_pn0wTzxCBPfhwlCdpI7-2-PvcBS2GsLve6tnybk-rpVANfu4aXcNz5vbdlg4CZVsIS-Xh-EyaTDIb0logQ3_BSunxueoex8eyxEZgCxKKmo5y2h3_NM5AOoN1CQwtwebfLRwlKHxCpuxkwTQp3Tz74lGXWHK-Sw9aQD2mm60D6lz2DNHNW5BkFSpVzjN4db5JOfkhaBwztusLi3cWr_pssFDfcLrRz7-bVtV0ajakDqECGDlLC3G1MQf35EkyailNoMJWlT_tVlWsxvoXDwWJrxEuY5_zbi1ABBqX-roxKbL4HxpQbHdHnk-xSyaiuhMHeWCOD8QDV41UeMPUDLhANGkWLqFx3ueVPeP72CKhwrvVUjwvj7GQnnkxXzNanBHcVvR76DNRQzWQ2MdY2voS9wS21S09rXcS1Oh4opLqfESZikLSdkK1n3LW6wxFvzuTCNWffO1MQwgc7fFddIjQq5iQmll8n0r0Q14BuU05mLuRrqJI_Hj_0LNrTU3k0mPTBcovZ5phAVzJR7HlWEzbVFHBikTM5egq0VuAntaarA9tLnTwUC5Q4o4JaWuAmn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET heho.com.tw
ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/ Frame 173E 0
0

GET heho.com.tw
ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/ Frame 4B55 0
0

GET
H2 200 heho.com.tw Show response
ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/ Frame 2483 7 KB
3 KB 259ms
259ms Document
text/html 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6f8f0d78c296031efe8b806ec25620e2b7c71b5c29d6ee877f593089b882179e

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:55 GMT
etag: W/"1c84-Ugyr3QzBMO9hr9KlVTxfLBwMfl0"
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 heho.com.tw Show response
ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/ Frame 7FAF 7 KB
3 KB 254ms
254ms Document
text/html 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1ad9cbd726fbcd13ec4ade25f8ddc3487f45e75ecd49b6a1a1dd1a4a3cc59ab9

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:55 GMT
etag: W/"1c95-dWstkrt0rOn32SPyUcIx6A2nASo"
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding

OPTIONS
H2 200 do_add
oxra.com.tw/sl/pv/ Frame 0
0 230ms
230ms Preflight
text/html 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sl/pv/do_add
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heho.com.tw
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://heho.com.tw
allow: POST
content-length: 4
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:55 GMT
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server: nginx
vary: Accept-Encoding

POST
H2 200 do_add
oxra.com.tw/sl/pv/ 0
0 3589ms
3589ms Fetch 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sl/pv/do_add
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://heho.com.tw
date: Fri, 01 Dec 2023 22:43:55 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-headers: Content-Type, Authorization
vary: X-HTTP-Method-Override
access-control-allow-methods: GET, OPTIONS

GET
H3

200

1699839115.979.png
img.heho.com.tw/wp-content/uploads/2023/11/
Redirect Chain

https://heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png
https://img.heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png

9 KB
10 KB

23ms
23ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a3444723e0dd36e3099deb59133ba82203985f1eba230a07e7ce8eb43b1e1f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 312874
alt-svc: h3=":443"; ma=86400
content-length: 9491
last-modified: Mon, 13 Nov 2023 01:31:57 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzGnD492f9x9cfwHIaQS0lC5gXol15cVg14Pxvy%2BNcO0aeLFC5FmbCVKRt44D829PtbTtXtocU52v8KKHDxAVYoxK3eLWIZT9gp9zVQhTMLPzgRBXkVMIljaxqsgD62YxH4A1D6ulDFbdzSW6Gc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f5166b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2023/11/1699839115.979.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 355
content-type: text/html; charset=iso-8859-1

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F0E2 0
0 51ms
51ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssRqOXxffdjp5OjRGoiQttFS8P7sJY_xAxgOpbjUJbHt5kxEnYy56Uiue4RyPQeP06Qo8mQGR_v0tjP71J4aa4x9ijMgXqdYOxgIT75aoWorAf5uvN9p8VN0nJZOtsHgZ9SPNuYb1aws7oGKrjyHlbu5QrY2ymh58MpYZXVtCQgpAnBulJ2Xms3GQISgGH74nwcW8PwGw52Sm0VUkBf1lxEBFp_jtAzSjFqJg-7m6BmjAtXTODq53Bzw296yaDNwoN-tqn7d9nB4rPF3DZMAUMcCdWhQBA8HdQ5oOuYqk9OsOEnH7y-Y-BfKHEd9Dh7O0_tqK2b4USs_oaH1EDE6S1GmUWmiEcfonucbLqC8UWxLHI21Fxr41ycEF8qk4QNkhxsN86zskV46mK6nViFYGpuwvaqYKbQ31yK8f_X9UuJRjMfSlNQCVZBwf5DHhIINAiIG7e17eixcK7kNHWl00c5KhI7pcWxQHAob5QG5XTbE8FG0Ax87pbfJkMO8nhio_33HFHn9H1dU4ETbYwwmlvO9wx2s9wAd_0Bgr8dICb9TnKjMBoBXx2pzsjfAj-Dy1XsmwD9y5lRXGIZnEvbOPoDLsD_S0XKKIZWxCr9Y7Ny27Dkb1LYIam3hcq3lWKuRXuPI0PfiV6MAX6oNhvhkzs9RMmjvYxiJ9Zw-WHMpAFFZThqHBtoIzgQtFpWpCfd8SOjax9XjbPOo8Y5PKgfr19MY99P8f9m3o86Z7q2U-9aL8XiiQKoO4Htz_rcqikAAlLuYHlvf0l33AZgs3h1LMr5C6tozHEbQXaj5w5wzL8u36xdHPVHUmOkJk3SbbP-FVDUJ4jdGHkt-Qfoy08flv88bMVTPJg5Jw2LuYBwVDoCMKXxwoXLc3KJH51bw8BO0VlRgI2tKJtwAcSevrB0h_yPYDzW8YwzREn3vqPGKy4SIvHeLuuRnoSsAlHepUMvA3Ha-Pba85BTaacPx1c1w5jIy-uON8ufS3DNsmxiUqZnjoHNyo9C0JbaMo5npLYgYBy2LdVJegd5j6aeeKahQ0RDrkU6M6MvPhFUmJ2ivIjtYf0FdNlEv-NoOv6QCoJ7WvyiqbgsAFaHOjPVokoYWqT-8EfNjwycNX5UzVY6VoqrmZXzkkzWL8XeXCUMAUOyoej9weN9kU9B8Ll0mJePYKZaYB6FtsrahLvt-ENmifwL6WEmN32pfxEmjPJz6-567RTa1FkpkwU8Hpoe3QXaC7gYtJ15UIVfrLhQwyDFArt06fPIkRRQu-Uic6VVfQXr1HzRDd9sWOaFJmD9ZX_6HJqLWtuzViugg9_kZL2swZAeh4twexm4fUwl1A_cKQ87XSkMiDynQwePvd_qtIreFnhJLaywMLXLBThA&sai=AMfl-YQTUAPdnwRQawWCVcEq8DuVTqMXpOfOj0kd__BAJ_2ewoANTZugdOKWU_fUD5YHhUm8gtdqtiAH3VySnZgmxnjfJnw-kLob4DhDZWz5GAStvlYltgRuQzSQxIxNuPaiztHgw4xsQCkPbmRQAz8OxMg8Qzr7v9AGHn4OFm98IXXNzTDiSYiFjLgxBxZjmcKrL7KadfPsbLSKovhKZGY4MhGvxx1FDoFN3kzJPXmF10SSDa6tVvzuQAVGzsbXKakhabe9AMA&sig=Cg0ArKJSzONd2o4hhoI7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=250&vt=11&dtpt=160&dett=3&cstd=88&cisv=r20231129.33853&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: heho.com.tw
URL: https://heho.com.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 200 do_add
oxra.com.tw/sl/pv/ 0
0 3587ms
3586ms Fetch 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sl/pv/do_add
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-global.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://heho.com.tw
date: Fri, 01 Dec 2023 22:43:55 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-headers: Content-Type, Authorization
vary: X-HTTP-Method-Override
access-control-allow-methods: GET, OPTIONS

OPTIONS
H2 200 do_add
oxra.com.tw/sl/pv/ Frame 0
0 230ms
230ms Preflight
text/html 61.219.68.119
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://oxra.com.tw/sl/pv/do_add
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 61.219.68.119 Taipei, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 61-219-68-119.hinet-ip.hinet.net
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heho.com.tw
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://heho.com.tw
allow: POST
content-length: 4
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 22:43:55 GMT
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server: nginx
vary: Accept-Encoding

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 3796ms
3484ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK1IA,time:107,type:e,im:%7Bpci:%7Btdr:69%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:107,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B102~0%5D,as:%5B102~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:56 GMT
server: nginx
x-server-name: dt24.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 bootstrap.min.css
unpkg.com/bootstrap@4.5.3/dist/css/ Frame 7FAF 157 KB
24 KB 19ms
19ms Stylesheet
text/css 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ml.oxra.com.tw/
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1629251
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HF3727X3NWAJR2VB3FZQW44S-fra
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 82eeda11dad4691f-FRA

GET
H2 200 bootstrap.min.css
unpkg.com/bootstrap@4.5.3/dist/css/ Frame 2483 157 KB
24 KB 19ms
19ms Stylesheet
text/css 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ml.oxra.com.tw/
Origin: https://ml.oxra.com.tw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1629251
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HF3727X3NWAJR2VB3FZQW44S-fra
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 82eeda11dadc691f-FRA

GET
H2 200 heho-mkt-recml.js Show response
ml.oxra.com.tw/ox/mkt/js/ Frame 7FAF 9 KB
2 KB 3544ms
3544ms Script
application/javascript 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-recml.js
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bf54ca999785e94d3692084aedd7379cdfa4f722acc00c50b937ff30f830122c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
last-modified: Wed, 15 Feb 2023 09:35:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"63eca76a-241a"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 1699492760.5591.png
lifestyle.heho.com.tw/wp-content/uploads/2023/11/ Frame 7FAF 229 KB
230 KB 4310ms
506ms Image
image/png 139.162.79.137
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lifestyle.heho.com.tw/wp-content/uploads/2023/11/1699492760.5591.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 139.162.79.137 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 139-162-79-137.ip.linodeusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: d71a472191ca500c7dbcdc6cf3bb86fada4c0b5f5b787a936e66b61f6288cde0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
last-modified: Thu, 09 Nov 2023 01:19:25 GMT
server: Apache/2.4.41 (Ubuntu)
content-type: image/png
cache-control: max-age=10368000
accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
content-length: 234688
expires: max-age=A10368000, public

GET
H3 200 1701240171.2928.jpg
img.heho.com.tw/wp-content/uploads/2023/11/ Frame 7FAF 237 KB
237 KB 25ms
24ms Image
image/jpeg 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1701240171.2928.jpg
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c37959ecaf7cbc7222f9be9dc9004783aedddc45b3e145d4b1a974bba439a72d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44546
alt-svc: h3=":443"; ma=86400
content-length: 242527
last-modified: Wed, 29 Nov 2023 06:42:57 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gd3KAM%2Bff5s0kbVUdRP19QFDarqEqHHmLmut4GUWV9dh9C4PTMU4KbaRaRMYpzVygipQQqFbh%2FynXAdav3ZFG3eZE%2FluZuIBgPXfhihler0puII7YsTIUnXZyHI0%2F3oLjusWSwXCKIKS9m%2FUFI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f5866b5-AMS
expires: max-age=2592000, public

GET
H3 200 1700709156.6208.png
img.heho.com.tw/wp-content/uploads/2023/11/ Frame 7FAF 144 KB
145 KB 24ms
22ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1700709156.6208.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db0623a4d90cd6a4f227eda34ddc4a05ece6cccfadb3c9e7da4ac09a04a6fc64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249059
alt-svc: h3=":443"; ma=86400
content-length: 147560
last-modified: Thu, 23 Nov 2023 03:12:41 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPPRQGvg76kHUiUYqinbikgbF0GbVPD3R9q9tVxDUwWGc5Irq2lxxgHPgPXn6WjzETVwpKxjFshK4ufp%2F0Y%2BAgUb%2FZ3qlQTWDVVsRWY2dSs6zuV4lRsMxsOvR%2FaJP7qisQPhuDZeLSc5g4OXQhg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f5c66b5-AMS
expires: max-age=2592000, public

GET
H2 200 1700217365.9648.jpg
kids.heho.com.tw/wp-content/uploads/2023/11/ Frame 7FAF 66 KB
66 KB 5035ms
1240ms Image
image/jpeg 139.162.79.137
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kids.heho.com.tw/wp-content/uploads/2023/11/1700217365.9648.jpg
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 139.162.79.137 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 139-162-79-137.ip.linodeusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: b793b1e8e9f256547a510f65c5821c8084cd72e67a4e2af9437c9429268a5bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
last-modified: Fri, 17 Nov 2023 10:36:05 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 67670
expires: Sat, 30 Mar 2024 22:43:59 GMT

GET
H3

200

1669174013.0565.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 7FAF
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png

2 KB
2 KB

22ms
21ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2ecb4dd57033b4d5ce93ed5ee31f6e7ae13e0208ffed843a8a25809e6c186a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249063
alt-svc: h3=":443"; ma=86400
content-length: 2059
last-modified: Wed, 23 Nov 2022 03:26:54 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0YkdGp5vg2Wk9eHUsfAMxeLN39hdKHG%2F6WtBdRzWiKHxeE7OXcD3qoaAd49kb5s0NWnrr2UneVSUqjDrVc5Z4dPXxStYa1%2FaIyQMhJnIr6ZYi49wfgN0NwPAK775g969vq7pDqrN1xC7uIDGHI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838f866b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669174013.0565.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1669173726.3519.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 7FAF
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png

12 KB
13 KB

24ms
23ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39b2a26dc249d0368798ce01da3e9785958eb925e608eb4729607f10ecf51241

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44549
alt-svc: h3=":443"; ma=86400
content-length: 12748
last-modified: Wed, 23 Nov 2022 03:22:08 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8ASa%2BkPEu5ve8FG8lkhtbU5sKZNcBJxUufKg3xvzn5WWMrpexMO94hIGEo9CjS28UwGvNTZ5Qt%2FJvuDtimsjengaCPNT%2BzHHMrunO%2FfgF466yx9FjaxbLGnb0sYSR4xIwmQ04J6xz%2F52NeDwvs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838fa66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 1689755246.8803.png
img.heho.com.tw/wp-content/uploads/2023/04/ Frame 7FAF 5 KB
6 KB 21ms
20ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f54070450baf09b19fdbe1d661a5b05eaec9b8a60353a4cf91ce60df518469a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 224751
alt-svc: h3=":443"; ma=86400
content-length: 5344
last-modified: Wed, 19 Jul 2023 08:27:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjSvZI7MN1z0XSgeO8VFLuTlpzLgFOe%2BkfiK0mgRkjS6Djk5bNekKRIYfjOdhscVOtyzll55kc8pwKVmCBW275X0nOEctTLZ5%2FrNx4LiCVNGZhIjCQcrq%2B5%2F7tC%2FNlSheWGxAk5j0h1s6kU%2FemA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f5e66b5-AMS
expires: max-age=2592000, public

GET
H3

200

1669176277.7766.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 7FAF
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png

5 KB
6 KB

26ms
25ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5b17f07bd0d24edb3a5883b7fc3e77b39be07cd99131fbd33b7873fda49b165

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249063
alt-svc: h3=":443"; ma=86400
content-length: 5377
last-modified: Wed, 23 Nov 2022 04:04:39 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AvMQFCSPGu74hEkQXTqdFOD%2BXoChchiDlsdZ4utAQcjSJG8%2BlYmQYsncqI%2FhmNDGkKpu4ERQhItMaUjjJ2WGWiVWNI68PlIMpMJDA6D4Ai6CTc%2FsfkpHHLVF%2BkK4FGhYbZBzd%2F05xjS9GMl%2BWsE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838fc66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H2 200 heho-mkt-recml.js Show response
ml.oxra.com.tw/ox/mkt/js/ Frame 2483 9 KB
2 KB 3541ms
3541ms Script
application/javascript 139.162.82.98
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml.oxra.com.tw/ox/mkt/js/heho-mkt-recml.js
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.162.82.98 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1562-98.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bf54ca999785e94d3692084aedd7379cdfa4f722acc00c50b937ff30f830122c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
content-encoding: gzip
last-modified: Wed, 15 Feb 2023 09:35:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"63eca76a-241a"
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 1701240171.2928.jpg
img.heho.com.tw/wp-content/uploads/2023/11/ Frame 2483 237 KB
237 KB 35ms
34ms Image
image/jpeg 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1701240171.2928.jpg
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c37959ecaf7cbc7222f9be9dc9004783aedddc45b3e145d4b1a974bba439a72d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44546
alt-svc: h3=":443"; ma=86400
content-length: 242527
last-modified: Wed, 29 Nov 2023 06:42:57 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRYrfuVMT5EJakBpng%2BYAk5lMCQUxDmqc4mv8bYM8IWLT3S6zxgHzjXtrqGrHlD5Y6biTJWbqXrrcfZO%2BMNJH1tcQox2C2KOr5ocrIkBWmTddKmtbAOFucOcrTELnVuyKsrE4PPlt7CFVxVLkk4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f5f66b5-AMS
expires: max-age=2592000, public

GET
H3 200 %E6%94%BE%E5%B0%84%E6%B2%BB%E7%99%82-01.png
img.heho.com.tw/wp-content/uploads/2018/07/ Frame 2483 143 KB
143 KB 39ms
38ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2018/07/%E6%94%BE%E5%B0%84%E6%B2%BB%E7%99%82-01.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 725433fd99ff2c6146ab607f69d833fb207db0167a1886481e39b79da8728d98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13187
alt-svc: h3=":443"; ma=86400
content-length: 146297
last-modified: Thu, 27 Aug 2020 06:40:37 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JK7OkHTo9FCKep8%2BAMJH3KL2ssGq8eGNfT%2FGqZSEX38sE5tIttCV0WKwbwFmwTzbcFj663Da5qwUGGT5SU%2FooT08Sp%2FGP%2FEWIBm0xXjidrwlSV0W5OB3bY06QFairM03NJSrc5z6NM%2FG%2BVSuaFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f6066b5-AMS
expires: max-age=2592000, public

GET
H3 200 1701308462.2435.png
img.heho.com.tw/wp-content/uploads/2023/11/ Frame 2483 156 KB
157 KB 44ms
43ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/11/1701308462.2435.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 577720b3510897fca3bfe22da77990ae5e29eee049e1a1420490c5d3998cb436

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 143896
alt-svc: h3=":443"; ma=86400
content-length: 159938
last-modified: Thu, 30 Nov 2023 01:41:07 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pC0JcUlgfrUfMbh3%2FdgBcPXjDgtzUINVk%2Br82aQIiqTmC9MdzvvUo%2BlQNPfd1xrqonBuG2Khni09TN6Cpyb28aVkeXnShJP3wE2bYduPKiBG9ufTVg3XdVVRf8UrHp8FXhzQ%2FREzDAZAmoDfCk8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f6166b5-AMS
expires: max-age=2592000, public

GET
H2 200 1701404666.701.jpg
kids.heho.com.tw/wp-content/uploads/2023/12/ Frame 2483 357 KB
357 KB 4046ms
254ms Image
image/jpeg 139.162.79.137
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kids.heho.com.tw/wp-content/uploads/2023/12/1701404666.701.jpg
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 139.162.79.137 Tokyo, Japan, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 139-162-79-137.ip.linodeusercontent.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: b7414b46962c0142ab4b8b26473943aac1db88fac3f9011004107c18513985f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
last-modified: Fri, 01 Dec 2023 04:24:25 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=10368000, public
accept-ranges: bytes
content-length: 365125
expires: Sat, 30 Mar 2024 22:43:59 GMT

GET
H3

200

1669173726.3519.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 2483
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png

12 KB
13 KB

23ms
22ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39b2a26dc249d0368798ce01da3e9785958eb925e608eb4729607f10ecf51241

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44549
alt-svc: h3=":443"; ma=86400
content-length: 12748
last-modified: Wed, 23 Nov 2022 03:22:08 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTbSGnFXkbdRitKvISshFU9L%2BCA0reEpssrZbZPbybOsA1BrF02psODaS5jrBfwBzzD6EXmAykpaS1ot1HTMST1O22CG%2Fyhjn%2BXEWOTzYapELzVSGyAq6%2FFSw2ey6YBickS4ERanMWR2NUca0ts%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838fd66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669173726.3519.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3 200 1689755246.8803.png
img.heho.com.tw/wp-content/uploads/2023/04/ Frame 2483 5 KB
6 KB 45ms
44ms Image
image/png 2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2023/04/1689755246.8803.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f54070450baf09b19fdbe1d661a5b05eaec9b8a60353a4cf91ce60df518469a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 224751
alt-svc: h3=":443"; ma=86400
content-length: 5344
last-modified: Wed, 19 Jul 2023 08:27:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNlF%2FwcqlVxDNargZ9F7JiV9JeTELu05OKqLLoXd52CcLALqNOZOUgR78ifze2LFR1IBAuDRb68UHXeNG8wVhNTsIQ%2F8lxYC1to0VTXO4OIFBBpEIADxjr4gjOFlruWLJ570TLmU6NxJvPYCbDc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda120f6266b5-AMS
expires: max-age=2592000, public

GET
H3

200

1669176277.7766.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 2483
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png

5 KB
6 KB

27ms
26ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5b17f07bd0d24edb3a5883b7fc3e77b39be07cd99131fbd33b7873fda49b165

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 249063
alt-svc: h3=":443"; ma=86400
content-length: 5377
last-modified: Wed, 23 Nov 2022 04:04:39 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAm0UOm%2B6fShUEIaCufQjYpcFpX5XzHlt5GCSVu%2Fbb009Iyy%2FHPxTb5O97Mv9FJob9su784DpS00ZfxNNJAkQXT3GCcfesvxIUxrF%2FufdLT%2FkVDZzdJQ3dLSrkMk3vdbkvrNLBP35G2JAQWt3Uo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838fe66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669176277.7766.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H3

200

1669174009.0122.png
img.heho.com.tw/wp-content/uploads/2022/11/ Frame 2483
Redirect Chain

https://heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png
https://img.heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png

2 KB
2 KB

25ms
25ms

Image
image/png

2606:4700:3038::6815:ebd5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png
Requested by: Host: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw
Protocol: H3
Server: 2606:4700:3038::6815:ebd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afd50883e5a14dc60ab697ca8272c575fdaca96c69eb11ff5edc092752520d6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ml.oxra.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:43:59 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608086
alt-svc: h3=":443"; ma=86400
content-length: 1609
last-modified: Wed, 23 Nov 2022 03:26:50 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7bXhRYFi0hqChYpDPw3gNHH81xu%2FvfrYFBcLlvh3kCjgtfw1tA6kS8sYkNVQn%2FUOtDzEgfvDYOlgXUpCFypBsNRVgevPgNpQSoJn8A3Dg2imhlXE7PTDFaPAR%2BJgRBUZ4RfeCc1JocgSdKjVhU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 82eeda2838fb66b5-AMS
expires: max-age=2592000, public

Redirect headers

location: https://img.heho.com.tw/wp-content/uploads/2022/11/1669174009.0122.png
date: Fri, 01 Dec 2023 22:43:55 GMT
via: 1.1 google
server: Apache/2.4.41 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 356
content-type: text/html; charset=iso-8859-1

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 3503ms
3483ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK1Ni,pingTime:-10,time:399,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE5OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1701470635875%7C%7C3df435fcd832c134a075741318e5f9a6%7C%7C9d9fcb00733e98b40e93b73c4ea99695%7C%7Cf987d72842a71ac792527fa73cfbe944%7C%7Ce858a786ff49fe674f98eafc8ee0a595%7C%7C49f103973455c4f42f4f9ff9505e9659%7C%7C105fb235b5049dfba49fd4f872c89d40%7C%7Cefa5ad9e8ef605a4856f094edbcf32a0%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:56 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
291 B 3363ms
3363ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://heho.com.tw
Date: Fri, 01 Dec 2023 22:43:59 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F0E2 42 B
64 B 3106ms
56ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstWrUhtyanl73GsumB_0Fif6MPUOvSBvr0eL33Ilur54ymiS2qp1BvAffrPm4IVNJcGqXwMQc24PnIwbaL6D1fFkj-TrvBASr3LY-jbv3qiffBxJnCtqXByibpPOynssaLieHJv3fwTnteZ&sai=AMfl-YQe7eH-Ue2OiC29g4YL7y3KIE0t6SYr55uLkplYrxU3gNakeZb6jbHRN_IrgPy5j_-0hZnExTT7yS4-ZHUKyYdy9aOssxDmbFd-3D9ck5iZD_QWDYxwZLH7yA59gbUGeIKiF7hzIqY&sig=Cg0ArKJSzB26Xrlu7CpCEAE&cid=CAQSPADICaaNcqI2X0qEeDpzg6Xe3CICy4LFD_1EmWidtrjdBCSoJA7WLjngxS4OLT010RxxnG0tKNhGvftDpxgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4021446544&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701470635118&rpt=201&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 2024ms
2023ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK2e6,pingTime:1,time:2061,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:1060%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1060,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1055~0,1~100%5D,as:%5B1056~728.90%5D%7D%7D,%7Bsl:i,t:1060,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:120%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:59 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 2025ms
2024ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK2e6,pingTime:1,time:2061,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:1060%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1060,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1055~0,1~100%5D,as:%5B1056~728.90%5D%7D%7D,%7Bsl:i,t:1060,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:120%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5693807149055825&output=html&h=120&slotname=5043471010&adk=4021446544&adf=3642469225&pi=t.ma~as.5043471010&w=1050&fwrn=4&fwrnh=100&lmt=1701469803&rafmt=12&format=1050x120&url=https%3A%2F%2Fheho.com.tw%2F&ea=0&fwr=0&fwrattr=true&rh=120&rw=1050&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701470633636&bpp=2&bdt=632&idt=203&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=5208131103481&frm=20&pv=2&ga_vid=592758939.1701470634&ga_sid=1701470634&ga_hid=518088041&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=275&ady=766&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C31079759%2C44809005%2C44809316%2C31078301%2C31079890%2C44806139%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=1856709619181146&tmod=1612921631&uas=0&nvt=1&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:59 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 19ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-LDJQEPLLSR&gtm=45je3bt0v877969751&_p=1701470633475&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=592758939.1701470634&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEII&sid=1701470633&sct=1&seg=0&dl=https%3A%2F%2Fheho.com.tw%2F&dt=Heho%E5%81%A5%E5%BA%B7%20-%20%E6%9C%80%E5%A4%9A%E4%BA%BA%E7%9C%8B%E7%9A%84%E5%B0%88%E6%A5%AD%E5%81%A5%E5%BA%B7%E5%AA%92%E9%AB%94&_s=2&tfd=6937
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LDJQEPLLSR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:43:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heho.com.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK td_js_sdk_171.js Show response
api.popin.cc/ 34 KB
13 KB 535ms
535ms Script
text/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/td_js_sdk_171.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/heho_tw.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 19bfbd81c70637ae0a6fe5f07f112bdab13cf9c2ea5d54b70320df8f54fcc07b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 22:43:59 GMT
x-amz-version-id: null
Content-Encoding: gzip
Last-Modified: Thu, 11 Jan 2018 09:42:51 GMT
Server: nginx
ETag: W/"17b2e8b253e693d224f7d8407e28e1ea"
X-Cache-Status: HIT from 10.252.55.44
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Fri, 01 Dec 2023 23:43:59 GMT

GET
H2 200 recommend Show response
tw.popin.cc/popin_discovery/ 121 KB
57 KB 1130ms
619ms Script
application/javascript 119.63.198.189
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://tw.popin.cc/popin_discovery/recommend?mode=new&ad=20&country=tw&url=https%3A%2F%2Fheho.com.tw%2F&&device=pc&media=heho.com.tw&extra=windows&agency=nissin_tw&topn=50&ad=10&r_category=all&country=tw&redirect=false&uid=cc61abd0596406fe2941701467039645&info=eyJ1c2VyX3RkX29zIjoiV2luZG93cyIsInVzZXJfdGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInVzZXJfdGRfYnJvd3NlciI6IkNocm9tZSIsInVzZXJfdGRfYnJvd3Nlcl92ZXJzaW9uIjoiMTE5LjAuNjA0NSIsInVzZXJfdGRfc2NyZWVuIjoiMTYwMHgxMjAwIiwidXNlcl90ZF92aWV3cG9ydCI6IjE2MDB4MTIwMCIsInVzZXJfdGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE5OSBTYWZhcmkvNTM3LjM2IiwidXNlcl90ZF9yZWZlcnJlciI6IiIsInVzZXJfdGRfcGF0aCI6Ii8iLCJ1c2VyX3RkX2NoYXJzZXQiOiJ1dGYtOCIsInVzZXJfdGRfbGFuZ3VhZ2UiOiJlbi11cyIsInVzZXJfdGRfY29sb3IiOiIyNC1iaXQiLCJ1c2VyX3RkX3RpdGxlIjoiSGVobyVFNSU4MSVBNSVFNSVCQSVCNyUyMC0lMjAlRTYlOUMlODAlRTUlQTQlOUElRTQlQkElQkElRTclOUMlOEIlRTclOUElODQlRTUlQjAlODglRTYlQTUlQUQlRTUlODElQTUlRTUlQkElQjclRTUlQUElOTIlRTklQUIlOTQiLCJ1c2VyX3RkX3VybCI6Imh0dHBzOi8vaGVoby5jb20udHcvIiwidXNlcl90ZF9wbGF0Zm9ybSI6IldpbjMyIiwidXNlcl90ZF9ob3N0IjoiaGVoby5jb20udHciLCJ1c2VyX2RldmljZSI6InBjIiwidXNlcl90aW1lIjoxNzAxNDcwNjM5NjQ1LCJmcnVpdF9ib3hfcG9zaXRpb24iOiIiLCJmcnVpdF9zdHlsZSI6IiJ9&callback=_p6_9abf734ea490
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/heho_tw.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.189 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 9ab522d2857bd938ff452a1f0bc6321d847bf4b8707c74a3fd32a576e9406647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:00 GMT
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: nginx/1.13.5
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8

GET
H/1.1 200
OK popin_discovery5-min.js Show response
api.popin.cc/ 156 KB
43 KB 525ms
525ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/popin_discovery5-min.js
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/searchbox/heho_tw.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 775513625d482ba9eacab66da77d2b02d5d7f15788c270bb1295add4926c6284

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 22:43:59 GMT
x-amz-version-id: rMjFgUNkSodLPiS9pNV2rTlSUT0KRhgZ
Content-Encoding: gzip
Last-Modified: Wed, 04 Jan 2023 06:45:28 GMT
Server: nginx
ETag: W/"dea14647ed42ad93bfc3d619993107a4"
X-Cache-Status: HIT from 10.252.55.44
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Fri, 01 Dec 2023 23:43:59 GMT

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
222 B 762ms
249ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNCwidWEiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE5LjAuNjA0NS4xOTkgU2FmYXJpLzUzNy4zNiIsImFwaV9ob3N0IjoidHcucG9waW4uY2MiLCJkZXZpY2UiOiJwYyIsIm1lZGlhIjoiaGVoby5jb20udHciLCJ1cmwiOiJodHRwczovL2hlaG8uY29tLnR3LyIsImxvYyI6Imh0dHBzOi8vaGVoby5jb20udHcvIiwidGRfb3MiOiJXaW5kb3dzIiwidGRfdXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE5OSBTYWZhcmkvNTM3LjM2IiwidGRfb3NfdmVyc2lvbiI6IjEwLjAuMCIsInRkX2Jyb3dzZXIiOiJDaHJvbWUiLCJ0ZF9icm93c2VyX3ZlcnNpb24iOiIxMTkuMC42MDQ1In0=&t=1701470639647
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:00 GMT
last-modified: Thu, 13 Dec 2018 07:32:33 GMT
server: nginx/1.13.5
etag: "5c120b11-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
222 B 760ms
248ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjowLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6ImhlaG8uY29tLnR3IiwidXJsIjoiaHR0cHM6Ly9oZWhvLmNvbS50dy8iLCJ1aWQiOiJjYzYxYWJkMDU5NjQwNmZlMjk0MTcwMTQ2NzAzOTY0NSIsInRkX3RpdGxlIjoiIiwiYWJ0ZXN0IjoidGVzdF9iIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjYsInRkX29zIjoiV2luZG93cyIsInRkX29zX3ZlcnNpb24iOiIxMC4wLjAiLCJ0ZF9icm93c2VyIjoiQ2hyb21lIiwidGRfYnJvd3Nlcl92ZXJzaW9uIjoiMTE5LjAuNjA0NSIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE5LjAuNjA0NS4xOTkgU2FmYXJpLzUzNy4zNiJ9&t=1701470639649
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:00 GMT
last-modified: Thu, 13 Dec 2018 07:32:33 GMT
server: nginx/1.13.5
etag: "5c120b11-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E2 0
20 B 49ms
49ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6248207546824&version=m202309260101&ct=76&x=1&cor=4606272820425704000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:44:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK popin_send_cookie_set_fail.js Show response
api.popin.cc/test/ 14 KB
4 KB 261ms
261ms Script
application/javascript 119.63.193.220
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to

Full URL: https://api.popin.cc/test/popin_send_cookie_set_fail.js?20201223
Requested by: Host: api.popin.cc
URL: https://api.popin.cc/popin_discovery5-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.193.220 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 5cd346875d100956f33b228c65b2eea3e958621a4d906b95c612c0c0c617a2d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 22:44:00 GMT
x-amz-version-id: NVPBtcLlaQ0R5YVGUD48RBS0d2V00MrK
Content-Encoding: gzip
Last-Modified: Mon, 11 Oct 2021 03:29:29 GMT
Server: nginx
ETag: W/"27aab2e5fb58e044704790074416e410"
X-Cache-Status: HIT from 10.252.55.44
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Fri, 01 Dec 2023 23:44:00 GMT

GET
H2 200 discoverylogs
log.popin.cc/log/popin_media/ 66 B
222 B 247ms
247ms Image
image/jpeg 119.63.198.143
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.popin.cc/log/popin_media/discoverylogs?data=eyJ0eXBlIjoxNSwicGFyYW0xIjoxLCJhcGlfaG9zdCI6InR3LnBvcGluLmNjIiwiZGV2aWNlIjoicGMiLCJtZWRpYSI6ImhlaG8uY29tLnR3IiwidXJsIjoiaHR0cHM6Ly9oZWhvLmNvbS50dy8iLCJ1aWQiOiJjYzYxYWJkMDU5NjQwNmZlMjk0MTcwMTQ2NzAzOTY0NSIsInRkX3ZlcnNpb24iOiIxLjcuMSIsInRkX2NsaWVudF9pZCI6Ijg2OWRiNzRkLTJhODYtNDM4Mi05YTUxLTExZDdiZTM5NzVjMyIsInRkX2NoYXJzZXQiOiJ1dGYtOCIsInRkX2xhbmd1YWdlIjoiZW4tdXMiLCJ0ZF9jb2xvciI6IjI0LWJpdCIsInRkX3NjcmVlbiI6IjE2MDB4MTIwMCIsInRkX3ZpZXdwb3J0IjoiMTYwMHgxMjAwIiwidGRfdGl0bGUiOiIiLCJ0ZF91cmwiOiJodHRwczovL2hlaG8uY29tLnR3LyIsInRkX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE5LjAuNjA0NS4xOTkgU2FmYXJpLzUzNy4zNiIsInRkX3BsYXRmb3JtIjoiV2luMzIiLCJ0ZF9ob3N0IjoiaGVoby5jb20udHciLCJ0ZF9wYXRoIjoiLyIsInRkX3JlZmVycmVyIjoiIiwidGRfYnJvd3NlciI6IkNocm9tZSIsInRkX2Jyb3dzZXJfdmVyc2lvbiI6IjExOS4wLjYwNDUiLCJ0ZF9vcyI6IldpbmRvd3MiLCJ0ZF9vc192ZXJzaW9uIjoiMTAuMC4wIiwiY2xpZW50X2lkIjoiODY5ZGI3NGQtMmE4Ni00MzgyLTlhNTEtMTFkN2JlMzk3NWMzIiwiYWJ0ZXN0IjoidGVzdF9iIiwiZXh0cmEiOiIiLCJpbnRlcmFjdGlvbl9udW1iZXIiOjAsInBvcGluX3ZlcnNpb24iOjZ9&t=1701470641275
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.143 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx/1.13.5 /
Resource Hash: 654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:01 GMT
last-modified: Thu, 13 Dec 2018 07:32:33 GMT
server: nginx/1.13.5
etag: "5c120b11-42"
content-type: image/jpeg
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 66

GET
H2 200 log.gif
r.popin.cc/ 35 B
186 B 811ms
266ms Image
image/gif 119.63.198.188
BAIDUJP Baidu

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.popin.cc/log.gif?type=related-tw&uid=cc61abd0596406fe2941701467039645&url=https%3A%2F%2Fheho.com.tw%2F&t=1701470641277
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 119.63.198.188 , Japan, ASN38627 (BAIDUJP Baidu, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:01 GMT
last-modified: Tue, 10 Sep 2019 08:00:29 GMT
server: nginx
etag: "5d77581d-23"
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 192ms
192ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK3gC,pingTime:5,time:6061,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:1060%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1060,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1055~0,1~100%5D,as:%5B1056~728.90%5D%7D%7D,%7Bsl:i,t:1060,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:2027,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:120%7D&br=c
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:44:01 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame F0E2 43 B
215 B 193ms
192ms Image
image/gif 2600:1f13:800:7781:5f9f:1259:c76c:3ebc
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=68f6326b-f26a-b90a-855c-1b30e53cfe91&tv=%7Bc:vAK3gC,pingTime:5,time:6061,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:1060%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1060,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1055~0,1~100%5D,as:%5B1056~728.90%5D%7D%7D,%7Bsl:i,t:1060,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:2027,fm:tXelo9L+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C1513%7C1611%7C1612%7C1613%7C17%7C18%7C191%7C1a,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:120%7D&br=c
Requested by: Host: heho.com.tw
URL: https://heho.com.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:5f9f:1259:c76c:3ebc Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:44:01 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
291 B 160ms
160ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://heho.com.tw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://heho.com.tw
Date: Fri, 01 Dec 2023 22:44:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&RedC=c.clarity.ms&MXFR=28D801487CCA603F0736129278CA6E75
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&MUID=2555B5D50DB8692731D2A60F0CB868C4

42 B
442 B

270ms
270ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&MUID=2555B5D50DB8692731D2A60F0CB868C4
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:44:01 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 22:44:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E74C7623BE9E484993E1A4572329D495 Ref B: FRAEDGE1905 Ref C: 2023-12-01T22:44:02Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=EE3F23E3F9944176AE9EAB240A0213D4&MUID=2555B5D50DB8692731D2A60F0CB868C4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 63ms
63ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231129&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d514cce284b84697807e2edfd2b39c6cae5923999d950ec4b3deb274e5db75e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12235
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 22:44:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7ED5 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 88053
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Nov 2023 22:16:29 GMT
expires: Fri, 29 Nov 2024 22:16:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AAE6 829 B
558 B 25ms
25ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b11b0a61603eb54102e9da29e7fade9c02b9a2544d714984754b217a0c93650c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-V7vL0keVGoBlVVaibuTYuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heho.com.tw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-V7vL0keVGoBlVVaibuTYuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:44:02 GMT
expires: Fri, 01 Dec 2023 22:44:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 7ED5 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:12:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Nov 2024 22:12:38 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AAE6 0
0 52ms
52ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231129&jk=1856709619181146&rc=05ALb3HLd9S0v5SwpCw08GCIeJ9uvj2afekk_55P_YATJ60sBwxeg5qrZxos4EGJ9EFv86mDU91MbKHueBwQE5L9XH3WYC87StlKW60VsQvE2Szmv20Ze0aGNhGJhnnDgRDztmirVwdxw39nvO63mSYNyrMNiJMA7iW25JP2HQn4yjYofBevv-dnnibZe2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7ED5 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8jKehQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 22:44:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 50ms
49ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231129&jk=1856709619181146&bg=!WlmlWRbNAAY3kmNgF5I7ADQBe5WfOAXrvyK_zycICEwq5DgjLK98azbgZFndD7IlqUC-_ESjv2qIUqD0GULrUW7A6utQAgAAADJSAAAAAmgBBwoAS4YoWUxB516mHSdzJ2NE1xWgnglL-sxbW60bk9wAgE7QhL8JOWi1w8-cZub5U8EQgXu_bnzqsh6KVSDWDBOpYaDhtP6mYxysw2Z_eJkC1RDQkcFBJOuuDG1g-W2lFFATxF6jyA5O_05rsKqYmkfHd2euEeEEz-C585bA9Wg9Snwa5gePyJnFCYxSHjWmjPVyYcG_yykqLaG4hDu8Cfb-vEdKpLJOyueIaIsF_g5lFE78fHLMckj7sL6x7JasdHTdNhETUoxWcwyeYfdxX_m2VGiqyqgWaY2Pgwt7oaI6XgKGBMX0OyCwzqXzcuK3ZnXB5YN1sJgipFfmA4JVd2rLBnvOoBA0tzZYne38KM-P6pNro_GXpQ9AMYHbooMeG1QhA5F4fbUp9rpqSQEu64sPnEm-hSlQiOKacpzyDcOtElJhkgPqjYvO6caSVEivVDF6K2Wu4WSNMaP6zh4yrGMDVBWkrI5NGaTbZgRzveFHbZ9-DPpSllPLpHbqYVW5kdHIttdnTpckDlS2twNq8Hbb6TyCtl2PQDWE7hWtL3bvV3o4Uk2HDwTidOdKpotgHCQW2lQJsQtheOvA1Tt9QMl5pJt_YI3jNz1si4wUckbMaaFnY51utizNvM8KTCRMuwQmx8MjR7qoStHYNrUPzmmDtu25Ft77YzbEPMLSXdhgUV3jT7WKpcz_doadKY2pKkL7a_nUPWDIfh2jdam5rMgIBLSuA8p_8MkaehSQ3A0DIdy3lxjINZf2Ht-Mezbsust4NG23bzlKqvk_RrDtA_V5rpcSjKEaYyTJJ_OsEgE0sHi_NiqIfU212BuVNG83yQOvs0TflQ6Sfboe1kZ0X_xN-lRsAY88eMF6DZW7lyedtGYTwkUsdoctgK2O7uA5FV9kOPPDk1enz_fRSj7WcaDrypJ85vvsZfWtn1QPM7290ZOb3wl5sEKc22epZF2hZnZiy0Bfe2w9ja272FCBb8urcXSr95vSlBe67JMdzh6792N7GN9xMcn6tnmOoLXPCPcVOdjxPd5gt75JQgZ0LtAMq2304CNqetIf1JvSMeJeaLC7XFVQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heho.com.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw

Domain: ml.oxra.com.tw
URL: https://ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf/heho.com.tw

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

58 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ml.oxra.com.tw/ra/mktv2/mkt-api-10/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf	1970-01-21 02:13:50	Name: heho_cid Value: e67748f5-9578-4bcb-fcc4-d55d3d2c6b46
ml.oxra.com.tw/ra/mktv2/mkt-api-11/0-heho.com.tw/0429dea1-d0f4-4537-e14c-d7eed30b81bf	1970-01-21 02:13:50	Name: heho_cid Value: e67748f5-9578-4bcb-fcc4-d55d3d2c6b46
.docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA	1970-01-20 16:37:54	Name: S Value: spreadsheet_forms=nWa8pumbDFL2W9b0oXGUvyakJ9KNq6R-d5L1Mq-nEoU
.docs.google.com/forms/d/e/1FAIpQLSdRbjQ4UWF29dHIQLWIiNnjAWjmXeI6AeSaeLi7ILXFjLJbZA	1970-01-20 16:37:54	Name: COMPASS Value: spreadsheet_forms=CjIACWuJV4hmBO49XLIvhB0j0rngwr2AHA_NhAXGAMSAz6v4GD7wJFxM-VsghrT-Vjn43RC536mrBho0AAlriVdsge9qpsEXkbUp1VeLXVoNbNq7zc5Mck89JYYRMOwMRc7GRqp2Vt5E_ffNvT7B6w==
www.google.com/recaptcha	1970-01-20 20:57:02	Name: _GRECAPTCHA Value: 09ALb3HLepnFsZ5CHzM_z2zVzaYij-ALleAentD9ky49AONCuiUM6AeuRXs7WfnfXb8ZlrsqmvVn7G_hKTv9T_i58
ml.oxra.com.tw/ox/mkt	1970-01-21 02:13:50	Name: heho_cid Value: e67748f5-9578-4bcb-fcc4-d55d3d2c6b46
www.clarity.ms/	1970-01-21 01:23:26	Name: CLID Value: 94108b69015b4b9eba7192918d16c759.20231201.20241130
.heho.com.tw/	1970-01-20 18:47:26	Name: _gcl_au Value: 1.1.698998776.1701470634
.heho.com.tw/	1970-01-21 01:23:26	Name: _clck Value: 18rk24j%7C2%7Cfh6%7C0%7C1430
.heho.com.tw/	1970-01-21 02:13:50	Name: _ga Value: GA1.3.592758939.1701470634
.heho.com.tw/	1970-01-20 16:39:17	Name: _gid Value: GA1.3.1091219218.1701470634
.heho.com.tw/	1970-01-20 16:37:50	Name: _gat_gtag_UA_105027460_1 Value: 1
.google.com/	1970-01-20 21:01:21	Name: NID Value: 511=fL0UuRmKtzYlJyneNQxFbc9IqZrM9TtXBKe2RZIA-rVvTkBd5VEVdRJYaPYQJAODtMHDnv39cQMSM9kEvXZPfjTs4wrhpTZxm6v9FijWfcfUcUQxy2de8tHJSeEhQ5uVmoNKRysA4EBwsAMLU8KjEOWOV6A0J8sQ9Qjf1Tp1ois
.heho.com.tw/	1970-01-20 16:39:17	Name: _clsk Value: wb1m98%7C1701470634156%7C1%7C1%7Cz.clarity.ms%2Fcollect
.adnxs.com/	1970-01-20 18:47:26	Name: uuid2 Value: 9132206707812513890
.heho.com.tw/	1970-01-21 01:59:26	Name: __gads Value: ID=6863b3003f5c394f:T=1701470633:RT=1701470633:S=ALNI_Macqn5W7dKQM4-fAarYzzlrvfADeA
.heho.com.tw/	1970-01-21 01:59:26	Name: __gpi Value: UID=00000d016883c875:T=1701470633:RT=1701470633:S=ALNI_MaVmLMVzGI2L2Dokc_Rh9CMb50s-g
.casalemedia.com/	1970-01-21 01:23:26	Name: CMID Value: ZWphqvS2CEsZA0uKm9AlwQAA
.casalemedia.com/	1970-01-20 18:47:26	Name: CMPS Value: 5211
.casalemedia.com/	1970-01-20 18:47:26	Name: CMPRO Value: 5211
.ctnsnet.com/	1970-01-21 01:23:26	Name: gid_CAESENHzR639UNXaWkegin2nPf0 Value: 1
.turn.com/	1970-01-20 20:57:02	Name: uid Value: 7000478457141543183
.yahoo.com/	1970-01-21 01:23:48	Name: A3 Value: d=AQABBKphamUCEJunTcHfun_2veqXJxkQ3CkFEgEBAQGza2V0ZQAAAAAA_eMAAA&S=AQAAAmFKumffrV2urH2KtRkNLdU
heho.com.tw/	1970-01-21 02:13:50	Name: heho_cid Value: e67748f5-9578-4bcb-fcc4-d55d3d2c6b46
.ctnsnet.com/	1970-01-21 01:23:26	Name: gid_CAESEMM0AKpHQmLCOhQg_jwMMxs Value: 1
.ctnsnet.com/	1970-01-21 01:23:26	Name: cid Value: f9081f406b324ad5866afeeb9af87f29
.simpli.fi/	1970-01-21 01:24:53	Name: suid Value: A98A7BD7251347A38CEB55ABBB6A71C7
.travelaudience.com/	1970-01-21 02:09:31	Name: _tracker Value: %7B%22UUID%22%3A%2210BCB599-E816-4C1F-1FC2-D5A329F5FB11%22%7D
.tribalfusion.com/	1970-01-20 18:47:26	Name: ANON_ID Value: aUntuJON6Je8ZbUxralUAuWB2dEdZbYf5mBbI2ZbqSRYcRG7shCAR3d3C17pEdCkd41vNFgZbtHZbxuTGRS89giEMvdwQ
.adform.net/	1970-01-20 17:22:29	Name: C Value: 1
.adform.net/	1970-01-20 18:04:14	Name: uid Value: 6898508994846660389
.doubleclick.net/	1970-01-21 01:59:26	Name: IDE Value: AHWqTUnOfMQMtesS_l9KPqN0NJFC5yk1pWmfJfrltH-9-0tVqUwcSmzTQ4KfQ2-oXv4
.everesttech.net/	1970-01-21 01:23:26	Name: everest_g_v2 Value: g_surferid~ZWphqwADw_DmvwAM
.adnxs.com/	1970-01-20 18:47:26	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>wrMI.Y!A#Fw.TOKKnyW<U1`VROYQM-:=:Xqha]E#i9.Q(WEq6?]Wtc=r9-a8odcjku<QG=%9sk@3@'s>T9L=o#
.doubleclick.net/	1970-01-20 20:57:02	Name: APC Value: AfxxVi4-rnmEBXcm9UUB2-_MVhGVhvuSKHmFlDLVPJwxov9J0zWf1Q
.heho.com.tw/	1970-01-21 02:13:50	Name: _ga_LDJQEPLLSR Value: GS1.1.1701470633.1.0.1701470635.58.0.0
ads.travelaudience.com/	1970-01-21 02:09:31	Name: _tracker Value: %7B%22UUID%22%3A%2210BCB599-E816-4C1F-1FC2-D5A329F5FB11%22%7D
.w55c.net/	1970-01-21 02:09:31	Name: wfivefivec Value: HW3i2TWv1R9ceL5
.w55c.net/	1970-01-20 17:21:02	Name: matchgoogle Value: 5
.e.dlx.addthis.com/	1970-01-21 02:08:05	Name: na_tc Value: Y
.addthis.com/	1970-01-21 02:08:05	Name: na_id Value: 2023120122435500016881185225
.addthis.com/	1970-01-21 02:08:05	Name: na_tc Value: Y
.addthis.com/	1970-01-21 02:08:05	Name: uid Value: 656a61ab4042d112
.addthis.com/	1970-01-21 02:08:05	Name: ouid Value: 656a61ab0001c185f14d1dd3ff3d583dfb04caf98250273dec2f
.dlx.addthis.com/	1970-01-20 17:21:02	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 17:21:02	Name: na_sr Value: 20231201
.dlx.addthis.com/	1970-01-20 16:37:50	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 17:21:02	Name: na_sc_e Value: 0
.heho.com.tw/	1970-01-21 01:23:26	Name: _ss_pp_id Value: cc61abd0596406fe2941701467039645
.heho.com.tw/	1970-01-21 02:13:50	Name: _td Value: 869db74d-2a86-4382-9a51-11d7be3975c3
.popin.cc/	1970-01-21 01:23:26	Name: uid Value: cc61abd0596406fe2941701467039645
.bing.com/	1970-01-21 01:59:26	Name: MUID Value: 2555B5D50DB8692731D2A60F0CB868C4
.c.bing.com/	1970-01-20 16:47:55	Name: MR Value: 0
.c.bing.com/	1970-01-21 01:59:26	Name: SRM_B Value: 2555B5D50DB8692731D2A60F0CB868C4
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 01:59:26	Name: MUID Value: 2555B5D50DB8692731D2A60F0CB868C4
.c.clarity.ms/	1970-01-20 16:47:55	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 16:37:51	Name: ANONCHK Value: 0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://json.geoiplookup.io/ Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.doubleclick.net
ad.turn.com
ads.travelaudience.com
api.popin.cc
c.bing.com
c.clarity.ms
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
csp.withgoogle.com
dclk-match.dotomi.com
docs.google.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
heho.com.tw
ib.adnxs.com
images.dmca.com
img.heho.com.tw
ius.ctnsnet.com
json.geoiplookup.io
kids.heho.com.tw
lifestyle.heho.com.tw
log.popin.cc
match.adsrvr.org
ml.oxra.com.tw
odr.mookie1.com
onetag-sys.com
oxra.com.tw
pagead2.googlesyndication.com
play.google.com
pm.w55c.net
pr-bh.ybp.yahoo.com
r.popin.cc
r.turn.com
region1.analytics.google.com
s.tribalfusion.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
stats.g.doubleclick.net
sync-tm.everesttech.net
tpc.googlesyndication.com
tw.popin.cc
um.simpli.fi
unpkg.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
z.clarity.ms
ml.oxra.com.tw
104.18.36.155
119.63.193.220
119.63.198.143
119.63.198.188
119.63.198.189
139.162.79.137
139.162.82.98
142.250.186.130
142.250.186.98
151.101.130.49
172.217.16.134
20.10.16.51
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
2400:52e0:1e00::1082:1
2600:1f13:800:7781:5f9f:1259:c76c:3ebc
2600:9000:2127:b200:8:48e:53c0:93a1
2606:4700:3037::ac43:8652
2606:4700:3038::6815:ebd5
2606:4700::6810:7baf
2606:4700::6811:190e
2606:4700::6812:18ad
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:813::2003
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::200e
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2006
2a00:1450:4001:830::2011
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9c
2a02:fa8:8806:21::1690
2a03:2880:f083:9:face:b00c:0:3
2a04:4e42:600::649
2a05:d018:d29:3602:d09c:564c:cd27:b30c
34.149.230.38
34.160.236.64
35.157.241.1
35.186.193.173
35.190.0.66
35.204.74.118
35.71.131.137
37.157.4.28
37.252.171.53
51.75.86.98
52.210.223.89
52.57.12.239
61.219.68.119
65.9.95.81
68.219.88.97
69.192.160.219
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029021f9df9d250bfc5442e10e72bb7fcc37aef687080952a051aa4428214f15
07598e9c2aae44f349f488e73a31691f1f0f8c5eaedeaa69f2bcb56efa59a934
081a9357e5da041fc09dbef6c0abaa986251670aacbc6029228d37f34fd1fe25
0935cfb626e0384656dd2cc4ee16b9ee5430fb1b511a40ce7c6d8ec08e547df4
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0b35f88d468214d1e8ea6b50a1161cddd4984b46d3c9b13d05f00438bf894083
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c116c74efa19439bd2e6ad056ee930d82c0c8ac55330bbc5a9f63885601dec6
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0cecb66bde508c9248d803c80e120330c2390474f21df544bee4d8d34b22810e
0d608b811b5906ac6c2727a96ee0f5c29461f10774c418f35b0afd808cbad319
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
10505df86b3638be7b5707a542c0c7c80ed856f14e037bb1c64bfaf712b0ab75
10b6fc407ad68085b7ea80a7f03939ed11b4ad702c3067ff89bcd8ee26320ea6
11ac541c671d7f00abc9c41b3869779b92540a3b73b0e81b99b12e600efeee70
133bb5c5af6b43d96660ff65f46464f2a03f7d0deeb8e2a1f8e0aa7ce6770120
1382decc32857b4dc59faafdf57088d9f6917b18ece82cc47f84010224008c05
14f880482da8a65732322f1cc972412501c1d33d35edece8f4aba96fab40c3b6
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
171d4c2505ae91856b2fe01ef5154d89feec1591421b5ee67f6ef8c0f50649c6
17406c4e4926c81dcd8f3832b79428ccf82f5a3af17c03afd0e37f13413851b7
184819cfd66eee3bbf756a609a0ea8034f09dcf8c68cd817b08358d8e5579ca3
19bfbd81c70637ae0a6fe5f07f112bdab13cf9c2ea5d54b70320df8f54fcc07b
1ad9cbd726fbcd13ec4ade25f8ddc3487f45e75ecd49b6a1a1dd1a4a3cc59ab9
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1cf5d64d0afede22b7695693440ec3a84e8d038bf5db692c9e70d8b429acfb5e
20a3bf52be657d048a21d70727caaa41611e9d8ef79c89d88c78949ee41a162a
21972f5d6ba8866515f4b10c25e20c893f0f517b1e9ededb7097349d363053e6
22bd7cf3246f1ba3c6875d4099495f7915382811d89d27f1925a9fba8078b730
23e4a995297af6d7e3abf5dc3212a2390efd61c55e15aced428ed4508654fe47
2706dfabcbaaf2dee90c3a10c168d5f5691ce787dcae9e77cd038f66b08fc4ba
273864a943d0ff0ab1b4861c83635fe7c7fcaa496d81862552923c614639b12f
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
29ac11b866b20f17242bdff6076537a14e60f213ef8deb1c56794ff61da4b30a
2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437
2f6995a0395179c9dd731c85aa08ef73fb09ab0b6ea2e889eda95f9747e069c3
308bd8594b227122898d10838a3b719f545cd4ba4f02a408fc0b7ff43f17ca30
31594918e6093b22f7d61e9ef00fe99af5de221a8e7b039517c38bb140fa6d95
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
334e702012cf0d8dfdbcfe2a9ff9e70032ca59cad3573f01454a3e1706131f5c
33cffd5ef7d78d156bcfc9d8ef02e0c5e1fe88663d958b78404b6a58b4d0d07a
33ea7445e374a6aab69f4e13ddbc9fc0e356c731e2d1f093619b93d4281bbe2e
347b8e3e68694a70f4b024cdbee7fb7ed5f98c19d0dafef6b8f237191c796f03
3638ac3470e716b3413efda5533007fbf15bec949ff22205e09bf6fe9f098584
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39b2a26dc249d0368798ce01da3e9785958eb925e608eb4729607f10ecf51241
3a3444723e0dd36e3099deb59133ba82203985f1eba230a07e7ce8eb43b1e1f1
3a6c1001c36d7f2f8ad4df369baf38217af3adaae94a5625651c05f4c3a38bd3
3a8566c410bdc9c4b1a222d4e198c179255893accb662ed34ac308c39fc01bac
3c1d1b09af9ea0e4a497cf8f1baaf915bb032eca2ae369869566282d156cb25d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e92624ff29d44c47f313d24e815f4f9b1ee01ceb5700f6fc9eb3baa215159f6
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43c9555701d17579571d962cfee37868f4769995820a96abf451623b0528c92c
4524691b7547d0d9f1a34ff172d940bedafd7725a14a5bd1121807b7d993bffa
457500eab2b1d9efabc49ded3803a9d10abad6d5988455dec55fc55ae1385925
45ec09974d948120c9f97cbedd141f4fa8df876bd2206f0c41133ae3a13fdf13
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
47f1d0dc5c8ad11e9fcc9fb81023552a39854dfe3a8f67609b8ea44c1685c3db
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48d68ba83268a7d5262f2af34a516346aa970e5212d9605664c6dc390bfed129
4acc9e2c1caa37e3b0ce7913d2cf4fe979eb8f6579dda4b9f77627d3bd382f3c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4d6f268fafb58c6446703ee4d09aedba5b6a7d3a59261da328d75d5115fb11b2
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50ad448a8a5720bf8a5617db15af31ae60163de06331576f60c6244c012ffc72
50c15aa43139d62075bc472217b6757b9f73c7aa7506a4c465b79169dad06a9a
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09
53b183e10d8c5db234637e82bef4014117bd41c956c69af55fa0165a7be31666
5448b3df7fca1bd7f1ee6c34cab7287342978c1634a216dcb055faa92ffef9de
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54efcb5570863b2329c2c677749c85c7ed337f5c16bf38caea17807196150293
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
577720b3510897fca3bfe22da77990ae5e29eee049e1a1420490c5d3998cb436
58414c45ff47ff8f78077f75d47fb1c08143c46e500536ccb407fb9a031d3da7
589ee426ccb7b86d8643b16efc0acbd99cb9590e1237cbbb694eba36efac28e2
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bd95d97908d15bffb7bee4ac7fafc2b7c19de43cb27447eb8ea21fd72d476b4
5c0243aeabbf9c2f5353f0f043cdfe582305ce9232dafae04789f72ad8b8a2fb
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5cd346875d100956f33b228c65b2eea3e958621a4d906b95c612c0c0c617a2d7
5dcebb5ec80a2ddab469a77f1a37412c34205ef76d054131083b0bf663b786fb
5e5fca474d253ddedb263ff35fa1433844854caf0f4fb827f7a7f47442ab7e09
5ee1925de22baa2ef5bcb426a76da601c7a094d4d87cc8703b80db62ac2452c1
5f338abba8fb7cf686b9a4f785fedd4299709cff3e365eae3c61eb0e507c417d
600db4b0c037c60bc7cf0f6508cd29ff8d97e1d02267a626b444a28d7c75d298
60f4bc6d7145eac78eacce4c985befa2f47a66af0fc33f5e5f99f43cc2c080f5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
654b8fbb3beb01a6f08eb873015b728be6ac596b9d51f6c65dbf728e22441e0e
66a070c331573aa324fa2deac1a1b42b2d58e9660268555ee382d857e651e33f
68425336934a956337b4593a3d47d51d2970d03ac4a9c9fc795596f13eb21775
68c3f849762d80f759a7702f52b6f9c432173951d7d5e830c98cedfdeba5e53e
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500
6ad6b8b2dd661ae7182bde4de0a90cdfb0d06d3451102d5d5137c340c2b70a3d
6bba06493e9d01e72d0c0acfbf64abbf9f9198dbb7788285bf8d7b9005d0588f
6c00994f426cdca41eb2fbd87b0f3610e37acb3d641b4297a5cfa3e969cd95ee
6d7fab9e736b5a64ab2fd063444bc8737b54f6e0a559c2a6a04149d952a75017
6f8f0d78c296031efe8b806ec25620e2b7c71b5c29d6ee877f593089b882179e
6fba64554e0ba15ba6e427c9f3d7bb9f3cca8e7c7a3cb9f2408dfb6ec6fb167d
7046618f6555847e4c8d7fb47584672aab889faf9ceebd6d871074da350615c9
71b953e5d6ba60f57d49222bd948672c906abb25f695ea21d8477425c6bbbc10
725433fd99ff2c6146ab607f69d833fb207db0167a1886481e39b79da8728d98
738465a35668cea4cf13644bbaf6eeb18dfe494d6941a242d138ee87280c8a9c
74af76502c3179fe03e2092f31c6cdd4aa209655037f44b51b9326ba96778d69
74d4d21ea731e982d339e2341bebcde40e7abd3c43e6955a51d13c68d105f9ca
7615aed2ed8f1361d3aba2b6ce6612468463e660e8bd4a4302b24c113ec57308
7741b58597d99b6563396a5c35f7f0e38dbefd705ddb3e4a6d1228ee27082ecd
775513625d482ba9eacab66da77d2b02d5d7f15788c270bb1295add4926c6284
77ab5b552a399c4eb4b978fd813eb79ee7e17efe56e40f843ddf2a19b17f1da0
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7c7c81ec43ffc35a71567094e98836d7545681a399618661c8f1eb202b580206
7c962d6b55e524fbd4d056d9417afc3f15d56c09df24de4217a3faecd27afba8
7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
80083bb74056d4ea185160dd596de5a63d5ed834778a5d7f7e4e843ba4421345
82dc82c81ee9423e67c04225828f10124fba2743d213ce299bfbc52d3f4c973a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8341e035f8572a07e1afa2e95d48bf9a97d33844e27e4300bb8c0de6e172211b
83f8b09fdaf09e210625b93cb1d029ed30664675b3511fc2606ce170b24967fd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465
867352b1c82c47d71a11744e3886441a848780dca87928bac596e5f3473bfaa3
87add725b7d427e6c929ec9a99934ab901660e0c6daece71b32ed1cb7a8815a4
87b18f50b21e8e3e68778d553e17395f44f3d18bcf9d664f852e9a7d515a6c10
8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527
889aad1463a00bc7c4fda2a94819d09f932bde81010eaa9f7b9f74402f3fc579
8c089632f2472d720775d3f5d81306f073905aded8a9a2ce493a4c516984c5f5
8c784e0a746c79495f6389971b2f60ef425d4d98a1ab85b9945e31a41e2fe9ed
8ca1eee7725d016477dddd403b78c514438b1d2cd58545b4bc9fd6db9647d83d
8cc3cce7b52175a0e42f8b92d45322ebaa709d227f9ec52643e75410fda94b06
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f54070450baf09b19fdbe1d661a5b05eaec9b8a60353a4cf91ce60df518469a
926820f185b15731023eb5573e470b2fc52fa7c7719ba68de547ec3a99ea4db6
9320b3cdf4756eab8412ee5120bc5af5524c9030de78136fbc42b7e40814289a
968da2c692c1738bbe4b563205c24022593dbdb9107dd2aa9c6d43177c3e138a
977ef480f6a9cf6f0c7e46320ce96641f149e60795587abde69892581fc21e09
983871cac9e719263fcecaa540c4e1597c8ece1805845830ec21fef0e71d9f88
985b3bcffaca82008af6fbae8e61658cb5154c104561967e0b1fb91305375555
98888f9be7dd1fe36b668aaebf74559dec6a6f3d081d6fe2cdeff39fad705081
9996ece096f1a0a0a480e2a9ada6ad692c59b562370dd189bd75968dbd7a0f9e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ab522d2857bd938ff452a1f0bc6321d847bf4b8707c74a3fd32a576e9406647
9afefc6356f7a01fa5d0a8b69c8a39cb3709795753e96ad09bad19b21b0b658c
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
9c4d3de84453ab0b8e60200491aa95591c312accede985bc3c0387b77cbee8b7
9c9837dd0a50218aac53dee373e4167e0a2edf128136d31ff2d89add6c5fed8e
9d81818ee4513a1dbc74d17b8dcec5aa730a70ceca96b75a68ad007554e01cc2
9fc62f0847bbeb2b050932bc04e8d60087955e2bbe3659fbe89408f4c62f2f7d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a076d79ed14cff54c3ece7a41c43bf5b96154cc8c194ba252aea6f5c3830cfdb
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a4caf0e36dd19c395a07167bc67d8f38c73263c10ff786db363c5f0b5c8c7abe
a535ba09ab809d987eb451502fe1d911ed8959328eaa381ee0bcbeaded320c78
a5b17f07bd0d24edb3a5883b7fc3e77b39be07cd99131fbd33b7873fda49b165
a631f36b97689ffb94afdaef8032e78479d469894a2b18f007dea806dc1172b3
a7453c683665441feaae6521513c1bbb98265e66ec6f984891a3962feac07455
a746b8c06890f7106828eeef3d31d879a189cf98e392f5d3023a0c9dcd97d6b6
a817a663ee912ccf67f30d9cddfb563e15efdabb3de65fe491abdfbea5c6578f
a9ed2dc63202e8e1e06cc22eb23d39212a36034d90dbc76274ec7f85deb1d3c2
aaa699bffde59485dd19fa60a333645a0e56425bf560e2c42b54938bbb286687
aada1ac84edc0a0f678a12e87b835b9c5a71fc4cec407ca0420c6561cb53a439
ab147b4ea8d3c3a480958ca68cbe0fa1cc8efe0907c6a11a79f7f70b28ba61df
ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff
add6ddd7fee32d58eba385983ab7dcc9657ad97cdbd4bf4594db38675847edb4
ae4ca9b9303fc55a1053c3a796249078fc00d2389cf2f4b1f006bb19917e3bef
afd50883e5a14dc60ab697ca8272c575fdaca96c69eb11ff5edc092752520d6d
afd7b4ce1230fc5d6cb58daebeed6bcd09ebee1e4414367596bc3bb33f62444c
b11b0a61603eb54102e9da29e7fade9c02b9a2544d714984754b217a0c93650c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1de6eac3059ca778e6d2367182c7f11edc81e09971e56f788db308a674ea7ec
b2d715cfe84dc6dffc61288e0a1ac6901e9ce71b50e08a0b71c1d6c20c135940
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
b6ba6d140a0b4673d579dd5cd2428521d9141c946dcb02884c0c5a3b3913cd7d
b7414b46962c0142ab4b8b26473943aac1db88fac3f9011004107c18513985f5
b793b1e8e9f256547a510f65c5821c8084cd72e67a4e2af9437c9429268a5bf8
b7a44eaa1f6f197bcbf15d5aaec9e156216ac0bc6b9cd4d095839857a9142392
b91a5d0c93ab9e0c055f1e0d6ff22688984670591f4853b000454b703fb2fcb7
b93f4669cc09016e4d1ad1836a4cd1ebcf832c22979e5fa11db4f7c3620223ae
bbd98aaaf11a21804cbf7f5b10e7ef9a80c30a47840b7b1dfa51a84fb298ffad
bc3fa17b0c4f879f13a223996f66eb9fad7c84385b2967e3781a3680a6e6a811
bc425300c8a8a921a3d481e8b2395ef3c6cac4333b7326ceb1f5963fa6102b77
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd37899aca2011cdf18276fe93b568460f41a8a9aa4af0dedae29e28e0f7cc8b
bec887feaec684bbc55998c457617df16605234f032386cd8068ad2dc8964a5c
bf54ca999785e94d3692084aedd7379cdfa4f722acc00c50b937ff30f830122c
bf721c6995366adb25d098fe2b901999ed3a750a2cd7d0f57f0e9d85af2aee29
c063fc54a4bcec5e67e63ec0c5fb62be66be35509203e143a97de4e7eae0e4f2
c129c2c42b2f1d5af9bd5b9858f0eba8215ee3ebf61fbc99866e107b2c0af4b5
c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d
c3525fca875bf7203e92f116e0c5532dd5b5fe0f0ca5e12c6c4c8b9bd77566e2
c37959ecaf7cbc7222f9be9dc9004783aedddc45b3e145d4b1a974bba439a72d
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c7b73dc2a43d6620b4ae7b1e05eea2342cf309352b4dcaadeb4491c5b72468e5
c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf
c8fb82df9421fa2de18e11b89200eeccb188dab713331f06c6c8782ad5ce5437
cb1d125975da6683e4db07394e5035b0cde2782b389341bb577d2a274262e839
cc93b0c6ccf01063b9788530ca2389636059624b18599de8edef8d4054255474
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
ccfa2ee29f7b0f5edb10870c47f56e006f562cb331bc2abc04f30e0b4582eca1
cdaae795074ced24ad382f9f21c4f2e3443d3dc27bf6f75ab5cb43d54f23f009
ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0
ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1
cedd3e0be10d4410fcf6e939511c7639a3d15429c98b6f9cab31d1f1ba3bdd99
cfe4b3384bdf0bd276d03faa954b58977064c3aa7199c946292f3d22f416fc76
d16a97a25c22e0a3666a93f2cc4dfb340df15a55dc32190f797ee748f2d7b3ba
d4ba92453033372b440e5e762eedec60dec8b3c32008f599b1c7f46376d64216
d514cce284b84697807e2edfd2b39c6cae5923999d950ec4b3deb274e5db75e3
d5c4965a6e9c89dee7d1389167c821976bfbf55d80e7dcddfbcb5400b1ae01c9
d6160ac2857a97b2e8b68b394977418e28dc43947425deb37fdea506582787aa
d6567639db59dc67528a542b533eb95189e86f1d3cd82d865b72b09cbb2290e7
d6ea0acd1a44d3f90345977393605cc2fbed1795b4a84713ea6fcb6364319c24
d71a472191ca500c7dbcdc6cf3bb86fada4c0b5f5b787a936e66b61f6288cde0
d85ef610b1ac3b3bb5369d0fa4760db5250a0c05c40437b5759331faf78c4891
d8977152b314fcd5d04bec050367c0aafa91899501593e9ecb0d6090cdac29a6
db0623a4d90cd6a4f227eda34ddc4a05ece6cccfadb3c9e7da4ac09a04a6fc64
db8faffb5e867554c1ab9b0edd0e11e8b5a3d4b9842d860a11646371c2b84d79
dcbaf64460b4db78ba16ee6230d2c90215dda58ce8c285348d624fe32dbc470e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b
e05fd4c39d2671d0febcf551364287a41d4889ca4692817722459ff34940ac81
e21aa5b0d3fd28cebed9e03c5544f4924e11b0c453792ed018720cf8c679b0b6
e2ecb4dd57033b4d5ce93ed5ee31f6e7ae13e0208ffed843a8a25809e6c186a5
e2f7fbd847620a46b260daa079ddcacce2e96d507bc686510677cb243f088245
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e4e6a680e9036aaf31486a675e7ae117f53d2f3c3924240f26e0d57520e4204a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5acbe17fd4e63cca2ce1b72e482fc2411d27d9d534476ad7f0108b9df087fce
e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e98273998af7ba59db229a5997cd60b10fff987e60d89dc79654a50fa5daee02
ea457f0a12915cc9612ecc2a0c085b16c5cf8af109f1be1c7fcc358a9d52fbc2
eabb919d260173b3137cd2fe94a9e819d1522b3e9e2c3335a3de6d34de44ba16
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec6db1a21767af979fb329c02278c64506429fa719347d4aa8b78d4379cb735d
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ee21fa3a8dd34931830b255fb301dec184add039958f2378ec534733b4002011
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8fea302c93f5619c53b4b7f8435c3d7dbaf5a4296593fb9f353e574c9b34d4
f16700a582fbcb0a4dce154cb5fab6fd32ed12a495c7e2678be5d0ad93e282c3
f3706dd9e175fdadc2a564238f1ddc64afea19e67aefd5b922f33040d5f94540
f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45
f4af84efe90891185d9b29a841181ca9d26d7560864ea47b6cd709d3b964aee3
f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f8cc03e63c2624c1e817c00f6dfb085759dcff6aa84c37fcd65050023fd582e8
fa40858bc00aa25239b434a313f9b30b4b604715b21395c0f278a3055cd31deb
fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00
fd8bed74936b7b0f1745b3b117cab8be5ec9405fb4771226270462e670b8d9fe
fdf44c84e33e64332bb97121e566eb096f411850877443b97c310e598ef10e72
fea32efefa901ef8406bee583dcea828fc0871ca38f7227475fc8d6a520da9dc
ff65c6a3b716ae696170f17006e5b017751677908e6b56b53a27379f7dc578df
ff8c9a38c906236a4025b752da6a83403df53f22f0fb8b88155b7b04a5229904

heho.com.tw Open in urlscan Pro 34.149.230.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

376 Requests

82 %HTTPS

54 %IPv6

42 Domains

65 Subdomains

52 IPs

12 Countries

11070 kBTransfer

17427 kBSize

58 Cookies

49 Outgoing links

Page URL History

Redirected requests

376 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

heho.com.tw Open in urlscan Pro
34.149.230.38 Public Scan

Screenshot
Live screenshot

Full Image

376
Requests

82 %
HTTPS

54 %
IPv6

42
Domains

65
Subdomains

52
IPs

12
Countries

11070 kB
Transfer

17427 kB
Size

58
Cookies

376 HTTP transactions
12 data transactions