all.accor.com Open in urlscan Pro
151.101.2.132 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3...
Effective URL:
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_sourc...
Submission: On December 03 via manual (December 3rd 2021, 12:39:39 pm UTC) from AE — Scanned from DE

Summary HTTP 175 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 16 IPs in 6 countries across 15 domains to perform 175 HTTP transactions. The main IP is 151.101.2.132, located in United States and belongs to FASTLY, US. The main domain is all.accor.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on November 17th 2021. Valid for: a year.

This is the only time all.accor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	63.34.185.171 63.34.185.171	16509 (AMAZON-02) (AMAZON-02)
1 94	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
28	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.240.103.94 35.240.103.94	15169 (GOOGLE) (GOOGLE)
1 1	45.60.155.180 45.60.155.180	19551 (INCAPSULA) (INCAPSULA)
2	2a03:2880:f00... 2a03:2880:f008:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
6	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	52.214.99.201 52.214.99.201	16509 (AMAZON-02) (AMAZON-02)
2 6	35.241.57.45 35.241.57.45	15169 (GOOGLE) (GOOGLE)
25	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.222.206.77 52.222.206.77	16509 (AMAZON-02) (AMAZON-02)
2	104.225.98.129 104.225.98.129	36236 (NETACTUATE) (NETACTUATE)
2 2	152.199.22.100 152.199.22.100	15133 (EDGECAST) (EDGECAST)
175	16

1 63.34.185.171 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-185-171.eu-west-1.compute.amazonaws.com

t5.mid.accor-mail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

94 151.101.2.132 (United States) 1 redirects

ASN54113 (FASTLY, US)

all.accor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.240.103.94 (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 94.103.240.35.bc.googleusercontent.com

api.accor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.60.155.180 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

login.accor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f008:8:face:b00c:0:1 (Milan, Italy)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.99.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-99-201.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.241.57.45 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 45.57.241.35.bc.googleusercontent.com

radar.cedexis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-77.fra56.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.225.98.129 (Amsterdam, Netherlands)

ASN36236 (NETACTUATE, US)
PTR: 129.98.225.104.ptr.anycast.net

i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.199.22.100 (United States) 2 redirects

ASN15133 (EDGECAST, US)

www.accorhotels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
96	accor.com 3 redirects all.accor.com api.accor.com login.accor.com	2 MB
28	cookielaw.org cdn.cookielaw.org	591 KB
25	facebook.com www.facebook.com	153 KB
8	google.com apis.google.com accounts.google.com www.google.com	134 KB
6	cedexis.com 2 redirects radar.cedexis.com	44 KB
4	onetrust.com geolocation.onetrust.com	1 KB
4	googleoptimize.com www.googleoptimize.com	236 KB
2	accorhotels.com 2 redirects www.accorhotels.com	586 B
2	cedexis-radar.net i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net	3 KB
2	facebook.net connect.facebook.net	85 KB
2	googletagmanager.com www.googletagmanager.com	167 KB
1	cloudfront.net d6tizftlrpuof.cloudfront.net	3 KB
1	usabilla.com w.usabilla.com	14 KB
1	gstatic.com ssl.gstatic.com	5 KB
1	accor-mail.com 1 redirects t5.mid.accor-mail.com	777 B
175	15

	Domain	Requested by
94	all.accor.com	1 redirects all.accor.com radar.cedexis.com
28	cdn.cookielaw.org	all.accor.com cdn.cookielaw.org
25	www.facebook.com	connect.facebook.net all.accor.com www.facebook.com
6	radar.cedexis.com	2 redirects radar.cedexis.com
6	apis.google.com	all.accor.com apis.google.com accounts.google.com
4	geolocation.onetrust.com	cdn.cookielaw.org
4	www.googleoptimize.com	all.accor.com
2	www.accorhotels.com	2 redirects
2	connect.facebook.net	all.accor.com connect.facebook.net
2	www.googletagmanager.com	all.accor.com www.googletagmanager.com
1	i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net	all.accor.com
1	i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net	all.accor.com
1	d6tizftlrpuof.cloudfront.net	all.accor.com
1	w.usabilla.com	all.accor.com
1	ssl.gstatic.com	accounts.google.com
1	www.google.com	apis.google.com
1	accounts.google.com	apis.google.com
1	login.accor.com	1 redirects
1	api.accor.com	1 redirects
1	t5.mid.accor-mail.com	1 redirects
175	20

This site contains links to these domains. Also see Links.

Domain
apartmentsandvillas.accor.com
rec2-all.accor.com
meetings.accor.com
gb.accor-giftcards.com
businesstravel.accor.com
limitlessexperiences.accor.com
www.all-events-tickets.com
all-ticketing.psg.fr
www.getyourguide.co.uk
travelpros.accor.com
secure.accor.com
help.accor.com
api.accor.com
www.qatarairways.com
www.facebook.com
www.instagram.com
twitter.com
pinterest.com
www.youtube.com
weibo.com
group.accor.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.accor.com GlobalSign RSA OV SSL CA 2018	`2021-11-17` - `2022-12-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-11` - `2021-12-10`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
w.usabilla.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.init.cedexis-radar.net Go Daddy Secure Certificate Authority - G2	`2019-11-14` - `2022-01-13`	2 years	crt.sh
radar.cedexis.com DigiCert TLS RSA SHA256 2020 CA1	`2021-08-09` - `2022-08-09`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Frame ID: 56247D15DE580B6D56FC6B096FD81AFF
Requests: 96 HTTP requests in this frame

Frame: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Frame ID: C252BA69125973B5DC2A492FE2E15FD4
Requests: 25 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 6AFEA52349CCD1B27AEFEC4B97F01F14
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 994CAA0F738A8D47F21EABC79A640CB3
Requests: 4 HTTP requests in this frame

Frame: https://w.usabilla.com/2a22008a1a0b.js?lv=1
Frame ID: FF14D93D1EBBEABACC613757235C40F2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Frame ID: 73E9EB85D62ECD41D40FEE2CA67DFD73
Requests: 25 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
Frame ID: E2CC59AB31365CA6C4FBE2FE1E528D1B
Requests: 1 HTTP requests in this frame

Frame: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Frame ID: 22405EF1CFD8DCCD4A6407C0009E9927
Requests: 12 HTTP requests in this frame

Frame: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Frame ID: 75AF3F2F6DF69C93DD313C1BB8F69DE8
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Festive offers for members of ALL!Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-211... HTTP 302
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sou... HTTP 302
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_me... Page URL

Page Statistics

175
Requests

99 %
HTTPS

53 %
IPv6

15
Domains

20
Subdomains

16
IPs

6
Countries

3857 kB
Transfer

12700 kB
Size

36
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://apartmentsandvillas.accor.com/eu/gb/apartments-all
Title: Aparthotels

Search URL Search Domain Scan URL

URL: https://apartmentsandvillas.accor.com/eu/gb/homes-ALL
Title: Homes

Search URL Search Domain Scan URL

URL: https://apartmentsandvillas.accor.com/eu/gb/villas-all
Title: Villas

Search URL Search Domain Scan URL

URL: https://rec2-all.accor.com/gb/united-kingdom/hotel-getaways_activity-breaks/index.shtml
Title: See more

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/united-kingdom/index.en.shtml
Title: Tailored events

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/gb/promotions-offers/owm013299-001-hybrid-meeting.shtml
Title: Hybrid Meetings

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/our-event-types/training_session/index.en.shtml
Title: Training sessions

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/our-event-types/seminar/index.en.shtml
Title: Seminars

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/our-event-types/convention/index.en.shtml
Title: Conventions

Search URL Search Domain Scan URL

URL: https://gb.accor-giftcards.com/
Title: Gift Cards

Search URL Search Domain Scan URL

URL: https://businesstravel.accor.com/hotel-subscription-cards/businessplus/index.en.shtml
Title: Frequent travellers card

Search URL Search Domain Scan URL

URL: https://limitlessexperiences.accor.com/all-experiences
Title: Limitless Experiences

Search URL Search Domain Scan URL

URL: https://www.all-events-tickets.com/en
Title: Accor Arena Ticketing

Search URL Search Domain Scan URL

URL: https://all-ticketing.psg.fr/en/
Title: Paris Saint-Germain

Search URL Search Domain Scan URL

URL: https://www.getyourguide.co.uk/?partner_id=54D94&cmp=book_activities_menue%20&utm_campaign=en,Homepage%20,book_activities_menue%20,BAM1&utm_medium=ota&utm_source=54D94,Accor&utm_force=0
Title: Tours and attractions

Search URL Search Domain Scan URL

URL: https://meetings.accor.com/our-event-types/private_events/index.en.shtml
Title: Private events

Search URL Search Domain Scan URL

URL: https://travelpros.accor.com/gb/united-kingdom/index.shtml
Title: Travel Professionals

Search URL Search Domain Scan URL

URL: https://businesstravel.accor.com/gb/united-kingdom/index.shtml
Title: Business Travellers

Search URL Search Domain Scan URL

URL: https://businesstravel.accor.com/hotel-subscription-cards/ibisbusiness/index.en.shtml
Title: ibis Business

Search URL Search Domain Scan URL

URL: https://secure.accor.com/managebookings/index.en.shtml#/bookings/home
Title: My bookings

Search URL Search Domain Scan URL

URL: https://help.accor.com/s/?language=en_US
Title: Support

Search URL Search Domain Scan URL

URL: https://api.accor.com/authentication/v2.0/authorization?appId=all.accor&ui_locales=en&redirect_uri=https://all.accor.com/authentication/landing/index.shtml&redirect_site_uri=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Title: Sign in

Search URL Search Domain Scan URL

URL: https://secure.accor.com/managebookings/index.en.shtml#/bookings/home?origin=accor
Title: My bookings

Search URL Search Domain Scan URL

URL: https://www.qatarairways.com/ALLMEMBERS
Title: More rewards with Qatar Airways

Search URL Search Domain Scan URL

URL: https://www.facebook.com/all
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/all
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/all
Title: Twitter

Search URL Search Domain Scan URL

URL: https://pinterest.com/All_AccorLiveLimitless
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.youtube.com/All_AccorLiveLimitless
Title: Youtube

Search URL Search Domain Scan URL

URL: https://weibo.com/accorchina
Title: Weibo

Search URL Search Domain Scan URL

URL: https://help.accor.com/s/?language=en
Title: Support

Search URL Search Domain Scan URL

URL: https://group.accor.com/en
Title: Accor Group (New window)

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3=ME-EN-NA-NA&p4=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&s=fQmUjfztWNcnTFSJB5QQkL7oup14Xt2jJ-1eAzc_kCM HTTP 302
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sourceid=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf HTTP 302
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://api.accor.com/authentication/v2.0/authorization?appId=all.accor&prompt=none&redirect_uri=https://all.accor.com/authentication/landing/index.shtml HTTP 302
https://login.accor.com/as/authorization.oauth2?client_id=all.accor&response_type=code&accorregister=false&request=eyJraWQiOiJIMWhSbjlrbG9kTVBkdjJrOTJCdHY1ZGxEQTUtczg3Zk85SVlUUkRqa1pwIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzY29wZSI6Im9wZW5pZCBBUElXRUIuVVNFUi5BTEwgQVBTUi5BTEwiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYWxsLmFjY29yLmNvbS9hdXRoZW50aWNhdGlvbi9sYW5kaW5nL2luZGV4LnNodG1sP2FwcElkPWFsbC5hY2NvciIsInN0YXRlIjoiR1FPak0wUWRUWk1JTHppTkdFaVhwcyIsImV4cCI6MTYzODUzNjA3NCwiaWF0IjoxNjM4NTM1MTc0LCJwcm9tcHQiOiJub25lIiwibm9uY2UiOiJSQUJCMGt3ZWYxUUFxc2lqVUNEdGpuIiwiY2xpZW50X2lkIjoiYWxsLmFjY29yIn0.Bli8l4oYQoB8el5DMNYfXwZM_VCsBN9Ad4D7i_RqUF0vOfF1xIIozPJAs3B0DMrzTo7mtv5P_MuxYo4OxKkyrhd4kVg0eGe4Bl4NKmQKqBrQBkSdX2jUiBBPIzDOyIVbPjuzGwFIRxk2lth0uV8nT-HtuD-yXMPpZff-kwMWO6rYtCQlpUHVO43xR6vMMJhFsjk8SB2_ePqdkvNfvBvWf2slgEpCsXDZr5twJr9KiO4Ch7ZW7-rT-B7KndWAphdwBrhtmixPeHlUzDjdaYL_-opJ9_8a4SAdw9UqiKjdF021L3PComS69VRCovD8_m3vGHY7zKZS5C8D5Jgdm5R5dQ HTTP 302
https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Request Chain 102

https://radar.cedexis.com/1/10096/radar.js HTTP 302
https://radar.cedexis.com/1621860284/radar.js

Request Chain 103

https://radar.cedexis.com/1/10096/radar.js HTTP 302
https://radar.cedexis.com/1621860284/radar.js

Request Chain 139

https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096 HTTP 301
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Request Chain 140

https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096 HTTP 301
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

175 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request hw003098-festive-offers-for-members-of-all.shtml Show response
all.accor.com/gb/promotions-offers/
Redirect Chain

https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3=ME-EN-NA-NA&p4=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f6...
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sourceid=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_medium=email&utm_source=animation-marketing&utm_campaign...
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content...

59 KB
14 KB

114ms
113ms

Document
text/html

151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

73f38b873dd938c1653591fbd507597402498c9ec81ce957ef554a550a111541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
x-unique-id: 04625847c1db38fb12dd94e4d51315c0
x-oneagent-js-injection: true
x-ruxit-js-agent: true
p3p: CP="NO P3P POLICY"
x-clacks-overhead: GNU Terry Pratchett
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection: 1; mode=block
referrer-policy: origin
x-accor-asset: wise
server-timing: dtSInfo;desc="1"
strict-transport-security: max-age=15552000
x-cache-response: DISABLED
x-fstrz: o
server: fasterize
content-encoding: gzip
via: 1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: 2VdSnMKILM2LahAZey4rC40MPJyt63m1yjiiQBqffGWs7Jp-HkKLKg==
accept-ranges: bytes
date: Fri, 03 Dec 2021 12:39:33 GMT
x-served-by: cache-hhn4072-HHN
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1638535174.739493,VS0,VE105
vary: Accept-Encoding, Origin
x-cdn-forward: Fastly
fastly-version: V63

Redirect headers

content-type: text/html; charset=utf-8
x-unique-id: cca539b7ae82896cf4832b164f5c69d8
x-oneagent-js-injection: true
correlation-id: ea426a98-6626-413b-b461-d0a414f83604
location: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
p3p: CP="NO P3P POLICY"
x-clacks-overhead: GNU Terry Pratchett
cache-control: no-store, no-cache="Set-Cookie"
pragma: no-cache
x-xss-protection: 1; mode=block
referrer-policy: origin
server-timing: dtSInfo;desc="0", dtRpid;desc="363289502"
strict-transport-security: max-age=15552000
x-cache-response: DISABLED
expires: 0
x-fstrz: zc,stc,Z,p
server: fasterize
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: qdGl0bRO0ngcJ0WsJXNaceFw0Ui5XcoSKkUslKbkWlIFiWbzUZ7zuw==
accept-ranges: bytes
date: Fri, 03 Dec 2021 12:39:33 GMT
x-served-by: cache-hhn4072-HHN
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1638535174.572596,VS0,VE157
vary: Origin
x-cdn-forward: Fastly
fastly-version: V63
content-length: 0

GET
H2 200 styles-global.css
all.accor.com/styles-v2112/ 65 KB
7 KB 8ms
7ms Stylesheet
text/css 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/styles-v2112/styles-global.css

Requested by

Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

c47629d29ecd71e534e1eb5f97cde08cb68675e32ec6687c5d16417d122c010c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178248
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 6953
x-gen-id: ea4bac0702fe3c7f83ed163821844c81
x-served-by: cache-hhn4072-HHN
x-unique-id: 888c1d2198638196434c48e17b60b7ae
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.875649,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/css
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: sQ6e-1mHOKj5KxNWq6kBVryWgQo5cJ0ZNhR_rBW6XJI1gUpiT_fRlg==
x-cache-hits: 11

GET
H2 200 index.css
all.accor.com/css-v2112/set/promotions-offers/ 152 KB
23 KB 22ms
21ms Stylesheet
text/css 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/css-v2112/set/promotions-offers/index.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

63914bf2e01926065ceae08a1a0f0d5065204512a3d6ff1180b6af51b47895e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 22955
x-gen-id: d6ed9486bb51c3ad5b3212c95370f416
x-served-by: cache-hhn4072-HHN
x-unique-id: 011e49d862950979729c1d6aab5648e9
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.876004,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/css
via: 1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Lit_iaWO64LX198MHEuOy8dMB4tynrYq04PLTr1BPOT3FbZeORb70w==
x-cache-hits: 1

GET
H2 200 footer_cr.css
all.accor.com/css-v2112/commun/ 13 KB
3 KB 8ms
7ms Stylesheet
text/css 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/css-v2112/commun/footer_cr.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

b4eddb167733c7c9a91a75c0450df01116ab95e9e5607831e3dc87a6c47d7ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178248
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 2884
x-gen-id: 04c861997595732f63cdfc7fac27966a
x-served-by: cache-hhn4072-HHN
x-unique-id: ef5707e35965889c1c0a870b9d95bb45
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.876286,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/css
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 2cWnXMwTogkf_2DGiaHIgUWOn8Q32fJfOkzXxnxPH_I-8nWrfjozbA==
x-cache-hits: 13

GET
H2 200 ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js Show response
all.accor.com/ 237 KB
89 KB 9ms
8ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178269
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 90473
x-gen-id: de9866000d131ff7ae3f4e490822cd14
x-served-by: cache-hhn4072-HHN
x-unique-id: a09fb7baefbfc12b3b965f908aeddfc1
expires: Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.876388,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits: 1078

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 264 KB
59 KB 63ms
38ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f9c64bb9b2bdfd432bbf61455a77b47972d0f6c5bfb3701aa3ef061b4cf0c3c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:33 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60372
x-xss-protection: 0
expires: Fri, 03 Dec 2021 12:39:33 GMT

GET
H2 200 main.js Show response
all.accor.com/services/webview-consent/scripts-v2112/ 4 KB
2 KB 8ms
8ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178269
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.876453,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1789

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 91ms
37ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Lh0CEVPkmGuwf4KyqdKdhw==
age: 7099
vary: Accept-Encoding
content-length: 6403
x-ms-lease-status: unlocked
last-modified: Mon, 29 Nov 2021 20:31:03 GMT
server: cloudflare
etag: 0x8D9B37729BED1A3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 52709849-801e-006e-5672-e571cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbc51ee6d618-MXP

GET
H2 200 jquery-min-cms.js Show response
all.accor.com/scripts-v2112/lib/ 94 KB
33 KB 30ms
28ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/lib/jquery-min-cms.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 33404
x-gen-id: eb13dd30ca44dbc16d4d8bb9005a0b37
x-served-by: cache-hhn4072-HHN
x-unique-id: 54fd11eb759e819214bcf95b0fa0bfe5
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896054,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: mLxjq88IvgrtUdM33awXzlUkDbYalRDalK3TDyE5DFAsPV-BTdE_zQ==
x-cache-hits: 1

GET
H2 200 jquery-2.2.4.min-ah.js Show response
all.accor.com/scripts-v2112/lib/ 186 KB
62 KB 30ms
28ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178223
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 62687
x-gen-id: b466b0668b2a13b5078291f3cb657a60
x-served-by: cache-hhn4072-HHN
x-unique-id: b28e8f4ea8ebbff696c607bfb4abf1e2
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896097,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: aduqozj1AQrsQMVZlC4uQqXJd7BaCloulfzSg9iEj7C79h8bxE5SzQ==
x-cache-hits: 1

GET
H2 200 booking-core_gb.js Show response
all.accor.com/scripts-v2112/set/ 429 KB
118 KB 29ms
27ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/booking-core_gb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 177223
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 120047
x-gen-id: bd321193d3e4b5a620753da108a69778
x-served-by: cache-hhn4072-HHN
x-unique-id: d3f7d21d6cda3abf3fc195d999ac113e
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896178,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: WQj3tCarGVwJjOhiu95YmIreQmZdfuIqxOg_PDmTfk0v7hG2h5ckdg==
x-cache-hits: 1

GET
H2 200 autocompletion.js Show response
all.accor.com/scripts-v2112/set/ 29 KB
8 KB 30ms
28ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/autocompletion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178248
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 7972
x-gen-id: f37e17f2900b9b9241c31a81a5ae9a43
x-served-by: cache-hhn4072-HHN
x-unique-id: 7472a4a7ba0a91290f33a9bde1796eaf
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896222,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: GDOkJmJYEa883uDsj_ENXm7A1hFhZiBaAzvAEgTq2Iwx_8nzric-4Q==
x-cache-hits: 1

GET
H2 200 booking-engine.js Show response
all.accor.com/scripts-v2112/set/ 169 KB
31 KB 30ms
29ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/booking-engine.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 31772
x-gen-id: eda39ce7bf30bca3f719d8110c94be21
x-served-by: cache-hhn4072-HHN
x-unique-id: 3a0b182b4f4f69c105eeabc6771c15eb
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896275,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: havy9WRdOdZ8UvkihwYyvpAbJrFf0uOZkFTSUT36yj-KduK9RlnkiQ==
x-cache-hits: 1

GET
H2 200 popins.js Show response
all.accor.com/scripts-v2112/set/ 82 KB
21 KB 30ms
28ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/popins.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 21158
x-gen-id: c6299689a22ee39ea6e19cb3fc487ac3
x-served-by: cache-hhn4072-HHN
x-unique-id: 6cb5de97bdf3623415a1b19aaf2d84d4
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896362,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: zHNhZDSTyi4Uxfrn8YiRa9pk--4d9FxRX-Q6Cabk9bRQ_VB-L_XcRA==
x-cache-hits: 1

GET
H2 200 promotions-offers_gb.js Show response
all.accor.com/scripts-v2112/set/ 329 KB
90 KB 28ms
27ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 156463
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 91383
x-gen-id: 8bac520b3e464654317d9c50416a4a7a
x-served-by: cache-hhn4072-HHN
x-unique-id: 9738f80966e6cf32d80a5e2fd109fb49
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896388,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: KLkzspBRUEMkFplvdf7i93b_ZDINY13y5VAIwOtMmpvJ53G-7YYjrA==
x-cache-hits: 1

GET
H2 200 main.js Show response
all.accor.com/scripts-v2112/ 709 KB
189 KB 28ms
27ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/main.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 131261
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 193663
x-gen-id: cca21b8a074f09b29e411f50b2cc10c7
x-served-by: cache-hhn4072-HHN
x-unique-id: 240f20169bb316c63016659f7a2e4ee1
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.896444,VS0,VE1
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: -IlPSkZtZVQt9fnD27KkRkV5C-pjr1w8G9wYAIIgq0s88kKkbg4M9g==
x-cache-hits: 1

GET
H2 200 px.gif
all.accor.com/imagerie/ 43 B
495 B 9ms
9ms Image
image/gif 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/imagerie/px.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

7f68affba3f1c780f877960c7ee3e441309078b41043d35501e2eda8f7fde683

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 0b9e85cfe8fe19b385db56d32b4ce802.cloudfront.net (CloudFront), 1.1 varnish
age: 178251
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: ENABLED
server-timing: dtSInfo;desc="1"
content-length: 43
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 0aec3d5678c25076d1628af48d0541cc
x-clacks-overhead: GNU Terry Pratchett
last-modified: Tue, 30 Nov 2021 13:29:41 GMT
server: fasterize
x-timer: S1638535174.985279,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Host,Origin
content-type: image/gif
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-accor-asset: ecom
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: WnkDyEiCs3CsU_rVv68MZi_bOiZTgF4H4463_VnnV5KCjip5OR36NQ==
x-fstrz: ecc,Z,p
x-cache-hits: 147

GET
H2 200 globalSign.gif
all.accor.com/imagerie/commun/footer/ 3 KB
3 KB 9ms
8ms Image
image/gif 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/imagerie/commun/footer/globalSign.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

01a7150b75bfd0acaa9bd97cc147022706b4fec3d6ed9735173b77448dbb48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront), 1.1 varnish
age: 178243
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 3014
x-gen-id: bf73ac5f7f3916de544d13195d232d4e
x-served-by: cache-hhn4072-HHN
x-unique-id: 5c694d09da8db1aadd1358eae1502d32
last-modified: Tue, 30 Nov 2021 13:31:58 GMT
server: fasterize
x-timer: S1638535174.985747,VS0,VE0
date: Fri, 03 Dec 2021 12:39:33 GMT
vary: Origin
content-type: image/gif
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: CttAnuu6xYEvbmgBK4o1YobqlfSNbuh34QaeCW5k7_hD5HxMgk6Ksg==
x-fstrz: o,c
x-cache-hits: 8

GET
H2 200 ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/ 237 KB
89 KB 9ms
8ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178269
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 90473
x-gen-id: de9866000d131ff7ae3f4e490822cd14
x-served-by: cache-hhn4072-HHN
x-unique-id: a09fb7baefbfc12b3b965f908aeddfc1
expires: Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.167791,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits: 1079

GET
H2 200 main.js
all.accor.com/services/webview-consent/scripts-v2112/ 4 KB
2 KB 16ms
15ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178269
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.167867,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1790

GET
H2 200 87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ 3 KB
2 KB 36ms
18ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Q/oKYcvv88yFXq/UgjQcqQ==
age: 9308
vary: Accept-Encoding
content-length: 1420
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:35 GMT
server: cloudflare
etag: 0x8D972B6C4870440
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbc599cc0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 266 KB
68 KB 45ms
18ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKQN7D

Requested by

Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f6bee0f5c99de49d1a9ac883dc86c6b682439fcec623456efddaff410eb8dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69275
x-xss-protection: 0
last-modified: Fri, 03 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 account-24.svg
all.accor.com/components/login-nav/components/button-logo/svg/ 935 B
859 B 8ms
7ms Image
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/components/login-nav/components/button-logo/svg/account-24.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178203
via: 1.1 f06c87fa57d0c9fd7439d7fdbd148c63.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 528
x-gen-id: fde2fedfb93aed36064a8c64421ab00e
x-served-by: cache-hhn4072-HHN
x-unique-id: 7341a798e746876486a48dfdea11b940
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535174.167613,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: ngX7ZuuGfElES9Z5ja63_RJQl-Tsgld1dKFAB6yJPY5hAnogsozM4A==
x-fstrz: o,c
x-cache-hits: 9

GET
H2 200 loginnav.en.json Show response
all.accor.com/components/login-nav/locales/ 612 B
918 B 17ms
16ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/login-nav/locales/loginnav.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h3vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront), 1.1 varnish
age: 178179
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="911752641"
content-encoding: gzip
content-length: 434
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: a1aaed6fc29b1a8c2ce352bd1120ea9c
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.167503,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: VAG1DgvkfvLznhcZAMHUMHa5DJlSElO83nep3Hd4FqZzL-kvi2oDhg==
x-cache-hits: 1

GET
DATA 200
OK truncated
/ 306 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 index.en.json
all.accor.com/components/header/locales/ 0
1017 B 15ms
15ms Other
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/header/locales/index.en.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
age: 178197
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 648
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 9c5f3951d705a5dc9bb6e04f0d25c690
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.168708,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: -vOAtvURuehosz47qI-GrNipuhwizGZM6b6USje4BpQES5d0NaXSMg==
x-cache-hits: 10

GET
H2 404 bg_hub.gif
all.accor.com/imagerie/promotions-offers/ 10 KB
10 KB 61ms
61ms Image
text/html 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/imagerie/promotions-offers/bg_hub.gif

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

8dc1fef758902b185875fd61e28de5c3687e9550e69e1fc541822771c6e8f676

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/css-v2112/set/promotions-offers/index.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
x-cache: Error from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
server-timing: dtSInfo;desc="1"
content-length: 5370
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 77184ffd3c4c5d4d9bd90d11de9d96fd
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: stc,Z,p
server: fasterize
x-timer: S1638535174.175800,VS0,VE54
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-type: text/html; charset=utf-8
via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
expires: 0
cache-control: no-store, no-cache="Set-Cookie"
fastly-version: V63
x-accor-asset: wise
x-cdn-forward: Fastly
accept-ranges: bytes
x-ruxit-js-agent: true
x-amz-cf-id: ayIh16_y11rdJpVIEy-NNXiWd2E7nMfahnqiiPMveVkxaNAG2lMl1w==
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 49 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bae778f7c1118ad0e77c4b70bba0703991dd0c91ed87b577d92219b4f70ef66f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 common-sprite.png
all.accor.com/imagerie/commun/pictos/ 16 KB
17 KB 10ms
9ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/imagerie/commun/pictos/common-sprite.png

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

6852c5128a7e7fa162cf99181cfb0a646bc680dbc9e4c3130705428aeed34bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/css-v2112/set/promotions-offers/index.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront), 1.1 varnish
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 16888
x-gen-id: e52a3888d4dc5cbea5ffdeb28503821f
x-served-by: cache-hhn4072-HHN
x-unique-id: 9cdd5a568078467569c779627d1e0990
last-modified: Tue, 30 Nov 2021 13:29:09 GMT
server: fasterize
x-timer: S1638535174.176502,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Host,Origin
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: uuXznzPrXYDmxPPpS99SC-M7sQnzz1XaFUtvdoXAn_ytDJVuUgQDBw==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 lato-bold.woff2
all.accor.com/assets/fonts/lato/bold/ 23 KB
23 KB 10ms
9ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/fonts/lato/bold/lato-bold.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/styles-v2112/styles-global.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

18e425aaa2caa6839f38ab8dc661bb8e59d071a4675f7e05fa221636f064a8a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/styles-v2112/styles-global.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 5b6e22c950501920595c86fc25834583.cloudfront.net (CloudFront), 1.1 varnish
age: 178251
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 23736
x-gen-id: 0009d4ca9715a620f6fa2ddabfc0a1c9
x-served-by: cache-hhn4072-HHN
x-unique-id: 9d0312e93a884f18b7c0868e91ff5211
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535174.179939,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ifbX1l-x_FD7pusXLDJ0G_BSTb14QbooI3F4MiuExQcCRn_Et-lpyQ==
x-fstrz: o,c
x-cache-hits: 169

GET
H2 200 lato-regular.woff2
all.accor.com/assets/fonts/lato/regular/ 23 KB
23 KB 12ms
10ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/fonts/lato/regular/lato-regular.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/styles-v2112/styles-global.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

9588b8874bd624c3306bdc5be18215767b7e0345ac216c67204be0d5b9fc52ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/styles-v2112/styles-global.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age: 178251
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 23556
x-gen-id: f014fa37798b1e7cc1fcb6e7ca41a40a
x-served-by: cache-hhn4072-HHN
x-unique-id: ea46c0eb39e00cadbf261f4ab2151229
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535174.180478,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 4d-Ixbhuy6SnECNDMxuDNc7Jy9HJHGMybxDWs4rAG5pS0k4fsv74Qg==
x-fstrz: o,c
x-cache-hits: 166

GET
H2 200 roboto-regular.woff2
all.accor.com/assets/fonts/roboto/regular/ 52 KB
52 KB 11ms
10ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/fonts/roboto/regular/roboto-regular.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

ef3fb28d8dd00170c8ab66069052f98895d76efec6723db1cc2335c0daee7faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
age: 178263
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 52892
x-gen-id: d00968c035510767e453837be43d7d2b
x-served-by: cache-hhn4072-HHN
x-unique-id: 42cf9dd895e73e8e80779dc5a0ef3eaa
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535174.180573,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 68A0DAHIdN6c_f4zLdGd12gTyKHsnI1EqSg96ttkgOm2MPJrE_Wx4A==
x-fstrz: o,c
x-cache-hits: 1002

GET
H2 200 lato-regular-webfont.ttf.woff2
all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/ 127 KB
128 KB 18ms
17ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/lato-regular-webfont.ttf.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

2b896d6bb4408d45a7a48315a8616ec07dfc0313b8523b7d09fc84cc633edc69

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront), 1.1 varnish
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 130392
x-gen-id: 0cfcbc41e792bf8ea63c7ef3f26d056d
x-served-by: cache-hhn4072-HHN
x-unique-id: f154d98be66ac97b52827e69aca11802
last-modified: Thu, 18 Nov 2021 16:37:26 GMT
server: fasterize
x-timer: S1638535174.180732,VS0,VE1
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ToWkZ_aohl1Yu7BWkLBEvVDEpPE1NnlW0uF7WljQ66DPZU59qn_SOw==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 lato-bold-webfont.ttf.woff2
all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/ 128 KB
128 KB 19ms
17ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/lato-bold-webfont.ttf.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a66a965881a85c8928b4b4d60095164de16d693135e6d7f095e141b8bc68e519

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 130796
x-gen-id: 1bb2ebe31c63cf6fc4fe6add99a1f642
x-served-by: cache-hhn4072-HHN
x-unique-id: bfc23592376b349fb8f66f3dfd315899
last-modified: Thu, 18 Nov 2021 16:37:27 GMT
server: fasterize
x-timer: S1638535174.180815,VS0,VE1
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: WdAZWy4wMmILhmHw2q2drel2rHR8W560rPrdC7nnOMJJHY4F5EWhiQ==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 icon-fonts-sharing.woff2
all.accor.com/assets/icons/sharing/ 3 KB
3 KB 17ms
15ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/icons/sharing/icon-fonts-sharing.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/commun/footer_cr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

19eddfb22ef270441f545430e2a8607f588e1d72069a8507e8496c1c56eecdcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/css-v2112/commun/footer_cr.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
age: 178244
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 2868
x-gen-id: 47bad063b629243595f01fb9c61d17b3
x-served-by: cache-hhn4072-HHN
x-unique-id: 763e20f1f483dcc08d6bdded17843db3
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535174.180937,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: U24_hXmXvD29KBzL6VKrM0Y3S9ok5K6Ql1q5XdDcZJxUyWq3ySZOuA==
x-fstrz: o,c
x-cache-hits: 5

GET
H2 200 icon-fonts-sharing-logos.woff2
all.accor.com/assets/icons/sharing/logos/ 2 KB
2 KB 16ms
15ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/icons/sharing/logos/icon-fonts-sharing-logos.woff2

Requested by

Host: all.accor.com
URL: https://all.accor.com/css-v2112/commun/footer_cr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

2e8c4f9557817a416f5e4b2fdc641f10505fecf93b514796e1b8190304f0fc84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/css-v2112/commun/footer_cr.css
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront), 1.1 varnish
age: 178244
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 1920
x-gen-id: c1b51c3a0160f7c6ae2771792acc9f21
x-served-by: cache-hhn4072-HHN
x-unique-id: 0b63e49b29b2fbd3afff0b8a424d513a
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535174.181270,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: lUyL9v3vz3ZFmGGGlbux86tWerOi0qEtJMgQCjUMVmO6x2CyfISWbw==
x-fstrz: o,c
x-cache-hits: 2

GET
H2 200 jquery-min-cms.js
all.accor.com/scripts-v2112/lib/ 94 KB
33 KB 11ms
10ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/lib/jquery-min-cms.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 33404
x-gen-id: eb13dd30ca44dbc16d4d8bb9005a0b37
x-served-by: cache-hhn4072-HHN
x-unique-id: 54fd11eb759e819214bcf95b0fa0bfe5
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.256197,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: mLxjq88IvgrtUdM33awXzlUkDbYalRDalK3TDyE5DFAsPV-BTdE_zQ==
x-cache-hits: 2

GET
H2 200 jquery-2.2.4.min-ah.js
all.accor.com/scripts-v2112/lib/ 186 KB
62 KB 10ms
9ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178223
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 62687
x-gen-id: b466b0668b2a13b5078291f3cb657a60
x-served-by: cache-hhn4072-HHN
x-unique-id: b28e8f4ea8ebbff696c607bfb4abf1e2
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.256281,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: aduqozj1AQrsQMVZlC4uQqXJd7BaCloulfzSg9iEj7C79h8bxE5SzQ==
x-cache-hits: 2

GET
H2 200 booking-core_gb.js
all.accor.com/scripts-v2112/set/ 429 KB
118 KB 16ms
16ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/booking-core_gb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 177223
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 120047
x-gen-id: bd321193d3e4b5a620753da108a69778
x-served-by: cache-hhn4072-HHN
x-unique-id: d3f7d21d6cda3abf3fc195d999ac113e
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.256365,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: WQj3tCarGVwJjOhiu95YmIreQmZdfuIqxOg_PDmTfk0v7hG2h5ckdg==
x-cache-hits: 2

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 193 B
403 B 65ms
23ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b7cdbc75ef04aa4-FRA

GET
H2 200 autocompletion.js
all.accor.com/scripts-v2112/set/ 29 KB
8 KB 21ms
20ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/autocompletion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178248
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 7972
x-gen-id: f37e17f2900b9b9241c31a81a5ae9a43
x-served-by: cache-hhn4072-HHN
x-unique-id: 7472a4a7ba0a91290f33a9bde1796eaf
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.258581,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: GDOkJmJYEa883uDsj_ENXm7A1hFhZiBaAzvAEgTq2Iwx_8nzric-4Q==
x-cache-hits: 2

GET
H2 200 booking-engine.js
all.accor.com/scripts-v2112/set/ 169 KB
31 KB 21ms
21ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/booking-engine.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 31772
x-gen-id: eda39ce7bf30bca3f719d8110c94be21
x-served-by: cache-hhn4072-HHN
x-unique-id: 3a0b182b4f4f69c105eeabc6771c15eb
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.258784,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: havy9WRdOdZ8UvkihwYyvpAbJrFf0uOZkFTSUT36yj-KduK9RlnkiQ==
x-cache-hits: 2

GET
H2 200 popins.js
all.accor.com/scripts-v2112/set/ 82 KB
21 KB 24ms
23ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/popins.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178247
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 21158
x-gen-id: c6299689a22ee39ea6e19cb3fc487ac3
x-served-by: cache-hhn4072-HHN
x-unique-id: 6cb5de97bdf3623415a1b19aaf2d84d4
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.259282,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: zHNhZDSTyi4Uxfrn8YiRa9pk--4d9FxRX-Q6Cabk9bRQ_VB-L_XcRA==
x-cache-hits: 2

GET
H2 200 promotions-offers_gb.js
all.accor.com/scripts-v2112/set/ 329 KB
90 KB 25ms
24ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 156463
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 91383
x-gen-id: 8bac520b3e464654317d9c50416a4a7a
x-served-by: cache-hhn4072-HHN
x-unique-id: 9738f80966e6cf32d80a5e2fd109fb49
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.259571,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: KLkzspBRUEMkFplvdf7i93b_ZDINY13y5VAIwOtMmpvJ53G-7YYjrA==
x-cache-hits: 2

GET
H2 200 main.js
all.accor.com/scripts-v2112/ 709 KB
189 KB 29ms
29ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/main.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 131261
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 193663
x-gen-id: cca21b8a074f09b29e411f50b2cc10c7
x-served-by: cache-hhn4072-HHN
x-unique-id: 240f20169bb316c63016659f7a2e4ee1
x-fstrz: o,c
server: fasterize
x-timer: S1638535174.259771,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Host,Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: -IlPSkZtZVQt9fnD27KkRkV5C-pjr1w8G9wYAIIgq0s88kKkbg4M9g==
x-cache-hits: 2

GET
H2

200

index.shtml Show response
all.accor.com/authentication/landing/ Frame C252
Redirect Chain

https://api.accor.com/authentication/v2.0/authorization?appId=all.accor&prompt=none&redirect_uri=https://all.accor.com/authentication/landing/index.shtml
https://login.accor.com/as/authorization.oauth2?client_id=all.accor&response_type=code&accorregister=false&request=eyJraWQiOiJIMWhSbjlrbG9kTVBkdjJrOTJCdHY1ZGxEQTUtczg3Zk85SVlUUkRqa1pwIiwidHlwIjoiSl...
https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

7 KB
3 KB

75ms
75ms

Document
text/html

151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Requested by

Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

4dbd3040f0e3280903f9d26ae340099dcc48a2ed61f88437aced99aacc3a6fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

content-type: text/html; charset=utf-8
x-unique-id: 43618249b11ce52c291f689d3035d016
x-oneagent-js-injection: true
x-ruxit-js-agent: true
p3p: CP="NO P3P POLICY"
x-clacks-overhead: GNU Terry Pratchett
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection: 1; mode=block
referrer-policy: origin
x-accor-asset: wise
server-timing: dtSInfo;desc="0", dtRpid;desc="2058574785"
strict-transport-security: max-age=15552000
x-cache-response: DISABLED
x-fstrz: o
server: fasterize
content-encoding: gzip
via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: EKyRyOAXkXtPf7mQD8QLOYSgRD8M6c86kK_firL9Nz50gkBWUMMUkQ==
accept-ranges: bytes
date: Fri, 03 Dec 2021 12:39:34 GMT
x-served-by: cache-hhn4072-HHN
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1638535175.587817,VS0,VE68
vary: Accept-Encoding, Origin
x-cdn-forward: Fastly
fastly-version: V63

Redirect headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: text/html;charset=utf-8
content-length: 0
x-frame-options: SAMEORIGIN
referrer-policy: origin
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required#.
strict-transport-security: max-age=15724800; includeSubDomains
x-cdn: Imperva
x-iinfo: 13-339838483-339838484 NNNN CT(4 8 0) RT(1638535173846 0) q(0 0 0 0) r(0 0) U11

GET
H2 200 promo_gb.js Show response
all.accor.com/scripts-v2112/hotels-offers/i18n/ 865 B
1 KB 8ms
8ms XHR
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/scripts-v2112/hotels-offers/i18n/promo_gb.js?_=1638535173465

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

b892a75f0dd129bb98a7d720993fcad637939cbd9459afb44eb61002ce9d33ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h4vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront), 1.1 varnish
age: 175346
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: ENABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 573
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: d08e8f76388a4ce6c86d77d1aba6c7b2
x-clacks-overhead: GNU Terry Pratchett
expires: Wed, 01 Dec 2021 12:57:08 GMT
x-fstrz: w,p
server: fasterize
x-timer: S1638535174.332689,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript
x-cdn-forward: Fastly
cache-control: max-age=3600, s-maxage=5, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: WjAeX2DhGytbqaCnqY7WzM7i5XjgHl1jf2PigOwAjMQx7axyExH4Ag==
x-cache-hits: 1

GET
H2 200 getViewBeans.action Show response
all.accor.com/bean/ 621 B
1 KB 69ms
69ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000, max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h5vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 3044c9bc-9c14-4e8a-a097-92bad3a95406
strict-transport-security: max-age=15552000, max-age=15552000
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="449280960"
content-length: 621
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: aaf1d15aa891772b5710001687d19c86
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.346944,VS0,VE61
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: xzfOPK4cGByU0KmgMAcGXSCmKpmY5F6aQbvQlySoMq1DCBHCJ_DAvQ==
x-cache-hits: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/de_DE/ 3 KB
2 KB 53ms
17ms Script
application/x-javascript 2a03:2880:f008:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a9176024a28601348ed4672fdc49e08600bfc751477770154390503d03c16a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: JTT/x+KwIdA1XZ4+oI70Lg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: eI31JzDxroSMdGhILB6/aTeUOXsl2rM6YwS0tL9KRe7nK/WajvAUqNhcRxChLvtbvSVYA5Ip/iYZ6DdF68D1kA==
x-fb-trip-id: 19638678
x-fb-content-md5: f7e0916892501fd13518d9ead1886d9e
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "7b7a6e3dd94199f4a80cb23b47b4cbfe"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 03 Dec 2021 12:44:45 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 52 KB
21 KB 65ms
38ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js?_=1638535173466

Requested by

Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0eb4cc8760c02d0de878a8ceeef038d371f739a3a969c324e3cf79aca031d52c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-B5sHSVqNKDxk8HvBTIUMyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "3f9e0fc992ef48fd58f5e86f448068fe"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-B5sHSVqNKDxk8HvBTIUMyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 1385751076072-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 36 KB
37 KB 10ms
9ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385751076072-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

f51b94e97479ec49afa97ab34eec54626db8964ff5dc98640e4bc0e109417c88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 319f376925908156190f5fc160137b43.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 37049
x-gen-id: 66707192ba2ac987005f0a7107e7298c
x-served-by: cache-hhn4072-HHN
x-unique-id: 3fae9ad4c17efd193e996489b76275b0
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.363517,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 6fhzJ--BKCuEhF0gXfbnDnNAu0ZqKS4vY49QxFy5-iwgi_XFSGTpqQ==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 1385750707106-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 27 KB
28 KB 11ms
10ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385750707106-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

fb6f836bb8707b5249b47fc76b85207a44ae522209cb77570a70456564c7ec49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 28029
x-gen-id: e2019871a4947d6c87e6ea35b5f65b42
x-served-by: cache-hhn4072-HHN
x-unique-id: 1e50b4f94765f9cff04990821f2ea6b3
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.363618,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: tdSePTKBpF160e9KO99ghz4KKVa2A9iAdMJPhLtdQshTLbqlK2dFnw==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 1385750780934-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 45 KB
45 KB 11ms
10ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385750780934-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

b1b447c9f6fdd0b01b342fa0859dd0e0b09f5050b9c278937726becbe91c610b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 46225
x-gen-id: b2cbbd19979b0aa30c494c727b07020e
x-served-by: cache-hhn4072-HHN
x-unique-id: 10e9c3bc3fcbc9f640f6c24dc2aefe96
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.363713,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: _XYH-0JydVSLbYfUMONVh5-hk8G8Q0knOr0IUGwANmfcmVmRzXCduw==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 1385749836520-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 32 KB
32 KB 15ms
14ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385749836520-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

61bf46ddd0347eefdeb6150a5a9fc0fc7364c8bdee2d7b34b8c52aeaf6247d7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 32577
x-gen-id: 02fa7a4c268997f4f13cb2f1f8c01304
x-served-by: cache-hhn4072-HHN
x-unique-id: abcd6818fec884d7bc3dfbca51b1555e
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.363915,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: uJnIxgYoiTEaqWRqfSgg00vo9bUr2Zb9JMVMgcwCz6sE6rxnnFiDyw==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 1385754185430-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 22 KB
23 KB 20ms
20ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385754185430-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

2debfc21d7901a5ed1bef7f33da5c833e6cffe8ccf5fed6959c3745c0576d696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 22821
x-gen-id: 1c8e79b4c30f19eaa8fff51eeb1ccfdd
x-served-by: cache-hhn4072-HHN
x-unique-id: 7fafeaa23c92433ced3ee71c1db2662f
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.364245,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Wfuu62jNmtlQlCgjDf-xXmqgPfEG-0jDj4GMTXyRZOhWx00lXGImlg==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 1385749199997-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/ 38 KB
38 KB 21ms
20ms Image
image/jpeg 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/gb/promotions-offers/img/1385749199997-1385494950405.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

68fcfaa7232b50c7033d0c08b3cdbbee150b047c4cfa6445705318abf4e1303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000, max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000, max-age=15552000
via: 1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront), 1.1 varnish
age: 2611
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 38955
x-gen-id: b0ac2a0113920a130dfe53df4e6cc69e
x-served-by: cache-hhn4072-HHN
x-unique-id: 4d5a406c666a290925fd14eb17e472a1
last-modified: Wed, 01 Dec 2021 18:12:11 GMT
server: fasterize
x-timer: S1638535174.364322,VS0,VE1
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: lj9NWs6NgQPG1x5yqCoN_jxiLgcJFGEGmaN92X1mrmzdI9Zh8Pl2Ng==
x-fstrz: o,c
x-cache-hits: 1

GET
H2 200 getViewBeans.action Show response
all.accor.com/bean/ 621 B
1 KB 97ms
96ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h13vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 3e71bf0b-6d90-47a8-a7df-e3c9f586a9d0
strict-transport-security: max-age=15552000
via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="840922296"
content-length: 621
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: c5fec544c591f4bab98a8d2bc0c700db
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.368568,VS0,VE89
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: NXoUehaitLwauaaWX4NbgQnrJBLs6opOZVTgTyB-srssFByT_Cu6kw==
x-cache-hits: 0

GET
H2 200 config.en.json Show response
all.accor.com/header/ 12 KB
5 KB 8ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/header/config.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h14vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age: 178179
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 4472
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 405caba66a97f394422324c1ff48b5ac
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.377955,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Host,Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-accor-asset: ecom
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: 2UFmiEWwSo8hQwuB2vLjkfLUrER2axP4YXHi19Stgi7vt4iean_lNw==
x-cache-hits: 4

GET
H2 200 getViewBeans.action Show response
all.accor.com/bean/ 621 B
1017 B 121ms
120ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h15vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 9cd5395e-a579-45b5-8933-f06878dddea3
strict-transport-security: max-age=15552000
via: 1.1 3296b04068551f925d5fafd1b785ff31.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-length: 621
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: a0067acf6e6356db1e012241402bc20a
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.384499,VS0,VE112
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: oKLeOGWFNZBdTEkSBrYJE3PE5Fmr8BBO-QNINoxSosXpa0La-nnNsg==
x-cache-hits: 0

GET
H2 200 config.en.json Show response
all.accor.com/header/ 12 KB
5 KB 8ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/header/config.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h16vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age: 178179
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 4472
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 405caba66a97f394422324c1ff48b5ac
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535174.389611,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Host,Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-accor-asset: ecom
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: 2UFmiEWwSo8hQwuB2vLjkfLUrER2axP4YXHi19Stgi7vt4iean_lNw==
x-cache-hits: 5

GET
H2 200 loyalty-program.svg
all.accor.com/components/login-nav/components/loyalty-card/svg/ 5 KB
3 KB 8ms
7ms Image
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/components/login-nav/components/loyalty-card/svg/loyalty-program.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178202
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 2160
x-gen-id: 991b64818ec21f14569763422fff3765
x-served-by: cache-hhn4072-HHN
x-unique-id: 49bcedea0f3e47c57a50868f2780b0e4
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535174.453182,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: YKFBbq4LOrTsWzmGARauEw5SsiniKbP5zpNfWyDQUvbsfvokqkDc6Q==
x-fstrz: o,c
x-cache-hits: 7

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 148 KB
51 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 14:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51670
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 14:25:15 GMT

GET
H2 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 96 KB
33 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 14:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33908
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 14:25:16 GMT

GET
H2 404 fastbutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame 6AFE 2 KB
2 KB 8ms
8ms Document
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1585
date: Fri, 03 Dec 2021 12:39:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 getViewBeans.action Show response
all.accor.com/bean/ 5 KB
4 KB 84ms
82ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean|CurrenciesViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535173970&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

8b478084411b06a69b79593b9c413ff1db2af1008305f1cb63331224569e69a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://all.accor.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h17vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: d3437d82-d459-4ae0-bf8b-7cda15c4a031
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="-1119567447"
content-length: 3395
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 9cff73365b9a87301744d46f0c095e61
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.534873,VS0,VE74
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: hEznC9aXQUfoA4KJxkLXDSPiVFGULS3xV7QzZjnu7cNq3tqLLV89aQ==
x-cache-hits: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 26ms
25ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 3933123
vary: Accept-Encoding
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbc8eb30d618-MXP

GET
H3 200 sdk.js Show response
connect.facebook.net/de_DE/ 291 KB
82 KB 41ms
20ms Script
application/x-javascript 2a03:2880:f008:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js?hash=edbdb5e9e4a6635fa4d9557eeb4cd101

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b1ee98990c7c65268f3bcb450fa3f055f9fb1eebfd63f3602951475181eaaa13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://all.accor.com/
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: DCN1184otYt7Lq8RTdVF6A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84367
x-fb-rlafr: 0
x-fb-debug: ynmYRKfeo+Y8YD7j0Ul8JH3TxToyvXdn8aroxb9avmH1fkN8z5CtUkN++ZLDvuKc+YLFrLaciDnQPjRh58kxag==
x-fb-content-md5: 4920d63791c6033336e7261c827a0c48
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "ae0d233a17cff83d31bfeb90a1f45ad8"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 03 Dec 2022 11:07:26 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 460 KB
99 KB 43ms
27ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PKFTZMK&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKQN7D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

51e5f9626e4a0a622abd3b6a613b0f6a2e8f84c350cfb29500be385e18ff25d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101012
x-xss-protection: 0
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 currencyMap.action Show response
all.accor.com/ajax/currency/ 7 KB
5 KB 447ms
446ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174040&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h18vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 5955d367-b185-4564-995d-3453dc7cb607
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-length: 4415
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: a2e6cae49429fe1c47929a82f6ab935a
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.602904,VS0,VE439
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: 3OVZcSNFzef4gdxrzSELMcXzr-q2kVZ9d_O2JYYaFmGN8wpgRSvRsA==
x-cache-hits: 0

GET
H2 200 displayVersionViewBean.action Show response
all.accor.com/ajax/localisation/ 14 KB
5 KB 896ms
895ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/localisation/displayVersionViewBean.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174045&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h19vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: a3b52ff6-aca3-4349-976f-1c4d44aef2bd
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="-1384331638"
content-length: 4650
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 0b565464e6a89c0c53ae7cf4e1791e94
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.616561,VS0,VE880
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: -ow6Q30ZAJOR3g3xLfZ9TC8Rr-X5Uuy9myV5xvhHWauYmNt5USSiCw==
x-cache-hits: 0

GET
H2 200 displayVersionViewBean.action Show response
all.accor.com/ajax/localisation/ 14 KB
5 KB 890ms
888ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/localisation/displayVersionViewBean.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174065&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h20vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 215c64e3-5acd-42a2-974c-4e5efcf47cc2
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="-506856190"
content-length: 4650
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: e6b20ff9cfba8d86246b81ebee4f2413
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.630062,VS0,VE881
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: qlleI49WEqp0X6eg68QpL9TXNQnu6l5EKbzi-gv2MWlePT8ApG1UXg==
x-cache-hits: 0

GET
H2 200 currencyMap.action Show response
all.accor.com/ajax/currency/ 7 KB
5 KB 402ms
401ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174076&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000, max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h21vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: fbe32d77-6979-4151-a34b-5ee5ea3d1734
strict-transport-security: max-age=15552000, max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 4612dc3b414cf2057f542e94733d59bd.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="-1172594436"
content-length: 4415
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 226d9713d12f05c2bbbb53d29ed35c44
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.647030,VS0,VE394
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: 6li4e4Ft7BHl5FFNRVtNGpqguWtcy0z1CvPo9IYBqzwNsNudReWzuA==
x-cache-hits: 0

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ 291 KB
47 KB 60ms
60ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cF828KugEm5ifV7niRSOqQ==
age: 10085
vary: Accept-Encoding
content-length: 47516
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:59 GMT
server: cloudflare
etag: 0x8D972B6D2A23BB6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbc9cf9f0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:34 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 994C 566 B
857 B 49ms
18ms Document
text/html 2a00:1450:4001:813::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2317fd367b7eb5e77a6dd7e1e18f5cd5e9d05cd055dae1382487ec56326036df

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qJ54qbyd9Cp0cI37U8k6Ew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Dec 2021 12:39:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-qJ54qbyd9Cp0cI37U8k6Ew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 6AFE 3 KB
4 KB 40ms
16ms Image
image/png 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 styles.css
all.accor.com/authentication/styles-v2112/ Frame C252 67 KB
8 KB 28ms
25ms Stylesheet
text/css 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/authentication/styles-v2112/styles.css

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

d6c6c43c6c523314595d87f55b5feb9d0d13f8ab9e9d123f29f1a5ec54e0dffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 7447
x-gen-id: 595792d76e84a43c06032576ab4628c2
x-served-by: cache-hhn4072-HHN
x-unique-id: 7edf6fe8fac69d7fb211e894f70bd005
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.758197,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/css
via: 1.1 c3b74c81fdcb7942211a6c721efa13fd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: I7MzgilGA-EgOVcugG8EMeYVGwczeWl9Mvjf0L394mPEGGhhXCGv0A==
x-cache-hits: 87

GET
H2 200 ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js Show response
all.accor.com/ Frame C252 237 KB
89 KB 26ms
24ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 90473
x-gen-id: de9866000d131ff7ae3f4e490822cd14
x-served-by: cache-hhn4072-HHN
x-unique-id: a09fb7baefbfc12b3b965f908aeddfc1
expires: Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.758288,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits: 1080

GET
H3 200 optimize.js Show response
www.googleoptimize.com/ Frame C252 264 KB
59 KB 48ms
32ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea0a0d171ccac7a9fc28af7fce59ae181389ddc6851d904a91bcdd2b479daf3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60371
x-xss-protection: 0
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 main.js Show response
all.accor.com/services/webview-consent/scripts-v2112/ Frame C252 4 KB
2 KB 25ms
23ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.758400,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1791

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ Frame C252 19 KB
6 KB 37ms
35ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Lh0CEVPkmGuwf4KyqdKdhw==
age: 7100
vary: Accept-Encoding
content-length: 6403
x-ms-lease-status: unlocked
last-modified: Mon, 29 Nov 2021 20:31:03 GMT
server: cloudflare
etag: 0x8D9B37729BED1A3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 52709849-801e-006e-5672-e571cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbca2c98d618-MXP

GET
H2 200 main.js Show response
all.accor.com/authentication/landing/scripts-v2112/ Frame C252 216 KB
61 KB 24ms
23ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/authentication/landing/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 62225
x-gen-id: d990b34ccc8090c38633c47d11bba1da
x-served-by: cache-hhn4072-HHN
x-unique-id: f541b74396cabea3838fd096143aa921
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.758510,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: O04mmGI500Es4rMD1_d_fG_v-A4s63a5jTG-WluIMrV7UHk_FI9W5w==
x-cache-hits: 174

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 9 KB
3 KB 16ms
15ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cGkddLGcEkFdkLgUFXgOUA==
age: 3933118
vary: Accept-Encoding
content-length: 2584
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:52 GMT
server: cloudflare
etag: 0x8D96DBF69965AE8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbca68840eb7-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ 47 KB
11 KB 24ms
23ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +0xPzL52AeUkZsqLfWvieg==
age: 3933118
vary: Accept-Encoding
content-length: 11387
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF69F1D28E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbca78880eb7-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 22ms
22ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 3933118
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b7cdbca78920eb7-FRA

GET
H2 200 3087399934-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 994C 10 KB
5 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/3087399934-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 20:10:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318529
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4296
x-xss-protection: 0
last-modified: Fri, 19 Nov 2021 03:08:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 20:10:45 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 994C 13 KB
5 KB 51ms
51ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LcAnut/3viGYCte2OOs1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-LcAnut/3viGYCte2OOs1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Fri, 03 Dec 2021 12:39:34 GMT

GET
H2 200 87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame C252 3 KB
1 KB 20ms
20ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Q/oKYcvv88yFXq/UgjQcqQ==
age: 9308
vary: Accept-Encoding
content-length: 1420
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:35 GMT
server: cloudflare
etag: 0x8D972B6C4870440
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbcad9140eb7-FRA
expires: Fri, 03 Dec 2021 16:39:34 GMT

GET
DATA 200
OK truncated
/ Frame C252 306 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/ Frame C252 237 KB
89 KB 20ms
19ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 90473
x-gen-id: de9866000d131ff7ae3f4e490822cd14
x-served-by: cache-hhn4072-HHN
x-unique-id: a09fb7baefbfc12b3b965f908aeddfc1
expires: Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.899719,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits: 1081

GET
H2 200 main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame C252 4 KB
2 KB 18ms
17ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178270
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.899851,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1792

GET
H2 200 main.js
all.accor.com/authentication/landing/scripts-v2112/ Frame C252 216 KB
61 KB 17ms
17ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/authentication/landing/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178271
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 62225
x-gen-id: d990b34ccc8090c38633c47d11bba1da
x-served-by: cache-hhn4072-HHN
x-unique-id: f541b74396cabea3838fd096143aa921
x-fstrz: o,c
server: fasterize
x-timer: S1638535175.899966,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: O04mmGI500Es4rMD1_d_fG_v-A4s63a5jTG-WluIMrV7UHk_FI9W5w==
x-cache-hits: 175

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame C252 193 B
240 B 22ms
22ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:34 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b7cdbcb1e5c4aa4-FRA

GET
H2 200 loginnav.en.json Show response
all.accor.com/components/login-nav/locales/ 612 B
1002 B 14ms
14ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/login-nav/locales/loginnav.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h28vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront), 1.1 varnish
age: 178180
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="911752641"
content-encoding: gzip
content-length: 434
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: a1aaed6fc29b1a8c2ce352bd1120ea9c
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.926853,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: VAG1DgvkfvLznhcZAMHUMHa5DJlSElO83nep3Hd4FqZzL-kvi2oDhg==
x-cache-hits: 2

GET
H2 200 currencyMap.action Show response
all.accor.com/ajax/currency/ 7 KB
5 KB 436ms
436ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174370&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h29vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: ad18d3b4-02d0-41b9-b044-11bb7f1d0343
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 6fc439c8bc0a64a7ab978ce699795275.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="-1856623396"
content-length: 4415
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: e5e69e451ca92042b0fecaa1470aacbb
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.933455,VS0,VE428
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: xbTiG1ArPfwEIeIFE_Z0wfuxXnkf1v3PtBveMExGjow94pGfHgmaaw==
x-cache-hits: 0

GET
H2 200 currencyMap.action Show response
all.accor.com/ajax/currency/ 7 KB
5 KB 405ms
405ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174387&lang=en

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h30vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id: 739e678f-204a-43ee-aad7-6b7f3ad3f474
strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
x-cache-response: DISABLED
server-timing: dtSInfo;desc="0", dtRpid;desc="1482399944"
content-length: 4415
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: f9f43bb4c980385b163b5020fde8c96f
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.948223,VS0,VE398
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de-DE
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
content-type: application/json;charset=UTF-8
x-amz-cf-id: wIHE6HCeGJzkrIy9BbkJjQt3Liygf12xFT601IReI8N5eO4nivt3bA==
x-cache-hits: 0

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 994C 51 KB
18 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 12:56:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171794
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18237
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 12:56:20 GMT

GET
H2 200 account-24.svg
all.accor.com/components/login-nav/components/button-logo/svg/ 935 B
931 B 8ms
7ms Other
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/login-nav/components/button-logo/svg/account-24.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178203
via: 1.1 f06c87fa57d0c9fd7439d7fdbd148c63.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 528
x-gen-id: fde2fedfb93aed36064a8c64421ab00e
x-served-by: cache-hhn4072-HHN
x-unique-id: 7341a798e746876486a48dfdea11b940
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535175.955727,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: ngX7ZuuGfElES9Z5ja63_RJQl-Tsgld1dKFAB6yJPY5hAnogsozM4A==
x-fstrz: o,c
x-cache-hits: 10

GET
H2 200 2a22008a1a0b.js Show response
w.usabilla.com/ Frame FF14 51 KB
14 KB 115ms
30ms Script
text/javascript 52.214.99.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/2a22008a1a0b.js?lv=1
Requested by: Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.99.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-99-201.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7ebbbd0b097263f41dc3ffcabaed2601900ed9fb22e3bd704c47008fdb51df24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "7abb8e27a373fe255e25d0a48e98c99b"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 13854

GET
H2 200 logo.svg
all.accor.com/assets/images/logo/ 5 KB
2 KB 8ms
7ms Image
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/assets/images/logo/logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

43622fd79cb7b679831f09443b32a16108750d48014d9e425f6cf18bbd4ed369

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178273
via: 1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 1950
x-gen-id: 73bd033ae62765e9577c023c3c420c9d
x-served-by: cache-hhn4072-HHN
x-unique-id: 73dd667e6e8e26bb7a79b9812d0775a6
last-modified: Fri, 26 Nov 2021 09:21:45 GMT
server: fasterize
x-timer: S1638535175.996423,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: 3pQJ-UTPka-V5bz-4wQKYXZxyMrUAB5iItXsWl2LZAMbkcwXRpYa8g==
x-fstrz: o,c
x-cache-hits: 129

GET
H2 200 roboto-bold.woff2
all.accor.com/assets/fonts/roboto/bold/ 53 KB
53 KB 9ms
8ms Font
font/woff2 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/assets/fonts/roboto/bold/roboto-bold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a73ba8ada5a51f6245f8dad192953259b83419108e50865843691487c07bdfba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Origin: https://all.accor.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
age: 178263
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 54096
x-gen-id: 399cae3416eee568a3eaa62ea897cfec
x-served-by: cache-hhn4072-HHN
x-unique-id: 3b7006e77a96a790f9abd5560cf88de4
last-modified: Tue, 05 Oct 2021 14:33:24 GMT
server: fasterize
x-timer: S1638535175.997047,VS0,VE0
date: Fri, 03 Dec 2021 12:39:34 GMT
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: sKCmG2kBfon7DtR9MJTt6BpeKM5tNsBcaMT82JphmY9hMf7KieQ35Q==
x-fstrz: o,c
x-cache-hits: 763

GET
H2 200 loyalty-program.svg
all.accor.com/components/login-nav/components/loyalty-card/svg/ 5 KB
3 KB 19ms
18ms Other
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/login-nav/components/loyalty-card/svg/loyalty-program.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178203
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 2160
x-gen-id: 991b64818ec21f14569763422fff3765
x-served-by: cache-hhn4072-HHN
x-unique-id: 49bcedea0f3e47c57a50868f2780b0e4
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535175.015734,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: YKFBbq4LOrTsWzmGARauEw5SsiniKbP5zpNfWyDQUvbsfvokqkDc6Q==
x-fstrz: o,c
x-cache-hits: 8

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame C252 312 KB
75 KB 58ms
57ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 3933124
vary: Accept-Encoding
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbcbfe98d618-MXP

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame C252 291 KB
47 KB 18ms
17ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cF828KugEm5ifV7niRSOqQ==
age: 10086
vary: Accept-Encoding
content-length: 47516
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:59 GMT
server: cloudflare
etag: 0x8D972B6D2A23BB6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbcc7b6d0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:35 GMT

GET
H2

200

radar.js Show response
radar.cedexis.com/1621860284/ Frame C252
Redirect Chain

https://radar.cedexis.com/1/10096/radar.js
https://radar.cedexis.com/1621860284/radar.js

44 KB
18 KB

12ms
12ms

Script
application/javascript

35.241.57.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://radar.cedexis.com/1621860284/radar.js
Protocol: H2
Server: 35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 45.57.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
last-modified: Mon, 24 May 2021 13:00:31 GMT
server: nginx
etag: W/"60aba36f-af61"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=1209600, public
alt-svc: clear
expires: Fri, 17 Dec 2021 12:39:35 GMT

Redirect headers

date: Fri, 03 Dec 2021 12:39:35 GMT
via: 1.1 google
server: nginx
vary: User-Agent,DNT
content-type: text/html
location: /1621860284/radar.js
cache-control: max-age=600
alt-svc: clear
content-length: 154
expires: Fri, 03 Dec 2021 12:49:35 GMT

GET
H2

200

radar.js Show response
radar.cedexis.com/1621860284/
Redirect Chain

https://radar.cedexis.com/1/10096/radar.js
https://radar.cedexis.com/1621860284/radar.js

44 KB
19 KB

11ms
10ms

Script
application/javascript

35.241.57.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://radar.cedexis.com/1621860284/radar.js
Protocol: H2
Server: 35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 45.57.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
last-modified: Mon, 24 May 2021 13:00:31 GMT
server: nginx
etag: W/"60aba36f-af61"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=1209600, public
alt-svc: clear
expires: Fri, 17 Dec 2021 12:39:35 GMT

Redirect headers

date: Fri, 03 Dec 2021 12:39:35 GMT
via: 1.1 google
server: nginx
vary: User-Agent,DNT
content-type: text/html
location: /1621860284/radar.js
cache-control: max-age=600
alt-svc: clear
content-length: 154
expires: Fri, 03 Dec 2021 12:49:35 GMT

GET
H2 200 share_button.php Show response
www.facebook.com/v2.0/plugins/ Frame 73E9 44 KB
16 KB 115ms
83ms Document
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=edbdb5e9e4a6635fa4d9557eeb4cd101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a91d2e08704d224f8b2c5561696768f5a1263c68699687f6cd59315dd891c466

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: j/B49SL/6TErGN+LHBFwnjI6vLIh2y4UXXO02apYG12R7hqUUINMfG2Cu7doKVino/gki/IbCNlLsMpftkoQeA==
date: Fri, 03 Dec 2021 12:39:35 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H/1.1 200
OK accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame E2CC 3 KB
3 KB 33ms
8ms Image
image/png 52.222.206.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
Requested by: Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-77.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d66e75ff961935e0415f5c6a2742c4e375870f2eaf0b01447a5e3364ceb9a82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 01:31:29 GMT
Via: 1.1 4360596ad590d8363ce70eb7bf282e43.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Wed, 18 Nov 2020 11:25:38 GMT
Server: AmazonS3
Age: 4187288
ETag: "33db7e58f18a5aefd9fe80a87ec3b6ca"
X-Cache: Hit from cloudfront
x-amz-version-id: 7RrTJyLjZezyQlBCDWvtH9LnPMRV2hl8
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: FRA56-P3
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2821
X-Amz-Cf-Id: AvMaVUPurPByn_ZIE2w9PALHw3kIrIMltPX3ppN09QVNT4BV9Uqg8w==

GET
H2 200 boomerang-1.650.0.1574759547.0.min.js Show response
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ Frame C252 62 KB
20 KB 9ms
9ms Script
application/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/boomerang-1.650.0.1574759547.0.min.js
Requested by: Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: fasterize /
Resource Hash: ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
age: 54214
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 19802
x-gen-id: 048bb80e2a50218d9198df4f125a44e3
x-served-by: cache-hhn4072-HHN
x-unique-id: 291e3fce6b5e63d5c768cb3a1b18ae97
last-modified: Fri, 22 Oct 2021 08:12:49 GMT
server: fasterize
x-timer: S1638535175.167432,VS0,VE0
etag: W/"feab-17ca70f47e8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
expires: Sat, 01 Jan 2022 15:31:08 GMT
cache-control: max-age=2592000
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 4JyY-S73N_Svho_b0EUQbQS1zOu9_dTcBqKntExQOQGr8XcqfK3Vlg==
x-fstrz: o,c
x-cache-hits: 32

GET
H2 200 boomerang-1.650.0.1574759547.0.min.js Show response
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ 62 KB
19 KB 9ms
8ms Script
application/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/boomerang-1.650.0.1574759547.0.min.js
Requested by: Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: fasterize /
Resource Hash: ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
age: 54214
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 19802
x-gen-id: 048bb80e2a50218d9198df4f125a44e3
x-served-by: cache-hhn4072-HHN
x-unique-id: 291e3fce6b5e63d5c768cb3a1b18ae97
last-modified: Fri, 22 Oct 2021 08:12:49 GMT
server: fasterize
x-timer: S1638535175.170095,VS0,VE0
etag: W/"feab-17ca70f47e8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
expires: Sat, 01 Jan 2022 15:31:08 GMT
cache-control: max-age=2592000
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 4JyY-S73N_Svho_b0EUQbQS1zOu9_dTcBqKntExQOQGr8XcqfK3Vlg==
x-fstrz: o,c
x-cache-hits: 33

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame C252 9 KB
3 KB 17ms
16ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cGkddLGcEkFdkLgUFXgOUA==
age: 3933119
vary: Accept-Encoding
content-length: 2584
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:52 GMT
server: cloudflare
etag: 0x8D96DBF69965AE8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbccfc450eb7-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame C252 47 KB
11 KB 21ms
20ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +0xPzL52AeUkZsqLfWvieg==
age: 3933119
vary: Accept-Encoding
content-length: 11387
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF69F1D28E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbccfc4b0eb7-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame C252 20 KB
4 KB 23ms
23ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 3933119
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b7cdbcd0c560eb7-FRA

GET
H/1.1 200
Ok providers.json Show response
i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/ 5 KB
2 KB 66ms
16ms XHR
application/json 104.225.98.129
NETACTUATE

General

Check archive.org

Show headers Download Go to

Full URL: https://i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/providers.json?imagesok=1&n=1&p=1&r=1&s=1&t=1
Requested by: Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.225.98.129 Amsterdam, Netherlands, ASN36236 (NETACTUATE, US),
Reverse DNS: 129.98.225.104.ptr.anycast.net
Software: nginx/1.10.3 /
Resource Hash: 8413e2e0b600e68fe059ce4fea45f846e3e4b89665ad21fabf3d8d79d9c0bc84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 03 Dec 2021 12:39:35 GMT
Content-Encoding: gzip
Server: nginx/1.10.3
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Keep-Alive: timeout=1

GET
H/1.1 200
Ok providers.json Show response
i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/ Frame C252 6 KB
2 KB 68ms
18ms XHR
application/json 104.225.98.129
NETACTUATE

General

Check archive.org

Show headers Download Go to

Full URL: https://i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/providers.json?imagesok=1&n=1&p=1&r=1&s=1&t=1
Requested by: Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.225.98.129 Amsterdam, Netherlands, ASN36236 (NETACTUATE, US),
Reverse DNS: 129.98.225.104.ptr.anycast.net
Software: nginx/1.10.3 /
Resource Hash: ae16bcd7e62dfaa2e3f87a35397a0201d5a19cf6012af275d150bd98e749c175

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Fri, 03 Dec 2021 12:39:35 GMT
Content-Encoding: gzip
Server: nginx/1.10.3
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Keep-Alive: timeout=1

GET
H2 204 beacon
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ Frame C252 0
356 B 36ms
36ms Image
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/beacon?cust=7109&mob.etype=4g&mob.dl=10&c.e=kwqdjblf&c.tti.m=lt&optimized=true&domstats=scripts%7C14%2Cscriptssrc%7C9%2Cstylesheets%7C1%2Cimgs%7C1%2Cloadedimgs%7C1&jserrors=0&nt_nav_st=1638535173747&nt_fet_st=1638535174029&nt_dns_st=1638535174029&nt_dns_end=1638535174029&nt_con_st=1638535174029&nt_con_end=1638535174029&nt_req_st=1638535174030&nt_res_st=1638535174105&nt_res_end=1638535174106&nt_domloading=1638535174157&nt_domint=1638535174370&nt_domcontloaded_st=1638535174370&nt_domcontloaded_end=1638535174370&nt_domcomp=1638535174565&nt_load_st=1638535174568&nt_load_end=1638535174568&nt_ssl_st=1638535174029&nt_enc_size=2755&nt_dec_size=7234&nt_trn_size=3055&nt_protocol=h2&nt_red_cnt=0&nt_nav_type=0&u=https%3A%2F%2Fall.accor.com%2Fauthentication%2Flanding%2Findex.shtml%3FappId%3Dall.accor%26state%3DGQOjM0QdTZMILziNGEiXps%26error%3Dlogin_required&v=1.650.0.1574759547.0&sv=12&sm=p&rt.si=atea4t8i1ht-NaN&rt.ss=&rt.sl=0&vis.st=visible&ua.plt=Linux%20x86_64&ua.vnd=Google%20Inc.&pid=eh5su0zr&n=1&c.t.fps=04&c.tti.vr=623&c.f=80&c.f.d=50&c.f.m=4&c.f.s=kwqdjcat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: fasterize / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-powered-by: Express
x-cache: Miss from cloudfront, MISS
x-cache-response: DISABLED
x-cache-hits: 0
x-served-by: cache-hhn4072-HHN
x-unique-id: 164106096f63d5c2816700fc34e3954e
x-fstrz: stc,Z,p
server: fasterize
x-timer: S1638535175.271723,VS0,VE27
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
cache-control: no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 3eIN5DU5U-MvdS8bT2DOBHlha-65vjqx29WaFP69ZOrShyWf4VLX-w==
expires: 0

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 65ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 9s0usOs7XdjUo2vIFa2YmcBn+/n0C/0ZDSeE/XWcwMMa9AeF4nVdRJPcZd+IiBVWZDlgPx5tYhW6bQLukrWW5w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 65ms
47ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1ZH+GsJMgW1vn2RG+YTlSE4Uf/VaazbC7EFd5Y2E+kMxZBARl2oAn9FyPqRKKqTEOoZNfb9N2y+vClWkxXWKaA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 72ms
53ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ctgujcORY8sQDAfpcQaZBUjejOrEdNarZ252xn7v2us1jRgrTeciXW89bnl7oN1G77eus0eUiSKAA0De7xh9FQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 62ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 7Vmm6CzZWqXSa9n0J+MLEOg0bZ5Tsr0FzglCUIRxPDB1cbP47uWXyqDYjqXcEwUX8PHbMV8t4hFlsMq16GhZYQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 68ms
54ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: uTH6BRIFYrq8CNQ7dlRmZCqtfXensmFQ9OYUKj5A9Xks6F47k/Znx02klzfAq5J1fmIhEZyARq4/EKFIYwkqEw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 57ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: JjDLYyIQn4C2z3UK6Xur8g49xa5p9zbLm6rEbPKDiIBCp8llTjD2CTduJr58sEzo/a9UgDPrha8Zv1LGafkjsQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 57ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: G16bLHSJRt2Fa/L2eaud9DpJntcOeiDDKy8LNenHDgU9/taJT2majUoJRQWsTI+kQQyUB7Sfz1GwmbDY/2oivw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
34 B 46ms
38ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: w8tA4IsvHm8FFQl+smSCMPWSIwRbm3R90nzOE28Np4sWM1jOpoLnMoRWZcTdEJhFhS1ioivfsfUDMixta/OdvA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 79ms
70ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: XEwCva0WMLs/QmZMnLmGzdB9MpfX4eKzX1L+gdRMfDX+e4kXUZFUnPX0YEXK7pWwJM7b6RPFsMv1YrZUH0wL0A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 54ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Q8XmYwcP2hhe1dWmqu1gbtTM+/TbtFKEf7XlilqMbrsSzElwKPtb9hUW2Q0S/rWv4yvuXYr95/x5XMVrr8wY5w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 54ms
47ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: nAOhyubE40QoXtZrpABlDWqNV3cqNe8BjxflVeM1F6UPsPlBLyi5q1YNHhY+23sxvS9fhbckhBqw6WXYW38UoQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
33 B 49ms
45ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: tzwIJX6dTjCP98RJRv65fV1OHdHd23kAxPUZ3KWwOEVc/ZIMTcslHGjOYVmttSCXUUHMtaKdLnxgjAJtaMEUxg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 45ms
42ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: QuJA29cm7zfKZQubnnMBWD176HMaWMRAaLlbfvwjXjP5eeHlOS3L/L3hD/KPBDhNkLpdhgIzwVGggDrRI7eBzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 47ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: qHQQVTbb9h2gAoIaaNC7/yBYpJGpIup9wWPom1OFbtv6rjMooXSXQMBvUg/N0SB9v49nIX23TkcSfLaHEk7eRQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 51ms
46ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: OEmux306t+LuqrAXH/Eq0Z2JEVQjLEcXakda+s+JDeyL2ShTTNoId+fcWONjMRSivwZLjVz3SrwiOjmUasWuzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 93ms
90ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 6lFYDcdg/n6xMrcFJRjg8wJ4oPGRc6pWw8CarZW5yGq/kW+qjDuN7W78UU4Fiu38lZusX1IZIigava7kHmTtBg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 49ms
47ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: QQxkdEr4+2pHKU//tdt2+eQwAk5Jodl0Qs+tzyASAONLvrUTztX2LSVjum1va2qERapi6ceXe3/StYcMwLWlhQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 55ms
47ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ZhksFaX0cXdKO49PAnx93UHcmfRNtB5nrKr4ZM0eapDQaoDPQY4XPpHgv+mrPMYIGcAHlC8bv3WaPqfIH/DVsA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 57ms
48ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: BQ5UQXcMqdchvgZ5a9imFGjc4A5h6sWGNnCicY3sw+OebOV/ljlWWSv0RgE3Z7u+WKAEbK8LiEEk8FcTJmFFGA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 55ms
47ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 5VadSlQaONrkJJ+c8iGUlKw7Rjz8UZBZDFHnk9Inozko8aONRec2e6tp79kdKKHrye58UFA8C8IrH2wnt5olUQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 73E9 0
30 B 54ms
49ms Other
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: uEZn36HDNR/4uXna5wMqDKVlb6Ntz3/Az4m9jZexS/GfIlpQjOSJz2+aUwY+6LAEWEMrwj5c2T2Axj6crFNjqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

GET
H2 200 impact.js Show response
radar.cedexis.com/releases/1621860284/ 7 KB
3 KB 9ms
9ms Script
application/javascript 35.241.57.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://radar.cedexis.com/releases/1621860284/impact.js
Requested by: Host: radar.cedexis.com
URL: https://radar.cedexis.com/1/10096/radar.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 45.57.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
last-modified: Mon, 24 May 2021 13:00:31 GMT
server: nginx
etag: W/"60aba36f-1c28"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=1209600, public
alt-svc: clear
expires: Fri, 17 Dec 2021 12:39:35 GMT

GET
H2 200 impact.js Show response
radar.cedexis.com/releases/1621860284/ Frame C252 7 KB
4 KB 10ms
9ms Script
application/javascript 35.241.57.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://radar.cedexis.com/releases/1621860284/impact.js
Requested by: Host: radar.cedexis.com
URL: https://radar.cedexis.com/1/10096/radar.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 45.57.241.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
last-modified: Mon, 24 May 2021 12:50:38 GMT
server: nginx
etag: W/"60aba11e-1c28"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=1209600, public
alt-svc: clear
expires: Fri, 17 Dec 2021 12:39:35 GMT

GET
H3 200 zSKZHMh8mXU.png
www.facebook.com/rsrc.php/v3/yr/r/ Frame 73E9 388 B
440 B 14ms
13ms Image
image/png 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yr/r/zSKZHMh8mXU.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 03:29:01 GMT
x-content-type-options: nosniff
content-md5: mLIKfuTnwd0c8uA9BXg4cQ==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy: cross-origin
content-length: 388
x-fb-rlafr: 0
x-fb-debug: AvHjgIVVOJVkXmlsIuNlA0aR+J81XH5a0KtgHxKk3pD2qJfRDIKKaRF35U/O/CeeWEAktfiBwawH4BNAeLL+JQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 01 Dec 2022 03:29:01 GMT

GET
H3 200 S9mNw1OGQPJ.js Show response
www.facebook.com/rsrc.php/v3iAxA4/yx/l/de_DE/ Frame 73E9 517 KB
135 KB 16ms
16ms Script
application/x-javascript 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iAxA4/yx/l/de_DE/S9mNw1OGQPJ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

da2ff52023f137da43e498693495313f37f73da94ba5bb08c411049db116e5ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 15:44:57 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 6eK0JSPxexHJEawljmcuOg==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy: cross-origin
content-length: 138680
x-fb-rlafr: 0
x-fb-debug: suR7p6RhppBihRxPG6hB8/Mgzrd9/tjuPfFu6upJb1+SC0NUamHYMN0VPuimuk2ekjNtxDIvEX8yf3UdcGcPWQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 02 Dec 2022 15:44:57 GMT

GET
H2

200

platform.html Show response
all.accor.com/cdx/ Frame 2240
Redirect Chain

https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

1 KB
1 KB

79ms
78ms

Document
text/html

151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Requested by

Host: radar.cedexis.com
URL: https://radar.cedexis.com/releases/1621860284/impact.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

content-type: text/html; charset=utf-8
x-unique-id: 316a34f23921390233cd8a4d4f6688e4
p3p: CP="NO P3P POLICY"
x-clacks-overhead: GNU Terry Pratchett
cache-control: private, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection: 1; mode=block
referrer-policy: origin
x-accor-asset: wise
server-timing: dtSInfo;desc="0", dtRpid;desc="-1545414318"
strict-transport-security: max-age=15552000
content-encoding: gzip
x-cache-response: DISABLED
accept-ranges: bytes
x-fstrz: ecc,Z,p
server: fasterize
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: VswZ_Z3zvkS06BNqSqXEAA7sCjrwEvaTqp1ovO84uMb2hbhUhWMdUA==
date: Fri, 03 Dec 2021 12:39:35 GMT
x-served-by: cache-hhn4072-HHN
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1638535175.424046,VS0,VE71
vary: Accept-Encoding, Origin, Accept-Encoding
x-cdn-forward: Fastly
fastly-version: V63
content-length: 1014

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Fri, 03 Dec 2021 12:39:35 GMT
location: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
server: Apache
server-timing: dtSInfo;desc="0", dtRpid;desc="1643229506",edge;dur=28
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-cdn-forward: EdgeCast
content-length: 295

GET
H2

200

platform.html Show response
all.accor.com/cdx/ Frame 75AF
Redirect Chain

https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

1 KB
1 KB

81ms
80ms

Document
text/html

151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Requested by

Host: radar.cedexis.com
URL: https://radar.cedexis.com/releases/1621860284/impact.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000, max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/

Response headers

content-type: text/html; charset=utf-8
x-unique-id: 8308544419cede9935552494d3efdb08
p3p: CP="NO P3P POLICY"
x-clacks-overhead: GNU Terry Pratchett
cache-control: private, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection: 1; mode=block
referrer-policy: origin
x-accor-asset: wise
server-timing: dtSInfo;desc="0", dtRpid;desc="-1460338957"
strict-transport-security: max-age=15552000, max-age=15552000
content-encoding: gzip
x-cache-response: DISABLED
accept-ranges: bytes
x-fstrz: ecc,Z,p
server: fasterize
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: NrlxhoQIPUijqmItrgDqdjGkz2PVWX_-gnY7uc0C71_QUp2XOmPhRA==
date: Fri, 03 Dec 2021 12:39:35 GMT
x-served-by: cache-hhn4072-HHN
x-cache: Miss from cloudfront, MISS
x-cache-hits: 0
x-timer: S1638535175.423614,VS0,VE73
vary: Accept-Encoding, Origin, Accept-Encoding
x-cdn-forward: Fastly
fastly-version: V63
content-length: 1014

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Fri, 03 Dec 2021 12:39:35 GMT
location: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
server: Apache
server-timing: dtSInfo;desc="0", dtRpid;desc="1387939349",edge;dur=26
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-cdn-forward: EdgeCast
content-length: 295

GET
H2 204 beacon
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ 0
344 B 48ms
46ms Image
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/beacon?cust=7109&mob.etype=4g&mob.dl=10&c.e=kwqdjar1&c.tti.m=lt&optimized=true&domstats=scripts%7C36%2Cscriptssrc%7C24%2Cstylesheets%7C3%2Cimgs%7C10%2Cloadedimgs%7C10&jserrors=0&nt_nav_st=1638535172653&nt_fet_st=1638535173180&nt_dns_st=1638535173180&nt_dns_end=1638535173180&nt_con_st=1638535173180&nt_con_end=1638535173180&nt_req_st=1638535173180&nt_res_st=1638535173293&nt_res_end=1638535173296&nt_domloading=1638535173297&nt_domint=1638535173762&nt_domcontloaded_st=1638535173762&nt_domcontloaded_end=1638535173832&nt_domcomp=1638535174567&nt_load_st=1638535174572&nt_load_end=1638535174604&nt_ssl_st=1638535173180&nt_enc_size=14329&nt_dec_size=60775&nt_trn_size=14629&nt_protocol=h2&nt_first_paint=1638535173678&nt_red_cnt=0&nt_nav_type=0&pt.fp=1025&pt.fcp=1025&u=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&v=1.650.0.1574759547.0&sv=12&sm=p&rt.si=9or48t26hch-NaN&rt.ss=&rt.sl=0&vis.st=visible&ua.plt=Linux%20x86_64&ua.vnd=Google%20Inc.&pid=awhntxod&n=1&c.t.fps=07&c.tti.vr=1179&c.f=67&c.f.d=103&c.f.m=7&c.f.s=kwqdjcb1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: fasterize / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-powered-by: Express
x-cache: Miss from cloudfront, MISS
x-cache-response: DISABLED
x-cache-hits: 0
x-served-by: cache-hhn4072-HHN
x-unique-id: 9a5a6c6b8afb86b91578cfbf45d6c12c
x-fstrz: stc,Z,p
server: fasterize
x-timer: S1638535175.334538,VS0,VE39
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
cache-control: no-store, no-cache="Set-Cookie"
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: 86MboYodOZcMuR4YzmLlaoZQasK5a3lJ6gBOUkD14BBsKHQo-j8BRg==
expires: 0

GET
H2 200 index.en.json Show response
all.accor.com/components/currency-selector/locales/ 344 B
595 B 8ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/currency-selector/locales/index.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h39vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age: 178238
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 270
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: c7b98a4cd9c778a4eb355ecdc1805141
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.372869,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: poBv9I5fki8yZCP40nozhnMwSB_yU5Se-rwRO9rcUtzAdYH6zqOPVA==
x-cache-hits: 9

GET
H2 200 index.en.json Show response
all.accor.com/components/currency-selector/locales/ 344 B
539 B 7ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/currency-selector/locales/index.en.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h40vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age: 178238
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 270
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: c7b98a4cd9c778a4eb355ecdc1805141
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535175.378266,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: en
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: poBv9I5fki8yZCP40nozhnMwSB_yU5Se-rwRO9rcUtzAdYH6zqOPVA==
x-cache-hits: 10

GET
H3 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 73E9 67 B
99 B 34ms
33ms Image
image/png 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1638535174755&t_start=1638535174755&t_domcontent=1638535174767&t_layout=1638535174848&t_onload=1638535174848&t_paint=1638535174848&t_creport=1638535174849&t_tti=1638535174767&lid=7037454991921022932-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 3kIS97OHF3WggwRQ0a+mWtDQCLSdA5lS+17VoSBZPl207h4Zcv+pVTNXj5P0PwpStla+QMdtM51hoEa9VrwDjg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 index.de.json Show response
all.accor.com/components/geoloc-selector/locales/ 386 B
657 B 8ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/geoloc-selector/locales/index.de.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h41vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8675.cloudfront.net (CloudFront), 1.1 varnish
age: 178260
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 295
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 59c3b7ba476e5c3aff6d969d02a55d64
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535176.510355,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: -9-Fe6WMirBBw7vkeupzNqLjGvhehe5E93LS9_kQNhKIS7dV9InEdA==
x-cache-hits: 3

GET
H2 200 index.de.json Show response
all.accor.com/components/geoloc-selector/locales/ 386 B
736 B 8ms
7ms XHR
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/components/geoloc-selector/locales/index.de.json

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc: 1$535173357_278h42vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security: max-age=15552000
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8675.cloudfront.net (CloudFront), 1.1 varnish
age: 178260
x-cache: Miss from cloudfront, HIT
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
server-timing: dtSInfo;desc="1"
content-encoding: gzip
content-length: 295
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: 59c3b7ba476e5c3aff6d969d02a55d64
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: ecc,Z,p
server: fasterize
x-timer: S1638535176.523753,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-language: de
x-cdn-forward: Fastly
cache-control: public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: -9-Fe6WMirBBw7vkeupzNqLjGvhehe5E93LS9_kQNhKIS7dV9InEdA==
x-cache-hits: 4

GET
H3 200 optimize.js Show response
www.googleoptimize.com/ Frame 2240 264 KB
59 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72da6e172f01dffa244c75bd90627ae5d72aff4fd873a01c70c06f71d974bd34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60315
x-xss-protection: 0
expires: Fri, 03 Dec 2021 12:39:35 GMT

GET
H2 200 main.js Show response
all.accor.com/services/webview-consent/scripts-v2112/ Frame 2240 4 KB
2 KB 8ms
8ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178271
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535176.647704,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1793

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ Frame 2240 19 KB
6 KB 25ms
25ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Lh0CEVPkmGuwf4KyqdKdhw==
age: 7101
vary: Accept-Encoding
content-length: 6403
x-ms-lease-status: unlocked
last-modified: Mon, 29 Nov 2021 20:31:03 GMT
server: cloudflare
etag: 0x8D9B37729BED1A3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 52709849-801e-006e-5672-e571cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbcfda92d618-MXP

GET
H3 200 optimize.js Show response
www.googleoptimize.com/ Frame 75AF 264 KB
59 KB 48ms
47ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bfa356facf68d486fe6db278a2851f893ca34d59c79cb58274272cbc0319a672

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60374
x-xss-protection: 0
expires: Fri, 03 Dec 2021 12:39:35 GMT

GET
H2 200 main.js Show response
all.accor.com/services/webview-consent/scripts-v2112/ Frame 75AF 4 KB
2 KB 9ms
8ms Script
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178271
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535176.650614,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1794

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ Frame 75AF 19 KB
6 KB 36ms
35ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Lh0CEVPkmGuwf4KyqdKdhw==
age: 7101
vary: Accept-Encoding
content-length: 6403
x-ms-lease-status: unlocked
last-modified: Mon, 29 Nov 2021 20:31:03 GMT
server: cloudflare
etag: 0x8D9B37729BED1A3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 52709849-801e-006e-5672-e571cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbcfda98d618-MXP

GET
H2 200 87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame 2240 3 KB
2 KB 16ms
16ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Q/oKYcvv88yFXq/UgjQcqQ==
age: 9309
vary: Accept-Encoding
content-length: 1420
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:35 GMT
server: cloudflare
etag: 0x8D972B6C4870440
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd028cb0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:35 GMT

GET
H2 200 main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 2240 4 KB
2 KB 9ms
8ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178271
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535176.714247,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1795

GET
H2 200 87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame 75AF 3 KB
1 KB 15ms
15ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Q/oKYcvv88yFXq/UgjQcqQ==
age: 9309
vary: Accept-Encoding
content-length: 1420
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:35 GMT
server: cloudflare
etag: 0x8D972B6C4870440
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd0590a0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:35 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 2240 193 B
263 B 21ms
20ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b7cdbd05ff14aa4-FRA

GET
H2 200 main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 75AF 4 KB
2 KB 7ms
7ms Other
text/javascript 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/services/webview-consent/scripts-v2112/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178271
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA2-C1
content-length: 1791
x-gen-id: 39400a227f1e6449e62033e0ecad2631
x-served-by: cache-hhn4072-HHN
x-unique-id: 9f82341ab6769166cbf31d997da73b47
x-fstrz: o,c
server: fasterize
x-timer: S1638535176.737358,VS0,VE0
date: Fri, 03 Dec 2021 12:39:35 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits: 1796

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 75AF 193 B
231 B 19ms
19ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b7cdbd0681c4aa4-FRA

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame 2240 312 KB
75 KB 27ms
27ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 3933124
vary: Accept-Encoding
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd08b70d618-MXP

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame 75AF 312 KB
75 KB 42ms
42ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 3933124
vary: Accept-Encoding
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd09b81d618-MXP

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame 2240 291 KB
47 KB 31ms
31ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cF828KugEm5ifV7niRSOqQ==
age: 10086
vary: Accept-Encoding
content-length: 47516
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:59 GMT
server: cloudflare
etag: 0x8D972B6D2A23BB6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd0da3a0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:35 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame 75AF 291 KB
47 KB 21ms
21ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cF828KugEm5ifV7niRSOqQ==
age: 10086
vary: Accept-Encoding
content-length: 47516
x-ms-lease-status: unlocked
last-modified: Wed, 08 Sep 2021 10:52:59 GMT
server: cloudflare
etag: 0x8D972B6D2A23BB6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd0fa7b0eb7-FRA
expires: Fri, 03 Dec 2021 16:39:35 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 2240 9 KB
3 KB 32ms
31ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cGkddLGcEkFdkLgUFXgOUA==
age: 3933119
vary: Accept-Encoding
content-length: 2584
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:52 GMT
server: cloudflare
etag: 0x8D96DBF69965AE8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd13ae80eb7-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame 2240 47 KB
11 KB 23ms
22ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +0xPzL52AeUkZsqLfWvieg==
age: 3933119
vary: Accept-Encoding
content-length: 11387
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF69F1D28E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd13aeb0eb7-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 2240 20 KB
4 KB 20ms
20ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 3933119
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b7cdbd13aee0eb7-FRA

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 75AF 9 KB
3 KB 16ms
16ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cGkddLGcEkFdkLgUFXgOUA==
age: 3933119
vary: Accept-Encoding
content-length: 2584
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:52 GMT
server: cloudflare
etag: 0x8D96DBF69965AE8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd16b300eb7-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame 75AF 47 KB
11 KB 18ms
17ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +0xPzL52AeUkZsqLfWvieg==
age: 3933119
vary: Accept-Encoding
content-length: 11387
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF69F1D28E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b7cdbd16b330eb7-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 75AF 20 KB
4 KB 18ms
17ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 03 Dec 2021 12:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 3933119
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b7cdbd16b350eb7-FRA

POST
H2 200 rb_80be963f-a859-4808-9b2a-ceb8d44df738 Show response
all.accor.com/ Frame C252 120 B
827 B 45ms
44ms XHR
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fauthentication%2Flanding%2Findex.shtml%3FappId%3Dall.accor%26state%3DGQOjM0QdTZMILziNGEiXps%26error%3Dlogin_required%23.&bp=3&app=1a152145cd696e21&crc=1901568166&en=85aac0bj&end=1

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15552000
via: 1.1 3296b04068551f925d5fafd1b785ff31.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
content-length: 120
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
access-control-allow-origin: *
x-unique-id: 16e698778da54f50c3ebdc54acbd01ff
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: !c,Z,p
server: fasterize
x-timer: S1638535177.520410,VS0,VE36
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Origin
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/plain; charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials: true
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
access-control-allow-headers: authorization, content-type
x-amz-cf-id: miKuAtAui8n6p-iOkYWxhuk3mdUchRH2PDFgNtKs6Xq6ZJQmmULY6A==
x-cache-hits: 0

GET
H2 200 calendar.svg
all.accor.com/components/header/assets/icons/ 830 B
747 B 23ms
22ms Image
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/components/header/assets/icons/calendar.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

d1dc24913826ce79efd8b1b277eeb81bf3843dba4a68c5715a521854004b58c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178266
via: 1.1 79272ab9b399ee696b329d4f677dca49.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 414
x-gen-id: 48985f634bd85edf8b758da2da836467
x-served-by: cache-hhn4072-HHN
x-unique-id: 1fd2730b0e2222a4323c3a0b29786195
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535177.767773,VS0,VE0
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
x-amz-cf-id: K4rCO_TKafNDDGBQKwp4PV1kxV3-x_uKUY9baDUE2RkW-PR8lIElGw==
x-fstrz: o,c
x-cache-hits: 111

GET
H2 200 help.svg
all.accor.com/components/header/assets/icons/ 371 B
543 B 23ms
22ms Image
image/svg+xml 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/components/header/assets/icons/help.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

1aebfde1ab4aa7699ebbe78b3e65f1dbe4f106262f1952de62888a0ea10184f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
age: 178266
via: 1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront), 1.1 varnish
x-cache: Miss from cloudfront, HIT
x-cdn-forward: Fastly
content-length: 235
x-gen-id: aa64be13f73f3b59047d8ecf7dce1079
x-served-by: cache-hhn4072-HHN
x-unique-id: 4af3bea553e5f2c55f4c3f71c5437b2c
last-modified: Fri, 26 Nov 2021 09:21:39 GMT
server: fasterize
x-timer: S1638535177.767911,VS0,VE0
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Accept-Encoding
content-type: image/svg+xml; charset=UTF-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: isqVRXTa4_p5UeejnLv571pbb-9Sx8_JyjApGFFHI9bY2VZOF5nOaA==
x-fstrz: o,c
x-cache-hits: 102

GET
H2 200 germany.png
all.accor.com/components/header/assets/images/flags/ 215 B
592 B 22ms
21ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/components/header/assets/images/flags/germany.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

4f014357e09b50cdcd3f2865e0d14507e009f8a0399300ffabb853d949adb2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age: 124517
x-cache: Miss from cloudfront, HIT
x-amz-cf-pop: FRA60-P3
content-length: 215
x-gen-id: ea6f657f10460ea14e8acd20eec9c209
x-served-by: cache-hhn4072-HHN
x-unique-id: 803d745670a10e51c5a935cb6f7031b7
last-modified: Tue, 30 Nov 2021 13:31:30 GMT
server: fasterize
x-timer: S1638535177.768043,VS0,VE0
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Origin
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: public, max-age=3600, stale-while-revalidate=21600
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
x-amz-cf-id: pszUQ7pj5YvaSWdHtI6IeAHWjyPiAO8afwYbFaVE-nh7D-zaPFy_pw==
x-fstrz: o,c
x-cache-hits: 3

GET
H2 404 bg_hub.gif
all.accor.com/imagerie/promotions-offers/ 10 KB
10 KB 78ms
77ms Image
text/html 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://all.accor.com/imagerie/promotions-offers/bg_hub.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

ce72c829adef77d9e829c23789b5afcb7899f8d031c635ec7cf6a3527459a468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://all.accor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
x-cache: Error from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-oneagent-js-injection: true
server-timing: dtSInfo;desc="1"
content-length: 5371
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
x-unique-id: e3772afb8b9e8577165b1200d3a4d61b
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: stc,Z,p
server: fasterize
x-timer: S1638535177.768197,VS0,VE56
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Accept-Encoding, Origin, Accept-Encoding
content-type: text/html; charset=utf-8
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
expires: 0
cache-control: no-store, no-cache="Set-Cookie"
fastly-version: V63
x-accor-asset: wise
x-cdn-forward: Fastly
accept-ranges: bytes
x-ruxit-js-agent: true
x-amz-cf-id: q1RqD2Sg7_uYfg0R43H2p2CIHbmCmk2xeCC6tzhm06aoNBbF11XzVg==
x-cache-hits: 0

POST
H2 200 rb_80be963f-a859-4808-9b2a-ceb8d44df738 Show response
all.accor.com/ 120 B
683 B 57ms
57ms XHR
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&bp=3&app=1a152145cd696e21&crc=2730624603&en=85aac0bj&end=1

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15552000
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
content-length: 120
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
access-control-allow-origin: *
x-unique-id: cb290d8aa134e5e8da89d7545f7546a9
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: !c,Z,p
server: fasterize
x-timer: S1638535177.911116,VS0,VE43
date: Fri, 03 Dec 2021 12:39:36 GMT
vary: Origin
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/plain; charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials: true
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
access-control-allow-headers: authorization, content-type
x-amz-cf-id: DeY6gxDQYHv2DZsQYBT6uYwhZVlR2Feg-7T0-BGitgGkFPEx32eZKw==
x-cache-hits: 0

POST
H2 200 rb_80be963f-a859-4808-9b2a-ceb8d44df738 Show response
all.accor.com/ Frame C252 120 B
532 B 51ms
50ms XHR
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000, max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15552000, max-age=15552000
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
content-length: 120
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
access-control-allow-origin: *
x-unique-id: 18522d32f6307829dddc5df2f4a9066b
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: !c,Z,p
server: fasterize
x-timer: S1638535179.564487,VS0,VE41
date: Fri, 03 Dec 2021 12:39:38 GMT
vary: Origin
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/plain; charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials: true
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
access-control-allow-headers: authorization, content-type
x-amz-cf-id: _BXYdXlXmbTPFcyZrbyc5rtyz7rvPqg9A7bT-kE-pixZMVqftXJd-A==
x-cache-hits: 0

POST
H2 200 rb_80be963f-a859-4808-9b2a-ceb8d44df738 Show response
all.accor.com/ 120 B
706 B 58ms
58ms XHR
text/plain 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&bp=3&app=1a152145cd696e21&crc=3891245171&en=85aac0bj&end=1

Requested by

Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

fasterize /

Resource Hash

633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://all.accor.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15552000
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront, MISS
p3p: CP="NO P3P POLICY"
x-cache-response: DISABLED
content-length: 120
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4072-HHN
referrer-policy: origin
access-control-allow-origin: *
x-unique-id: 2333d349243444bfc54cfad13fddd46d
x-clacks-overhead: GNU Terry Pratchett
x-fstrz: !c,Z,p
server: fasterize
x-timer: S1638535179.985575,VS0,VE43
date: Fri, 03 Dec 2021 12:39:39 GMT
vary: Origin
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/plain; charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials: true
fastly-version: V63
x-cdn-forward: Fastly
accept-ranges: bytes
access-control-allow-headers: authorization, content-type
x-amz-cf-id: GzC1cba3NFhmPmbSSlkl9EafYX0We2l2a_hvXjmGoK_AaIaV_JkysA==
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.accor-mail.com/	1970-02-13 19:40:18	Name: uuid230 Value: 73254d69-1f64-4146-9bc9-86efb32a136d
.accor-mail.com/	1969-12-31 23:59:59	Name: nlid Value: 1d7198f0\|8a002299
.accor.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
.accor.com/	1969-12-31 23:59:59	Name: CSESSIONID Value: HZA063E301CA5E44F387822D1392C63CA4
.accor.com/	1970-01-20 07:54:31	Name: displayZone Value: germany
.accor.com/	1969-12-31 23:59:59	Name: userBrowsingZoneLocalization Value: deutschland
.accor.com/	1969-12-31 23:59:59	Name: userLocalization Value: de
.accor.com/	1969-12-31 23:59:59	Name: userLocalizationInitial Value: de
.accor.com/	1970-01-20 07:54:31	Name: contribZone Value: deutschland
.accor.com/	1970-01-20 07:54:31	Name: userLang Value: de
.accor.com/	1970-01-20 07:54:31	Name: userPrefLocalization Value: de
.accor.com/	1970-01-19 23:52:07	Name: affcookie Value: nvC0f4+U056xcIFo+bjzGPIBV6KbSvmX7Zmb4dwrtP5ZIOd5HndgJg==
.accor.com/	1970-01-20 07:54:31	Name: UAUID Value: a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
.accor.com/	1969-12-31 23:59:59	Name: _Hw2h_ Value: .p77c
.accor.com/	1970-01-19 23:08:56	Name: org Value: elr
.accor.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0
.accor.com/	1969-12-31 23:59:59	Name: rxVisitor Value: 1638535173359ITJC3H6RBFHAK4HSPF5J1RQQVQ78DFN6
.accor.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.accor.com/	1970-01-20 07:47:19	Name: SESSIONRANDOM Value: 05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
.accor.com/	1970-01-20 07:47:19	Name: Coefficient Value: 0.055309988802885846
all.accor.com/	1969-12-31 23:59:59	Name: _integrity_ Value: c912556ab36326a29c035a1a7325b543ee003df93a1aaa35b38013f7dba73da02c02b1d562b4df029494f2b9cddaa87ddad16ca18bd186de6ccd2a60b089eee1
.google.com/	1970-01-20 03:32:26	Name: NID Value: 511=powRjp3w9NJDhf7Yp0dTW2ZlAOy6PpRdhWdetSoUW6jSO5BFCODqXTfVxVIAB5bAv4Orzx3mxo-hncspQr1iibDxJb3VmIHcOzDYqMHyQE1FFa0oJQS1kVAsdlD-3Gdid10gb15rMy1dNaUGG6LUiwOsUU2hJBawgiNkcPoNqMw
api.accor.com/	1969-12-31 23:59:59	Name: OAU_all.accor Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJyZWRpcmVjdF9zaXRlX3VyaSI6Imh0dHBzOi8vYWxsLmFjY29yLmNvbSIsInN0YXRlIjoiR1FPak0wUWRUWk1JTHppTkdFaVhwcyIsImV4cCI6MTYzODUzNjA3NCwiaWF0IjoxNjM4NTM1MTc0LCJhcHBfaWQiOiJhbGwuYWNjb3IiLCJub25jZSI6IlJBQkIwa3dlZjFRQXFzaWpVQ0R0am4iLCJwcm9tcHQiOiJub25lIn0.jONeafMovo37769HsRGgoFDulNcYVirapJTmuplGaELEfIWIk97g1J8qngW4TUKSpBUL1USImOMx-9lCit0yfKmyq_zLzN_lkxW7yXp4aZN2FM_DBMlYmtQCxTxO3blWAQl0t2XpztXShdY3RpK2bH2KJNaTPZal1NMMLi3iyJu2tfq_gAUSUh_IA1ZBLOpuI1BrGDrTB_uwxCyJLULxDNA-m0-QOpuY6TYMgBqv1GPk3IaV3dbxmWg_0MjlvkQ2-iVYDJcwVjkMyGxXQzWAAJKZ5EJDJGrOZL7UWls6iBk122SISMlK_bnwUTLuo9M4_JbwQLlnv4fM1fBZAf2doA
login.accor.com/	1969-12-31 23:59:59	Name: PF Value: dQbuS6RzooBmBVcB1lDeiK
.accor.com/	1970-01-20 07:54:20	Name: visid_incap_2545443 Value: 3A2w+SlOTXWAXu9j+m7W8AUQqmEAAAAAQUIPAAAAAAAv2cBI2w733/TcNoWE4CGk
.accor.com/	1969-12-31 23:59:59	Name: nlbi_2545443 Value: mSTQWYHyvytLCTmV+0jM0AAAAAARoJoe9Dqbgu6qhcf0wUOy
.accor.com/	1969-12-31 23:59:59	Name: incap_ses_1515_2545443 Value: wSarJ6Aen0xqHnKEkFwGFQUQqmEAAAAAr2/59vl5GPN7O0p9GIuCvQ==
.accor.com/	1969-12-31 23:59:59	Name: OCC_all.accor Value: fail
.accor.com/	1970-01-19 23:52:43	Name: tarsmid Value: undefined
.accor.com/	1970-01-19 23:52:43	Name: tarssid Value: ml-all-2112-lc-b-me-gb-00-1-hdhd
.accor.com/	1970-01-19 23:52:43	Name: mid Value:
.accor.com/	1970-01-19 23:52:43	Name: sid Value: ml-all-2112-lc-b-me-gb-00-1-hdhd
.accor.com/	1969-12-31 23:59:59	Name: rxvt Value: 1638536974965\|1638535173361
.accor.com/	1969-12-31 23:59:59	Name: dtPC Value: 1$535173357_278h-vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0
.accor.com/	1970-01-20 03:28:07	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Dec+03+2021+12%3A39%3A35+GMT%2B0000+(GMT)&version=6.23.0&isIABGlobal=false&hosts=&genVendors=V62%3A0%2CV37%3A0%2CV67%3A0%2CV38%3A0%2CV64%3A0%2CV58%3A0%2CV25%3A0%2CV26%3A0%2CV42%3A0%2CV9%3A0%2CV8%3A0%2CV27%3A0%2CV51%3A0%2CV39%3A0%2CV23%3A0%2CV55%3A0%2CV5%3A0%2CV34%3A0%2CV10%3A0%2CV53%3A0%2CV59%3A0%2CV36%3A0%2CV49%3A0%2CV65%3A0%2CV19%3A0%2CV33%3A0%2CV57%3A0%2CV52%3A0%2CV48%3A0%2CV29%3A0%2CV17%3A0%2CV11%3A0%2CV56%3A0%2CV12%3A0%2CV13%3A0%2CV41%3A0%2CV40%3A0%2CV68%3A0%2CV60%3A0%2CV50%3A0%2CV15%3A0%2CV54%3A0%2CV28%3A0%2CV30%3A0%2CV46%3A0%2CV4%3A0%2CV14%3A0%2CV61%3A0%2CV7%3A0%2CV45%3A0%2CV16%3A0%2CV32%3A0%2CV21%3A0%2CV69%3A0%2CV63%3A0%2CV6%3A0%2CV18%3A0%2CV31%3A0%2CV44%3A0%2CV43%3A0%2CV35%3A0%2CV47%3A0%2C&consentId=1bf42731-6bf3-4397-9f83-e20fff802c7b&interactionCount=0&landingPath=NotLandingPage&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0007%3A0%2CC0004%3A0%2CC0005%3A0&AwaitingReconsent=false
.accor.com/	1969-12-31 23:59:59	Name: dtLatC Value: 1

208 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js(Line 269) Message: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network	error	URL: https://all.accor.com/imagerie/promotions-offers/bg_hub.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1638535173961&_gfid=I0_1638535173961&parent=https%3A%2F%2Fall.accor.com&pfname=&rpctoken=24304981 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
network	error	URL: https://all.accor.com/imagerie/promotions-offers/bg_hub.gif Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
all.accor.com
api.accor.com
apis.google.com
cdn.cookielaw.org
connect.facebook.net
d6tizftlrpuof.cloudfront.net
geolocation.onetrust.com
i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net
i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net
login.accor.com
radar.cedexis.com
ssl.gstatic.com
t5.mid.accor-mail.com
w.usabilla.com
www.accorhotels.com
www.facebook.com
www.google.com
www.googleoptimize.com
www.googletagmanager.com
104.225.98.129
151.101.2.132
152.199.22.100
2606:4700:10::6814:b944
2606:4700::6810:9440
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:813::200d
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2003
2a03:2880:f008:8:face:b00c:0:1
2a03:2880:f145:82:face:b00c:0:25de
35.240.103.94
35.241.57.45
45.60.155.180
52.214.99.201
52.222.206.77
63.34.185.171
01a7150b75bfd0acaa9bd97cc147022706b4fec3d6ed9735173b77448dbb48e5
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129
0eb4cc8760c02d0de878a8ceeef038d371f739a3a969c324e3cf79aca031d52c
0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e
1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59
18e425aaa2caa6839f38ab8dc661bb8e59d071a4675f7e05fa221636f064a8a1
19eddfb22ef270441f545430e2a8607f588e1d72069a8507e8496c1c56eecdcb
1aebfde1ab4aa7699ebbe78b3e65f1dbe4f106262f1952de62888a0ea10184f8
1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65
2317fd367b7eb5e77a6dd7e1e18f5cd5e9d05cd055dae1382487ec56326036df
24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70
2b896d6bb4408d45a7a48315a8616ec07dfc0313b8523b7d09fc84cc633edc69
2d66e75ff961935e0415f5c6a2742c4e375870f2eaf0b01447a5e3364ceb9a82
2debfc21d7901a5ed1bef7f33da5c833e6cffe8ccf5fed6959c3745c0576d696
2e8c4f9557817a416f5e4b2fdc641f10505fecf93b514796e1b8190304f0fc84
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378
3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6
3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7
43622fd79cb7b679831f09443b32a16108750d48014d9e425f6cf18bbd4ed369
4a9176024a28601348ed4672fdc49e08600bfc751477770154390503d03c16a5
4dbd3040f0e3280903f9d26ae340099dcc48a2ed61f88437aced99aacc3a6fe9
4f014357e09b50cdcd3f2865e0d14507e009f8a0399300ffabb853d949adb2e0
4f6bee0f5c99de49d1a9ac883dc86c6b682439fcec623456efddaff410eb8dcb
51e5f9626e4a0a622abd3b6a613b0f6a2e8f84c350cfb29500be385e18ff25d9
56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8
5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f
61bf46ddd0347eefdeb6150a5a9fc0fc7364c8bdee2d7b34b8c52aeaf6247d7d
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
63914bf2e01926065ceae08a1a0f0d5065204512a3d6ff1180b6af51b47895e8
63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a
6852c5128a7e7fa162cf99181cfb0a646bc680dbc9e4c3130705428aeed34bd7
68fcfaa7232b50c7033d0c08b3cdbbee150b047c4cfa6445705318abf4e1303f
72da6e172f01dffa244c75bd90627ae5d72aff4fd873a01c70c06f71d974bd34
73f38b873dd938c1653591fbd507597402498c9ec81ce957ef554a550a111541
7ebbbd0b097263f41dc3ffcabaed2601900ed9fb22e3bd704c47008fdb51df24
7f68affba3f1c780f877960c7ee3e441309078b41043d35501e2eda8f7fde683
8413e2e0b600e68fe059ce4fea45f846e3e4b89665ad21fabf3d8d79d9c0bc84
8b478084411b06a69b79593b9c413ff1db2af1008305f1cb63331224569e69a5
8dc1fef758902b185875fd61e28de5c3687e9550e69e1fc541822771c6e8f676
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
9588b8874bd624c3306bdc5be18215767b7e0345ac216c67204be0d5b9fc52ae
97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8
a66a965881a85c8928b4b4d60095164de16d693135e6d7f095e141b8bc68e519
a73ba8ada5a51f6245f8dad192953259b83419108e50865843691487c07bdfba
a91d2e08704d224f8b2c5561696768f5a1263c68699687f6cd59315dd891c466
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
ae16bcd7e62dfaa2e3f87a35397a0201d5a19cf6012af275d150bd98e749c175
b1b447c9f6fdd0b01b342fa0859dd0e0b09f5050b9c278937726becbe91c610b
b1ee98990c7c65268f3bcb450fa3f055f9fb1eebfd63f3602951475181eaaa13
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588
b4eddb167733c7c9a91a75c0450df01116ab95e9e5607831e3dc87a6c47d7ae8
b892a75f0dd129bb98a7d720993fcad637939cbd9459afb44eb61002ce9d33ea
bae778f7c1118ad0e77c4b70bba0703991dd0c91ed87b577d92219b4f70ef66f
bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444
bfa356facf68d486fe6db278a2851f893ca34d59c79cb58274272cbc0319a672
c47629d29ecd71e534e1eb5f97cde08cb68675e32ec6687c5d16417d122c010c
c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21
ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab
ce72c829adef77d9e829c23789b5afcb7899f8d031c635ec7cf6a3527459a468
d1dc24913826ce79efd8b1b277eeb81bf3843dba4a68c5715a521854004b58c1
d6c6c43c6c523314595d87f55b5feb9d0d13f8ab9e9d123f29f1a5ec54e0dffe
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb
da2ff52023f137da43e498693495313f37f73da94ba5bb08c411049db116e5ab
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0a0d171ccac7a9fc28af7fce59ae181389ddc6851d904a91bcdd2b479daf3b
edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6
ef3fb28d8dd00170c8ab66069052f98895d76efec6723db1cc2335c0daee7faf
f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15
f51b94e97479ec49afa97ab34eec54626db8964ff5dc98640e4bc0e109417c88
f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
f9c64bb9b2bdfd432bbf61455a77b47972d0f6c5bfb3701aa3ef061b4cf0c3c8
fb6f836bb8707b5249b47fc76b85207a44ae522209cb77570a70456564c7ec49

all.accor.com Open in urlscan Pro 151.101.2.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

175 Requests

99 %HTTPS

53 %IPv6

15 Domains

20 Subdomains

16 IPs

6 Countries

3857 kBTransfer

12700 kBSize

36 Cookies

33 Outgoing links

Page URL History

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

all.accor.com Open in urlscan Pro
151.101.2.132 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

99 %
HTTPS

53 %
IPv6

15
Domains

20
Subdomains

16
IPs

6
Countries

3857 kB
Transfer

12700 kB
Size

36
Cookies

175 HTTP transactions
3 data transactions